'Tangible Property' Defined in the Computer Age

Importantly, while Eyeblaster did not reach an extraordinary result by holding that a computer is covered “tangible property,” the decision will likely encourage future claimants to allege a loss of use of a computer, particularly when the claimant has an eye toward triggering a defendant's insurance coverage. Insurers, even those who ultimately do not have a duty to indemnify for a cyber loss, are increasingly likely to have a duty to defend if allegations of loss of use of a computer are raised. Given the widespread effect of a computer virus or other “bug,” the reality is that allegations of slowing, interference, unwanted pop-ups, and computer crashes are sure to become the norm.

William P. Shelley, a member of this newsletter's Board of Editors, is a member and chairman of Cozen O'Connor's Global Insurance Group. Richard Bortnick is a member and Samantha Evans is an associate in Cozen O'Connor's Global Insurance Group.

With the increasing use of social media for marketing and advertising purposes, businesses of all sizes are seeking insurance coverage for various types of Internet-based exposures. Among others, companies are looking to insure against claims raised by users viewing or otherwise accessing a company's Internet Web sites and advertisements for damage to hardware, data, information, and other computer components.

Policyholders seeking coverage for cyber-type loss typically have done so under traditional comprehensive general liability (“CGL”) policies that insure against physical damage to tangible property and/or loss of use of tangible property. Whether a claim is covered under a standard CGL or property policy depends on the definition of “tangible property,” with courts generally finding that damage to computer hardware or similar components triggers such coverage, while damage to computer data and information does not. In the recent decision of Eyeblaster v. Federal Insurance Company , 613 F.3d 797 (2010), the Eighth Circuit construed the definition of “tangible property” to include the user's computer, finding loss of use of a computer to be covered “property damage.”

Coverage Unavailable for Intangible Data and Information

A majority of courts which have faced the issue have held that traditional general liability and property policies do not cover damage to a computer's data or information, finding that data and information are, by their nature, intangible property and undetectable by the senses. For example, in America Online, Inc. v. St. Paul Mercury Insurance Company, America Online (“AOL”) sought coverage for damages associated with a consolidated class action lawsuit wherein multiple plaintiffs alleged that an AOL program had “bugs” and was incompatible with
the computers onto which it was downloaded. 347 F.3d 89 (4th Cir. 2003). The plaintiffs alleged damaged software, disrupted network connections, loss of stored data, and crashed operating systems. St. Paul Mercury Insurance Company denied coverage for the lawsuits on the basis that the claimants did not seek damages because of “property damage.”

The St. Paul Mercury policy defined “property damage” to include “physical damage to tangible property of others, including all resulting use of that property” and “loss of use of tangible property that isn't physically damaged.” Agreeing with St. Paul Mercury that the claims were not covered, the court focused on the plain meaning of “tangible,” making an important distinction between the tangible nature of a computer's hardware and the intangible characteristics of its software:

Taking “tangible” to have its usual and ordinary meaning ' we understand the term to mean “capable of being touched: able to be perceived as materially existent esp. by the sense of touch: palpable, tactile” ' And, specifically, “tangible property” means “having physical substance apparent to the senses.” ' These common definitions essentially equate the terms “tangible” and “physical” and defeat any sense of ambiguity that AOL attributes to the term “tangible.” Thus, employing these ordinary meanings, we conclude that the physical magnetic material on the hard drive that retains data, information, and instructions is tangible property.

But the conclusion that physical magnetic material on the hard drive is tangible property is quite separate from the question of whether the data, information, and instructions, which are codified in a binary language for storage on the hard drive, are tangible property. Certainly the hard drive itself is a medium in which the data, information, and instructions are stored, but the data itself must be considered apart from the medium. Thus, if a hard drive were physically scarred or scratched so that it could no longer properly record data, information, or instructions, then the damage would be physical, affecting the medium for storage of the data. But if the arrangement of the data and information stored on the hard drive were to become disordered or the instructions were to come into conflict with each another, the physical capabilities and properties of the hard drive would not be affected. Such disordering or conflicting instructions would amount to damage to the data and information and to the instructions (i.e., the software) but not to the hard drive. The magnetic material on the hard drive could be reoriented and reordered with reinstallation of the instructions. So it is that we make the distinction between hardware and software.

The court reasoned that because the class action lawsuit only sought to recover for damage to intangible and abstract ideas, logic, instructions and configured information, but not for damage to circuits, switches, drives or other physical components of the computer, AOL was not entitled to coverage under its CGL Policy for “property damage to tangible property.”

At least one court has similarly held that allegedly damaged or lost data does not qualify as covered “tangible property” because it is stored on a computer's hard drive, absent evidence of damage to the hard drive itself. In Cincinnati Insurance Company v. Professional Data Services, Inc., 2003 WL 22120138 (D. Kan. 2003), defendant Professional Data Services (“PDS”) provided software and customer support for computer systems, including systems used in the medical profession. Heart of America Eye Care (“HOA”) filed suit against PDS alleging that PDS failed to investigate and correct software problems in its system, resulting in lost software, damage to a software program HOA purchased, and lost patient accounts. Cincinnati Insurance denied coverage based on
the absence of covered “property damage.”

The court was unpersuaded by PDS's attempt to classify software as “tangible property” by linking it to the system's hardware and hard drives:

Defendant ' also argues that the loss of use of the APM Software encompasses the loss of use of software and hardware “because the software is useless unless there is tangible equipment in which it could operate. Defendant contends that the software and hardware are tied together and that idle hardware is the loss of tangible property. The court agrees that software and hardware are tied together insofar as software is functional only if there is hardware upon which it can operate. However, such a proposition does not lead to the conclusion that dysfunctional software inevitably leads to idle hardware. In other words, the loss of use of a particular computer software does not necessarily lead to the loss of use of computer hardware ' the computer hardware may quite possibly still function.

Cincinnati Insurance, therefore, stands for the similar proposition that data and information do not qualify as “tangible property,” notwithstanding the fact that software is often dependent on hardware for its function. Absent actual harm to the hardware itself, there is no covered “property damage.”

In contrast to America Online and Cincinnati Insurance , the court in Retail Systems v. CNA Ins. Co. , 469 N.W.2d 735 (Minn. App. 1991), held that data included on a physical tape qualified as tangible property. There, Retail Systems, a data processing consultant, argued that CNA had a duty to defend it against allegations that Retail Systems lost a computer tape that belonged to the Independent Party of Minnesota (“Independent Party”). The tape contained data from a voter survey that Independent Party conducted. CNA denied coverage under a CGL policy that provided coverage for property damage, defined as physical injury to tangible property.

The appellate court reasoned that the data and tape were covered:

At best, the policy's requirement that only tangible property is covered is ambiguous. Thus this term must be construed in favor of the insured. Other considerations also support the conclusion that the computer tape and data are tangible property under this policy. The data on the tape was of permanent value and was integrated completely with the physical property of the tape. Like a motion picture, where the information and the celluloid medium are integrated, so too were the tape and data integrated at the moment the tape was lost.

Thus, because the data were integrated and intertwined with the physical nature of the tape, the data qualified as covered tangible property.

Eighth Circuit Finds Coverage By Focusing on User's Loss of Use of a Computer

The Eighth Circuit recently tackled a clearer example of damaged “tangible property” in Eyeblaster v. Federal Insurance Company , 613 F.3d 797 (8th Cir. 2010). There, the court held that coverage was available under a CGL policy for damage resulting from a user's loss of use of his computer, finding that the computer qualified as covered “tangible property.” In Eyeblaster, a computer user sued Eyeblaster, a worldwide online marketer, for damages the user claimed to have suffered when he visited an Eyeblaster Web site. The user specifically alleged that his computer became infected with a spyware program from Eyeblaster, resulting in lost data, numerous unwanted pop-ups, a hijacked browser, random error messages, a slowed computer, and occasional computer crashes.

Eyeblaster tendered its defense to Federal Insurance Company under two separate CGL and Network Technology Errors or Omissions policies. The CGL policy insured against “property damage” caused by an “occurrence.” “Property damage” was defined to include “physical injury to tangible property or loss of use of that property,” and “loss of use of tangible property.” The definition of tangible property expressly excluded “any software, data or other information that is in electronic form.”

The district court held that Federal did not have an obligation to defend Eyeblaster, reasoning that the user's complaint only alleged damage to software, which the Federal CGL policy expressly excluded from the definition of “tangible property.” The court further reasoned that while the user alleged slowing and other interference with his computer, such allegations were insufficient to trigger coverage:

While [the user] may allege that his computer froze or processed so slowly as to be essentially inoperable, these allegations all relate to the effect Eyeblaster's spyware had on his computer's software. He did not allege any actual damage to his hard drive. While the Complaint referenced damages to the less exact term “computer,” which necessarily contains software and hardware components, the allegations in the Complaint demonstrate the damage was solely the effect of Eyeblaster's product on the software on [the user's] computer, not the hardware.

On appeal, the appellate court reversed the lower court's finding of no coverage. At the outset, the Eighth Circuit agreed that some of the user's claims fell outside of the CGL policy. Citing to America Online, the court acknowledged that damages to software, data, or other information was not damage to “tangible property” capable of suffering physical injury. The court further reasoned, however, that the user's claims that he could not operate his computer because of interference, slowing and unwanted solicitations, were sufficient to trigger coverage for loss of use of tangible property. The court reached this conclusion notwithstanding the fact that the interference with the “computer” was directly related to the computer's software:

Eyeblaster argues that the district court erred in failing to consider Federal's duty under the second part of the definition of “property damage,” which obligates the company to provide coverage if Eyeblaster is alleged to have caused the “loss of use of tangible property that is not physically injured.” The tangible property is [user's] computer, and Eyeblaster points to language from the [user's] complaint in which he alleges his computer was “taken over and could not operate,” “froze up,” and would “stop running or operate so slowly that it will in essence become inoperable.” [The user] also alleges that he experienced “a hijacked browser ' a browser program that communicates with Web sites other than those directed by the operator,” and “slowed computer performance, sometimes resulting in crashes.” [The user] asserts that his computer has three years of client tax returns that he cannot transfer because he believes the spyware files would also be transferred, and he therefore must reconstruct those records on a new computer. He thus argues that his computer is no longer usable, as he claims among his losses “the cost of his existing computer.”

The Eyeblaster court concluded that while the Federal CGL policy expressly excluded “software, data or other information that is in electronic form,” it did not exclude the computer itself from the definition of “tangible property.” A computer, reasoned the court, fit within the “plain meaning of tangible property,” making its loss of use sufficient to trigger coverage under Federal's policy.

Conclusion

While there are still relatively few decisions addressing insurance coverage for cyber-related losses, these decisions are beginning to fall into distinct categories. Courts have continued to hold that data, information, configurations, and software do not qualify under a CGL policy's plain and traditional definitions of “tangible property.” On the other hand, hardware, hard drives, and the computer itself will qualify as the type of physical, corporeal property intended to be included in that term.