It’s hard to believe that we are less than two months away from Coverage College (September 22). If you have not signed up yet, please do by visiting White and Williams’ website. This year, I will be teaching a class on coverage issues in privacy and cyber liability litigation. It should be an exciting and fast-paced class. We’ll have a lot to talk about.
Last Friday, in Ellicott City Cable, LLC v. AXIS Ins. Co., 2016 U.S. Dist. LEXIS 95819 (D. Md. July 22, 2016), the federal district court of Maryland rejected the contention that pirated digital television programming constituted “data” under a media policy. Even broad terms do not have boundless meanings. Terms must be read within the context of their use and the policy as a whole.
In the case, the insured, Ellicott City Cable (ECC) provided television, internet, and telephone services to residents of two separate residential communities, Taylor Village and Waverly Woods. Id. at *3-4. To achieve the goal of proving television, ECC contracted to obtain satellite television programming from DirecTV, LLC through DirecTV agents Sky Cable, LLC (Sky Cable) and North American Cable Equipment (NACE). (ECC never contracted with DirecTV to provide internet or telephone services.) Id. at *4. Under the contract, ECC distributed the DirecTV programming through equipment and credentials provided by Sky Cable and NACE, and made monthly payments directly to DirecTV for access to its programming. Id.
ECC later terminated its contract with DirecTV. Thereafter, DirecTV commenced an action against ECC and Sky Cable asserting that defendants had “fraudulently” obtained, and assisted others to obtain, DirecTV’s satellite television programming and distributed the programming through unauthorized cable television systems. Id. at *5. DirecTV asserted that ECC, through Sky Cable, set up private cable systems to deliver programming to more units in the Taylor Village and Waverly Woods communities than permitted under the DirecTV contract. DirecTV also asserted that ECC created multiple dwelling unit accounts with DirecTV for both properties, but distributed the programming to occupants and residents outside of the scope of those agreements, including by used wiring to traverse public rights of way. Id.
ECC sought coverage under its media liability insurer, which had issued a media policy providing coverage for damages “as a result of an Occurrence in connection with Scheduled Media during the Policy Period that gives rise to a Claim . . . .” Id. at *11. Occurrence was defined in part as “the actual or alleged . . . publication, broadcast or other dissemination of Matter[.]” Id. at *11, n.10. Matter was defined as in part as “communicative or informational content regardless of the nature or form.” Id.
The media policy had an exclusion that prohibited coverage for claims:
for or arising out of any actual or alleged . . . unauthorized access to, unauthorized use of, or unauthorized alteration of any computer or system, hardware, software, program, network, data, database, communication network or service, including the introduction of malicious code or virus by any person . . .
Id. at *11-12 (emphasis added).
The policy also had additional coverage under Endorsement 3 for claims “for or arising out of the failure to prevent a party from unauthorized access to, unauthorized use of, tampering with or introduction of a computer virus or malicious code into data or systems.” However, coverage under Endorsement 3 did not apply to claims for:
intentional unauthorized access to, unauthorized use of, tampering with or introduction of a computer virus or malicious code into data or systems by any Insured or person who would qualify as an Insured but for their acts being outside the scope of their duties as a partner, . . . except that this exclusion shall not apply to any Insured who did not commit, acquiesce or participate in the actions that gave rise to the Claim.
Id. at *12-13 (emphasis added). As later noted by the Ellicott City Cable Court in its opinion, both policy provisions apply to claims for or arising out of unauthorized access to “data”; with the coverage exception in Endorsement 3 adding the qualifier that the unauthorized access be “intentional.” Id. at *14.
The insurer contended that it had no duty to defend under the exclusion and the exception to coverage under Endorsement 3, contending that DirecTV’s lawsuit for the unauthorized distribution of television programming alleged unauthorized access to data. ECC disagreed, contending that television programming is not “data.” The Ellicott City Cable Court agreed with the insured.
The court recognized that the term “data” is very broad, and this may have been the insurer’s hope when asserting the policy’s exclusions. Merriam’s Dictionary defines the word “data” as “facts or information used usually to calculate, analyze, or plan something” or “information that is produced or stored by a computer.” Id. at *15. However, the court found that the term was so broad as to be ambiguous. “Given the breadth of this definition [for data],” the court employed the construction canons of ejusdem generis and noscitur a sociis, which require a court, when determining the broad meaning of a word, to consider “the accompanying words so that . . . general and specific words, capable of analogous meaning, when associated together, take color from each other[.]” Id. at *16. Based on these cannons, the court concluded that the word “data” referred to computers, not television programming.
First, the court noted that DirecTV did not use the term “data” to describe its television programming that ECC had allegedly accessed without authorization. Id. at *15. The court then looked to the wording of the exclusions at issue, determining that the list of terms in the exclusions limited the meaning of the term “data,” not expanded it. The exclusion applied to unauthorized access of “any computer or system, hardware, software, program, network, data, database, communication network or service, including the introduction of malicious code or virus by any person . . . .” Id. at *16. The common denominator of these terms was the internet and computers, not television programming:
The common factor underlying all terms listed is their relation to the internet or digital matters in general. Indeed, the inclusion of “introduction of malicious code or virus” speaks directly to a common risk associated with the internet (and computers). “Data,” in this context, thus appears to concern information related to the internet, and not television programming.
Id. at *17 (emphasis added).
The insurer argued that DirecTV’s programming did involve digital compression and encryption of its signal and thus fell within the umbrella of “digital matters.” The court rejected the argument in part because DirecTV also provided analog signals. Under the insurer’s contention, the policy would cover analog signals, but exclude digital signals, a result that the court would not endorse:
Yet, this argument ignores that DirecTV’s television programming takes both digital and analog forms. Under Axis’s reasoning, ECC would receive insurance coverage for unauthorized access to analog television programming, and not digital television programming. Neither Axis nor the Policies themselves present any persuasive argument in favor of such a distinction.
Id. at *16-17.
The court applied the same reasoning to the coverage exception for Endorsement 3, which employed “the same broad term accompanied by terms like ‘computer virus’ and ‘malicious code.’” The court explained:
Similarly, the exclusion of Endorsement No. 3 applies to intentional unauthorized access of “data or systems[.]” While this exclusion does not include all terms of the first exclusion, it employs the same broad term accompanied by terms like “computer virus” and “malicious code.” Even if the exclusion uses the disjunctive “or” in describing the excluded conduct, this use does not negate the inference that “data or systems” concern information related to the internet or computers generally.
Id. (internal citations omitted).
The court also looked to coverage provided elsewhere in the policy for piracy claims to conclude that the term “data” could not encompass media programming. The court observed that the policy covered claims “for or arising out of . . . any form of infringement of copyright, violation of Droit Moral, passing-off, plagiarism, Piracy or misappropriation of ideas,” defining “piracy” as “the wrongful use, reprinting or reproduction of copyrighted intellectual property.” Id. at *18. According to the court, “piracy” described “precisely” DirecTV’s allegations against ECC and Sky Cable. Thus, “[t]o interpret ‘data’ as including DirecTV’s television programming would effectively broaden the scope of the exclusion to eliminate any coverage for piracy.” Id. “Rather than create such a contradiction,” the court held it must construe the ambiguity of “data” against the insurer. Id. at *18-19.
As a result, the court determined that DirecTV’s television programming is not “data” within the meaning of either exclusion. Id. at *19.
What this case means: Media policies and cybersecurity policies sometimes employ very broad terms that remain undefined in the policies themselves. Examples of such terms can include “matter,” “network,” “systems,” “electronic,” and even “data.” Ellicott City Cable is a good remainder that even broad terms do not have boundless meaning – both in terms of coverage grants and coverage exclusions. Terms must be read within the context of their use and the policy.