ON APPEAL FROM THE HIGH COURT OF JUSTICE
QUEEN’S BENCH DIVISION (COMMERCIAL COURT)
MR JUSTICE LANGLEY
Royal Courts of Justice
Strand, London, WC2A 2LL
Before :
LORD JUSTICE BUXTON
LORD JUSTICE CARNWATH
SIR MARTIN NOURSE
Between :
Tektrol Limited | Appellant |
- and - | |
International Insurance Company of Hanover Limited and another | Respondent |
(Transcript of the Handed Down Judgment of
Smith Bernal Wordwave Limited, 190 Fleet Street
London EC4A 2AG
Tel No: 020 7421 4040, Fax No: 020 7831 8838
Official Shorthand Writers to the Court)
Mr N Strauss QC and Mr A Burns (instructed by Beachcroft Wansboroughs) for the appellant
Mr D Railton QC and Mr G Wheeler (instructed by Squire & Co) for the respondents
Judgment
Lord Justice Buxton :
Introduction
This appeal from Langley J concerns the construction of an “All Risks” business loss policy issued by the insurers to the claimants and appellants [Tektrol]. Tektrol carry on business in the provision of computer-related energy saving devices, in which business a “source code” played a crucial part. By a very unusual series of unrelated incidents Tektrol lost all of its copies of that code. The history is best set out in the summary drawn by the judge from the statement of agreed facts adopted by the parties before him:
The source code was held in five ways: on two computers located at Tektrol’s business premises; on a laptop of the managing director (Mr Shlaimoun); on a computer at a remote site operated by an independent company known as Compwise Systems; and on a hard copy print-out stored in a pilot case kept at Tektrol’s business premises.
On 19 December 2001, Tektrol received an e-mail with an attachment apparently consisting of a Christmas card from a firm of solicitors which Mr Shlaimoun opened on his laptop. In fact the e-mail was a virus program deliberately created by “a malicious person or persons” which had the effect of deleting the source code held on the laptop.
To quote paragraph 20 of the Assumed Facts: “The virus author had no knowledge of or connection to (Tektrol) or its source code. Although he did not intend to erase the … source code, he intended the virus program to spread around the world and knew that whenever the virus program was activated by the opening of the ‘Christmas Card’ attachment, computer data could be erased on the computer concerned”
Mr Shlaimoun realised what had happened, believed that the remote site had not been corrupted, and repaired and reloaded the laptop from the remote site.
On about 2 January 2002 Tektrol’s business premises were burgled. The burglars stole various items including the two computers and the hard copy print-out.
The burglary was discovered on 7 January and it was then found that the virus had also deleted the source code held at the remote site and thus it had not been restored on the laptop.
All copies of the source code had therefore been lost. The virus had erased the copies on the laptop and at the remote site and about a fortnight later the burglars had stolen the two computers which held the other copies and the only hard copy.
Tektrol therefore sought to recover under the policy for loss arising from interruption of its business by reason of the two incidents, which for purposes of identification I will refer to as the virus and the burglary. The policy contains a formidable array of exclusions, and it is the insurer’s case that liability is excluded in respect of each of the incidents. Moreover, the judge accepted, on the basis of the judgment of this court in Wayne Tank and Pump v Employers Liability Ltd [1974] 1 QB 57, and his finding is not challenged, that if the insurer could bring either of the incidents within an exclusion in the policy he was in any event not liable in respect of the other incident.
Tektrol, in order to recover, must therefore demonstrate that the policy covers them in respect both of the virus and of the theft. The insurer relies on separate exclusion clauses in respect of each of those incidents. I must first set out those exclusions, and some other clauses directly relevant to the issues, again adopting the form used by the judge.
The policy
The Insuring Clause in section 2 provides that:
“IN THE EVENT OF any building or other property used by the Insured at the Premises for the purpose of the Business being accidentally lost destroyed or damaged during the Period of Insurance and in consequence the business carried on by the Insured at the Premises be interrupted or interfered with then the Insurers will pay to the Insured in respect of each item in the Schedule the amount of loss resulting from such interruption or interference provided that…”
The Exclusions include:
“Sections 1 & 2 do not cover:
7 DAMAGE caused by or consisting of or
CONSEQUENTIAL LOSS arising directly or indirectly from
disappearance, unexplained or inventory shortage, misfiling or misplacing of information
in respect of Section 2:
erasure loss distortion or corruption of information on computer systems or other records programmes or software caused deliberately by rioters strikers locked-out workers persons taking part in labour disturbances or civil commotion or malicious persons
other erasure loss distortion or corruption of information on computer systems or other records programmes or software unless resulting from a Defined Peril in so far as it is not otherwise excluded.
13 DAMAGE or CONSEQUENTIAL LOSS in respect of computers or data processing equipment other than such DAMAGE or in respect of such CONSEQUENTIAL LOSS caused by
a Defined Peril
theft or attempted theft involving breaking into or out of the buildings of the premises by forcible and violent means
robbery or attempted robbery committed in the premises in so far as it is not otherwise excluded.”
The definitions include:
“CONSEQUENTIAL LOSS”, in capital letters, shall mean loss resulting from interruption of or interference with the Business carried on by the Insured at the Premises in consequence of accidental loss or destruction of or damage to property used by the Insured at the Premises for the purpose of the Business.
“Defined Peril” shall mean fire, lightning, explosion, aircraft or other aerial devices or articles dropped therefrom, riot, civil commotion, strikers, locked-out workers, persons taking part in labour disturbances, malicious persons, earthquake, storm, flood, escape of water from any tank apparatus or pipe or impact by any mechanically propelled vehicle or by goods falling therefrom or animal.”
Contra proferentem
This is a convenient, though in the event somewhat imprecise, heading under which to consider issues as to the proper approach to construction of the policy. Mr Strauss QC argued that in cases of ambiguity, properly demonstrated to be such, the court should adopt the meaning less favourable to the insurer, as the proferor. Mr Railton QC accepted that as a very general proposition, but said that the terms of the policy were clear and unambiguous. However, as the consideration of the detailed issues later in this judgment will demonstrate, this question does not really arise. The construction of the disputed clauses in this policy, and Tektrol’s strongest arguments, turn not on the meaning of particular words, in respect of which issues of ambiguity might potentially arise, but on the context in which the disputed words are used, and the purpose that is to be drawn from that context.
A limited version of the doctrine is however of some relevance in construing exceptions in insurance policies, as the court has to do in this case. As Lindley LJ put it in Cornish v Accident Insurance Co (1889) 23 QBD 453 at p 456:
“…in a case of real doubt, the policy ought to be construed most strongly against the insurers; they frame the policy and insert the exceptions. But this principle ought only to be applied for the purpose of removing a doubt, not for the purpose of creating a doubt, or magnifying an ambiguity, when the circumstances of the case raise no real difficulty.”
In the present case, as will be seen, there are some genuine difficulties in determining the factual situations to which the clauses absolving the insurers from risk, read in context, can properly be applied. It is at least a relevant factor in such an enquiry to recall that the insurers indeed could have made things much clearer in their own favour if that was indeed their intention when they drew the policy.
The virus
The insurer argued that this event fell within exclusion 7(b)(i). The hacker’s deletion of the source code was erasure, etc, of information caused deliberately by a malicious person, as the hacker was agreed to have been.
The argument stressed before the judge on behalf of Tektrol was that since, as was agreed, the computer systems referred to in exclusion 7(b)(i) were the systems used by Tektrol at the subject premises, it was not the case, or at least it could not be said with sufficient certainty to avoid the contra proferentem rule, that the hacker had “deliberately” caused damage to those systems: because, necessarily, he had no knowledge of or intention towards Tektrol. The judge rejected that argument, and so would I when it is put in that form. A hacker’s interest is to cause as much disruption as possible, wherever possible. It is a matter of indifference to him whether Tektrol is amongst his victims, but it is not a matter of indifference whether persons falling into the same category as Tektrol, computer users susceptible to viruses, should be injured. Injury to that category of persons, where it occurs, is thought-out and intended. The injury is caused deliberately because it is the aim and object of the hacker’s actions, as opposed to occurring casually or accidentally in the course of some other operation. The latter would not be the case with any hacker, whose whole object is to damage the system; but the requirement for deliberate causation of the damage would exclude other persons who simply sought to use the system, whether with permission or not, and by carelessness, accident or incompetence in doing so damaged its workings.
Before us, however, Mr Strauss developed an argument used below only in an introductory sense, which focussed on the persons listed in exclusion 7(b)(i) as causing the damage, and thus on the context in which the damage was envisaged by the clause as occurring. It will be immediately apparent that the list “rioters strikers locked-out workers persons taking part in labour disturbances or civil commotion or malicious persons” introduces at its end a significantly different category of person from what has gone before. The concept of rioters, etc, causing damage to information on the computers at the insured’s premises suggests strongly that the context envisaged by the draftsman is of interferences directed specifically at those computers and committed on or near the insured’s premises. “Deliberately” fits well into that context, because such persons might well damage information accidentally or carelessly in the course of other depredations. But suddenly to tag on at the end of the excepting clause a reference to remote hackers, a completely different category of person making a completely different kind of attack, significantly changes the thrust of the exception, in a way that one would expect to be done only by much more specific wording.
I am therefore driven to the conclusion that although, as agreed between the parties, the author of the virus was a “malicious person”, the clause does not extend to interferences by such people that are not directed at the computer systems, etc, used by the insured at the premises. If the insurer wished to exclude all damage caused however indirectly by a computer hacker he needed to place that exclusion in a separate clause, and not refer to malicious persons in the same terms as rioters or locked-out workers.
I would therefore hold that exclusion 7(b)(i), the only exclusion relied on in this respect, does not extend to the virus damage suffered in this case.
The burglary
The judge was persuaded that the theft of the computers was a case of “loss” of the information on the computers. The latter was therefore excluded from the insurers’ liability by exclusion 7(b)(ii), theft or burglary not being a “Defined Peril”. I am unable to agree.
The judge was attracted to his reading of the exclusion by the consideration that the word “loss” would be redundant if purely physical loss were not covered by it, since electronic interference, such as by a hacker, was already fully covered by “erasure distortion or corruption” of information. I consider that that attributes to the draftsman too precise a use of language. There are already redundancies or potential redundancies in the clause: in particular, one would be hard pressed to provide a definition of the two terms that clearly distinguished “distortion” of computer information from “corruption” of computer information. The very strong impression is that the draftsman used all of these overlapping phrases to ensure that he had not omitted any case in which the information on the computer systems or on the records programmes or software was interfered with by electronic means.
The technique used in this clause appears very clearly to be that which has been identified by Lord Hoffmann in two cases that he heard respectively as a puisne judge and when sitting in this court. Speaking of the drafting technique in leases he said in Tea Trade Properties Ltd v CIN Properties Ltd [1990] 1 EGLR 155:
“The draftsmen traditionally employ linguistic overkill and try to obliterate the conceptual target by using a number of phrases expressing more or less the same idea.”
And in the context of insurance he said of an agreement between Lloyd’s names and underwriters in Arbuthnott v Fagan [1995] CLC 1396:
“In a document like this, however, little weight should be given to an argument based on redundancy. It is a common consequence of a determination to make sure that one has obliterated the conceptual target. The draftsman wanted to leave no loophole for counter-attack…..It is no justification for construing the language so as to apply to a situation which, on a fair reading of the general purpose of the clause was not within the target area.”
I am bound to say, with respect, that that is a much more convincing explanation for the presence of the word “loss” in exclusion 7(b)(ii) than is the argument that by that word the draftsman must have intended to embrace an event completely different from all the other events contemplated by the clause, namely loss of the information by physical loss of the hardware.
That the latter event was not within what Lord Hoffmann describes as the target area is also demonstrated by a comparison with exclusion 13. That is directed in terms at interruption of the business related to “computers or data processing equipment”, but the insurer cannot rely on it in this case because of the saving for, in effect, burglary. Mr Strauss argued that the insurer, having specifically accepted liability for loss by burglary under exclusion 13, could not be heard to argue that such loss was nonetheless excluded by exclusion 7(b)(ii). Mr Railton’s reply, before the judge and before us, was that exclusion 13 was directed at hardware, but exclusion 7 specifically at software. But if that is so, it only underlines the difficulties in the weight that the insurers place on “loss” in exclusion 7(b)(ii). Where the target of the clause is software, and a list of events is produced that can only refer to distortion, etc, of the information on that software by electronic means, it is really very unlikely indeed that suddenly and in the middle of that list the draftsman by the use of one word introduced the very different concept of loss of that information through loss of the physical medium on which it was carried. The latter event does however fall naturally within the target area of exclusion 13, and would avail the insurer had he not specifically accepted liability for loss by burglary.
Conclusion
The case was presented to us in somewhat different terms from that which appeared before the judge. It demonstrated that the exclusion clauses could not properly be used to exclude the insurer’s liability either for the virus or for the burglary. I would allow the appeal.
Lord Justice Carnwath :
I have not found this an easy contract to construe. Although it is described as an “all risks” policy, one has to search long and hard, through a bewildering and apparently comprehensive list of exclusions, to discover the extent to which any risks are in fact covered. Mr Railton described the exclusion clauses as designed to “shape” the cover in respect of particular risks. I am prepared to assume that that was the intention, although it does not seem the most obvious drafting technique to achieve it. In any event, I agree with Buxton LJ that the exclusions should, where possible, be narrowly construed. One should start from the presumption that the parties intended an “all risks” policy to cover all risks, except when they are clearly and unambiguously excluded.
Adopting this approach, I agree with Buxton LJ that exclusion 7(b)(i) does not take the virus incident outside the insured risks. I accept that the words “corruption….caused deliberately…..” may be capable of referring to the generalised malicious intent of a distant hacker. But in the present context those words more naturally refer to targeted malice, that is malice directed specifically at the computer systems on the insured premises. On this aspect, I agree that the appeal should succeed.
With considerable reluctance, I feel forced to take a different view from Buxton LJ on the burglary issue. I understand that I am in a minority on this point. I am happy to find myself in that position, because it does seem harsh that the extraordinary sequence of misfortune which afflicted Tektrol in this case should be compounded by an unsuccessful legal battle to recover the loss from their so called “all risks” insurers.
I can express my reasons shortly. Exclusion 13 makes clear that in principle the theft of the computer was covered. Although it was not a “defined peril” as such, the exceptions to the exclusion in effect extend the insured risks to include damage or consequential loss caused by theft of a computer. If the matter stopped there, I see no reason why the loss of code stored on the computer should not be regarded as consequential loss flowing from the loss of the computer itself. The fact that such loss is aggravated by the lack of any back-up arrangement would not alter the position.
However, exclusion 7(b) contains specific and tighter exclusions in respect of computer information. Damage or consequential loss arising from the “erasure, loss, distortion or corruption” of computer information is only covered if it results from a “defined peril”. The words quoted seem to me apt to cover any means by which such information may be lost or rendered unusable. As I read it, the emphasis of the exclusion is on the nature of the thing lost, not on the mechanism by which the loss arises. I see nothing in the wording to exclude loss caused by the loss of the computer itself. Unless the loss of the information was caused by a defined peril, it is not covered. Unlike my colleagues, I can find no ambiguity in this respect in exclusion 7(b)(ii). I would therefore have dismissed the appeal.
Sir Martin Nourse :
For the reasons given by Lord Justice Buxton, with which I am in complete agreement, I too would allow the appeal. I add a few thoughts of my own.
The Virus
The expression “malicious persons” in exclusion 7(b)(i) cannot in the context include persons who have not singled out as a target the computer systems or other records programmes or software used by the insured at the premises. The malice contemplated is not “legal” malice independent of a person’s state of mind (for example, the malice which may defeat a defence of fair comment or qualified privilege in defamation), but actual ill will or spite directed at a particular target.
The Burglary
“Loss” is a word whose meaning varies widely with the context in which it is used. If a man said to you: “I have lost my wife”, you would understand him to mean one thing outside the maze at Hampton Court and another outside an undertakers in the high street.
Here we have to decide what, in the context of exclusion 7(b)(ii), is meant by “other…. loss…. of information on computer systems or other records programmes or software.” Judging those words as they stand, I would find it difficult to say that they comprehended a loss of information caused by the loss of a computer in which the information was stored. That would not seem to be a loss of information on computer systems etc. The computer could be lost but the information retained.
If, however, “loss” is read in its context, its meaning becomes plain. The expression “other erasure loss distortion or corruption of information” demonstrates that the loss contemplated is loss by means of electronic interference; noscitur a sociis. It is not just the effect of the other three words, but the order in which the four appear. “Loss” follows “erasure”. While erasure can be expected to result in loss, a careful draftsman would not necessarily assume that it was the only way in which information might be lost. Then follow “distortion or corruption”, which seem to refer to interference causing something less than erasure or loss and between which, as Lord Justice Buxton has observed, it is difficult to suggest a clear distinction. I agree with him that all four are overlapping words used by the draftsman to ensure that he had not omitted any case in which the information on the computer systems etc., was interfered with by electronic means.