Global Reinsurance held a roundtable discussion at the Baltic Exchange in the City of London to discuss this fast developing area. Our guests were Robin Wilkinson, head of product development, Arium Risk Architecture and a New York qualified lawyer; Reg Brown, underwriter, Lloyd's syndicate 702, R.E. Brown & Others; Charles Christian, barrister, editor and publisher Legal Technology Insider; Stephen Lewis, partner, Clifford Chance; and John Winn, technology partner, Birketts, Ipswich. Lee Coppack acted as moderator.

Lee Coppack: It seemed possible to me to come up with an enormous list of risks which were either unique to or exacerbated by doing business on the internet or providing services to other people. Which ones are the principal ones, the ones that people should be thinking of first if they are doing business themselves on the internet or insuring other people?

Reg Brown: The unique ones are the virus type ones and the failure of the internet itself to operate in some way. As far as I can see, those are the only unique ones. Everything else is just doing the business in a slightly different way. A publisher is publishing something either in print or on the internet. It is still the defamation claim and it is still a wrongful advice claim or something of that nature.

Charles Christian: You have the ability to broadcast a mistake far more quickly to a far wider audience.

Robin Wilkinson: That is the exacerbation.

Reg Brown: Maybe the quantum is bigger, but the ingredients are the same.

Stephen Lewis: I suppose the other point is that you could, by publishing a defamatory statement, be publishing that statement in many jurisdictions worldwide where the laws of defamation may be different and possibly more stringent than English law and where they may impose more stringent liabilities for different sorts of statements.I think there is also a risk that if you publish a defamatory statement over the internet that you will not only be liable for defamation in other jurisdictions in circumstances where you would not be liable in this country, but also you may be committing criminal offences under laws relating to decency or obscenity or whatever in various jurisdictions. I am not sure that you can cover yourself via insurance for all of those risks by any means.

Reg Brown: Probably not all of them, but most of them.

Robin Wilkinson: Under existing policies as well. I do not know if there are exclusions under people's existing professional indemnity policies, for example, for libel and slander.

Reg Brown: These days professional indemnity policies are civil liability policies, not negligence plus bits and bobs, so most professionals do have cover for defamation. It is not narrowed in any way to type of claim. There may be some jurisdictional restrictions. Obviously, we identify the United States as the place you do not get embroiled in litigation if we can avoid it, so some underwriters will not wish to give cover in the US. But generally speaking, if they have got the cover, they have got the cover.

John Winn: Is one of the issues that nobody seems to have any clear idea as to what is good working practice within an organisation as to the use of these e-mails and internet services? They are pretty unpoliced in comparison with a lot of the other services that are used in the same corporate world. The issue of control seems to raise its head.

Reg Brown: That is one of the questions we ask the clients. We do have a specific internet protector policy - that is what it is called. It covers most of the liabilities we can imagine. With some we end up saying: “and any other, similar liability you might incur in some other country that fits into this sort of general description” because of the problems you talk about.
But one of the things that is developing very strongly is a code for employees, and it is in the employment contract these days. The Norwich Union case gave rise to a $400,000 claim against the Norwich Union, and they now have a very tough disciplinary code that says: This is what you should do and you shall not do something else.

Charles Christian: It is suggested that the Microsoft anti-trust litigation is going to change companies' policies to their own internal e-mail, because a lot of the evidence being brought out against Microsoft is contained in their own internal e-mails that have just been lurking there. Probably what it means is that unless they are essential, all e-mails will be purged every 30 days or something of that nature.

Robin Wilkinson: Purging does not take it off your hard drive.

Charles Christian: If you have it on an e-mail server as a separate drive.

Robin Wilkinson: If it has already been sent outside, control is lost.

Stephen Lewis: You can forward an internal e-mail through the internet to whomever you want, so that is a leak right away. Presumably, a hacker could get into an internal e-mail system if they really wanted to.

Charles Christian: You have also got on some e-mail systems the “reply to all” button. You then send a reply to one message and it goes to everybody that you have sent mail to that day. I have on a number of occasions received very interesting e-mails from law firms where I have been in touch with them about something boring about their new computers, and the next batch of e-mails have been “reply to all” and have not been boring.

Reg Brown: A lot of businesses are having to look at how they control and restrict the junk mail that is coming through. It is so easy to copy everybody and we are all getting messages that we are not in the least bit interested in. But it still takes time to read before you know that you do not want to know about it and then get rid of it.

Lee Coppack: In insurance terms, you were talking about professional indemnity, but do general commercial liability policies include cover for defamation?

Reg Brown: General commercial liability policies are public and products liability policies which are limited to liabilities arising from bodily injury and property damage. Some parts of the world, Australia for example, have a definition of bodily injury that goes well, well beyond what we imagine is bodily injury. It would include defamation. It covers injury to reputation. The UK words do not normally do that, but most insurers who have clients, commercial clients with risk managers, are getting the liability policies extended if they need to, because the economic loss arising out of defamation is a rather different kind of loss to the physical bodily injury.

John Winn: These would be relevant to the directors and officers' personal policies, too.Reg Brown: Yes. If the directors are personally liable for defamation, there may be some cover under the directors' and officers' liability policy which does normally extend to include defamation. It matters not the medium that is used.

Robin Wilkinson: I was a few years ago doing a risk model for a professional indemnity policy. It was for software companies, and we got down to how they distributed their software, and I said: “Does it matter that they could be distributing the stuff over the internet? What do you think about intellectual property infringement risk? This software is now going God knows where.” The reaction was like: “Whoa. We are not too worried about that now. Let us worry about the basics, the sector, the jurisdiction, that sort of thing.” Do you think if one was to put that question to an insurer now whether they would take a very different view about the extent of that exposure?

Reg Brown: I think the insurers have gone on a pace. The internet sub-committee of the Association of British Insurers (ABI) has been up and running for two or three years now, and they have developed their own thought processes.
But there are some internet businesses that are virtual business, if you like. I know one that supplies truck parts. I said: “What insurance have you got?” They said: “Oh, well. We do not need insurance.” I said: “Who is responsible for the goods?” The response: “Oh, don't know.” I said: “What happens if you order the goods from the manufacturer. At what point in time do you, the internet business, assume responsibility for the goods and have you got some all risks or cargo insurance on the goods?” They said: “Ooo, no.” I said: “There is a point in time when you are on risk and you are off risk when it arrives in good condition at the other end, but in the middle somewhere - and for some businesses, there is going to be storage risk in the middle as well - you are going to be responsible.” Some businesses have not thought that one through.

John Winn: There is a big debate in what to do about terms and conditions. If you are trading on the internet and you try and get your internet screen so that you put the terms and conditions at the beginning before the offer and acceptance, because that is what chapter one of the law books says, it is terrifically interesting, but nobody can succeed in selling anything, because you have nine pages of this stuff. Of course, you have gone to the great trouble of sending your terms and conditions to your brokers, and said: Are these all right? You have heard nothing, so you assume that they probably are all right, but they are assuming that you are using them.I do not know where all these assumptions break down, but selling on the internet and telling people to press button B and you will have a fascinating description of the terms and conditions may not be enough. It is like being told by British Rail that if you ring Reading Station, you can read the terms and conditions of your journey. I do not know if it is effective or not and I do not think anybody else does.

Reg Brown: I have a particular interest in that because fairly soon this internet protector policy that I am talking about will be available on the web. Well, it makes sense, doesn't it? The debate with the brokers is: Where do we put the terms and conditions? We are saying: “For goodness sake, not when they are just asking for a quotation.”
You do not want pages and pages of rules and regulations when all they want is a quote, so we are reversing that into the back end. Only when it says: Do you want to take up this quotation . . .

John Winn: Then you are forced to read it.

Reg Brown: Yes. “Well, in that case, here are the conditions.”

Stephen Lewis: And you have to make them click through, so you can actually prove that they have actually received and read them or at least received them.

Charles Christian: They cannot go any further otherwise.

John Winn: Your server records all these clicks for future reference, is that it?

Reg Brown: Yes.

Stephen Lewis: So is your internet protector policy going to be interactive so that it will be accessible by potential policyholders who will then be able to make a contract with you by the appropriate sequence of clicks? Reg Brown: Yes. In the same way that other products are being developed by Lloyd's underwriters and are available on the web.

Charles Christian: All these things do bring up one difference between the internet and other forms of liability, which is that the risk that the message disappears down some cyber black hole, as does happen with an estimated 5% of all e-mail messages, They just go - gone somewhere. Then what happens when somebody says: “But I took out a policy with you and I am now making a claim and you are denying all knowledge.”

Reg Brown: It is no different than today with hard copy things. It is a question of evidence and proof. We get these circulars coming around Lloyd's, which say: If anybody out there wrote the liability insurance for XYZ asbestos company in 1944 to 1950, would they please put their hand up. I always say: Who bothers to look up the records? Who wants to put their hands up for this, because you know it is not going to be good news! We may well have those sorts of questions.

John Winn: It has got to be better than telephone selling hasn't it, in terms of mis-selling? There is a better record of it.

Stephen Lewis: There is a better record. Also, in the terms and conditions, you can stipulate that the contract is only to be complete when the acceptance has actually been received and, perhaps, acknowledged by the potential policyholder. As insurers, you can guard yourself against having made a policy if your acceptance goes into cyberspace or down a black hole. There are certain protections that you can build into the terms and conditions.

John Winn: Which you cannot do in a phone call.

Stephen Lewis: That is right.

John Winn: Phone selling is much the worse from the point of view of everybody in insurance - do you think, or not?
Reg Brown: To a large extent. That is why people in the City ended up recording all the phone calls. The cost of doing that in a services centre is phenomenal. Even now, the telephone sales people put that warning: your call may be recorded. The fact is, it will be.

Lee Coppack: How does that fit in with the rules of evidence? If you have been warned that it may be recorded, can it then be used as evidence either in a civil or criminal case?

Stephen Lewis: You can certainly use internet communications. They are admissible in evidence under the Civil Evidence Act 1995. It is better if you have a paper back-up of the communications, but provided you can show that they are made in the ordinary course of business and that the actual computer system is proper and efficient and competent, then there is no reason why that should not be admissible in evidence in either civil or criminal proceedings.

Reg Brown: One of the concerns of the UK insurance industry is about the rules and regulations that exist all over the world, both for outwards and inwards business. We want to protect our UK policyholders against bad practice by insurers in other parts of the world. We have rules and regulations, consumer protection which we cannot compromise.

John Winn: There are consumer regulations for other financial services, too. They deal with foreign financial services. Anything that appears on a UK screen is a UK product. These are financial adverts. If you sit in Luxembourg and advertise your investment in London, you have to comply with the Financial Services Act.

Stephen Lewis: I think it depends on what product you are offering. If it is the supply of investment services, you might find you are covered by the Financial Services Act 1986. If it is insurance, you are probably covered by the Insurance Companies Act. You might be covered by the distance selling directive, the e-commerce directive. There are a plethora of possible regulations that could apply, and that is just for the UK and the European Union, coming inwards. If you have an inter-active web site going out, you may be subjecting yourself to all sorts of foreign laws and jurisdictions in the US, for example, which are quite unpredictable.

Reg Brown: I think the National Association of Insurance Commissioners (NAIC) has become very worried about this, because they have this very controlled regime which is likely to be blown asunder if everybody and anybody from any part of the world can start flogging something over the web to their residents.

Charles Christian: But then you get into the question of jurisdiction and which jurisdiction do you fall into. Is it the market you are selling into? Is it where your server is based? Is it where your company is based? You could easily pick up three or four jurisdictions. There were a couple of American abortion information services that tried to avoid litigation in the US by moving their web services to Scotland to say they were out of the jurisdiction, jurisdiction hopping.

John Winn: We are all attempting extra-territorial laws, aren't we? We are all saying if it comes to our screen, it is bound by our rules.

Stephen Lewis: If you are targeting UK consumers, you should be bound by the UK regulatory regime in the same way that the Minnesota insurance commissioner or the Minnesota courts are going to say: “If your inter-active web site is accessible by a citizen of Minnesota, then you should be subject to the Minnesota laws and regulations.”But you can, I believe, safeguard yourself to a certain extent by, I think they call it clicking streams, where you compel a potential policyholder, for example, to represent what country he is a citizen of, what kind of insurance he is interested in and so on. You can minimise - you may not be able to eliminate it altogether - the risk that you may be as an insurer subject to unknown and possibly hostile jurisdictional environment.

John Winn: You are going to make it quite a long business buying this policy. Do I have to understand clicking streams before I buy?

Reg Brown: No. You see, Lloyd's is licensed in only two states in the US, Illinois and Kentucky.” If I want to sell this policy, I would have to say: “This is not available to anyone other than in Illinois and Kentucky.” Or I am saying that this is only available to UK businesses. When we build our offer and our tender, we will have to build in those exclusions, the exemptions, the places we do not want to do business, where we are not licensed and things like that.

Lee Coppack: Do you think there will be a demand for insuring, say the inadvertent sale of products in a jurisdiction you did not plan for?

Reg Brown: I think the key word there is inadvertent. As long as it is inadvertent, as long as our clients take reasonable precautions in the circumstances, then we will pay their claims and the claim may well be the criminal prosecution defence costs, the costs of representation in a court of criminal jurisdiction. We can do that.

John Winn: If you are going to the internet and your insurer says: it will cover you provided you take reasonable steps not to sell inadvertently in the wrong place, does the market have a clear idea of what reasonable steps are? At what point, once you have put it on the net, can you control who is accessing it.

Robin Wilkinson: You can control who you sell to.

John Winn: You cannot control who you advertise it to very easily. The advertising itself can be a criminal offence.

Robin Wilkinson: Absolutely.

Reg Brown: You can get advertising liability in a wide variety of jurisdictions.

Robin Wilkinson: I do not know how you can stop the reception of your message in any particular jurisdictions.

Reg Brown: There are technical ways you can do that, aren't there? You can blank out the screen.

Charles Christian: You could make the service inaccessible to certain IP numbers coming in, but that would be quite a complicated task and I would have thought most people just would not bother.The other way is if you have a community approach. You only sell to people within a given community who are coming in via a password. You only have your service available to people who meet a previous criteria. An affinity group, perhaps. You have a membership screen they have to fill in first. You vet it and say: These people are from West Virginia. We do not want them on the system. They do not get the password or they do not get the authority to go through to the next screen. You could do it that way.

Reg Brown: When we give our individual quotes, we will give a password so that the potential customer can, if he thinks about it for a couple of weeks and decides he does want to buy, give his reference number and password and he is in. Nobody else can see that.

Lee Coppack: What about the issues involved in things like the recent case where somebody put a spoof Bloomberg message up in a chat room which ramped the share price or internet extortion type risks?
Robin Wilkinson: The risks are not about you being on the internet, but about other people using the internet to affect you. Those are scary, aren't they?Reg Brown: What is the loss to the company?

John Winn: The company must have a duty of care of some sort.

Charles Christian. Why? To whom?

Robin Wilkinson: There is a duty of care to the shareholders to look after their value and . . .

Reg Brown: They are a victim of this spoof, are they not?

Stephen Lewis: The board of director's fiduciary duty to the company and to the shareholders is to carry on the business of the company prudently and solvently, and certainly in America that leads to all sorts of law suits being commenced by the shareholders, stockholders.

Lee Coppack: The extortion question, presumably is an extension of or an exacerbation of conventional type extortion?

Reg Brown: Yes. If a company, a supermarket, is exposed to extortion, someone rings up and says: “We are going to poison your lemon juice unless you give us X.” It does not matter whether it is on the internet or elsewhere.

Robin Wilkinson: But the difference here is that it may not be just pure extortion. Supposing a company takes some brand name which sounds like some well known company, and it is trading in some minor territory in a way that is severely damaging that original company's reputation because it is providing shoddy goods.

Charles Christian: Passing off or trade mark dilution.

Rob in Wilkinson: The problem is, it is being reported in other parts of the world on the internet. You could find yourself very, very damaged, because it is hitting the whole world in a sense. Unless you are actually trawling the net or doing something to try and monitor that sort of thing, you can end up paying out for some of the commitments it makes, because people will have thought they were dealing with you. It could be very expensive. I think there are not that many insurance products that cover you for your damaged reputation.

Reg Brown: There are some interesting facts in the recent AIRMIC-Lloyd's survey about buyers' perception, and the reputation risk is one of those that business leaders put very high on their risk of worries, that they lose sleep over more than anything else. I do not think we have many developed products that can cope with that. How would you indemnify lose of reputation? You could do it by reference to turnover but it is very difficult.

Charles Christian: There is a scam going on at the moment where people are registering domain names very similar to existing brand names, but they actually take you through to a hard core porn site, which is obviously not very good for the reputation.

Reg Brown: But I think the smart guys who registered MarksandSpencer.com and all that sort of stuff before the companies themselves got to grips with it have been blown out of the water recently.

Robin Wilkinson: In the UK, anyway.

John Winn: In the civil law countries, it is the first to register, not the first to use. There was the wonderful Eurostar case in Paris where the man who ran a hairdressers in Paris and registered Eurostar made millions, perfectly lawfully, in order to be bought off. The question I want to ask is would insurers pay that?

Reg Brown: That is a business risk, a trading risk. That is the price they have to pay in order to trade.
John Winn: So it is the professional indemnity insurers of your lawyers who fail to register the name?

Reg Brown: It might be.

Stephen Lewis: If you have got a computer crime policy, presumably that only covers a fairly narrow area of losses, for example where money has been in effect stolen by electronic means by a third party or by an employee. I suppose it could be extended to a case where it was not money but it was intellectual property that was lost or damaged by a third party by unlawful means.

John Winn: The difference with the French case with Eurostar was that it was perfectly lawful.
Lee Coppack: What if someone copies your web site, and it looks superficially like the official site, but they divert the money into their own account?

Charles Christian: That is merely conducting on the internet a fraud that could be conducted by conventional means, by say ads in local papers saying you are Egg Isas Ltd, 1 High St, Penge, and people send money through to you.

Reg Brown: One of the great imponderables, I think, is how you cope with the catastrophe risk - the Melissa virus, which was as far as we know at the moment promulgated by a guy in New Jersey who has been carted off by the police. There is a group of, I think, seven hackers in Boston who gave testimony to the US Senate sub- committee looking at security on the internet. They said: “You know, we seven could freeze communications entirely within North American and Great Britain. It would not take us long. We could do it through the internet, maximum half an hour. We could do that because of the ability to write out these viruses that simply replicate.” You can imagine if you do that in e-mails, instead of just 20 e-mails to read, you have got 20,000 or 200,000 or 2 million.

Charles Christian: There was an example early this year when a satellite went down that ran one of the major pager services in the US. Nobody in the US had pagers for 48 hours until they activated or moved on to another satellite. That, presumably, was equivalent to a catastrophe. Think of all the people who have got stock market share price ticker services on their pagers. What happens there?

Reg Brown: As long as the loss only affects one, or two or a few of your clients, you can survive it. But you can imagine if we had got lots of internet based businesses up and running ten years hence, how do we cope if the internet simply goes down? Or if it goes out of action for 24 hours - business interruption. The aggregation could kill us.


Charles Christian: The only consolation is that the internet was designed originally for exactly that eventuality, everything interlinked.

Robin Wilkinson: It was not designed for this kind of traffic.

Charles Christian: It was designed for a nuclear bomb landing on Washington and there being an alternative communications infrastructure.

Robin Wilkinson: But a lot of traffic goes through very few service providers, and if you took out the big service providers, you might essentially bring down the internet, even though the internet itself technically is working. I am not aware of insurance policies that are brave enough to cover the business interruption of an internet collapse or problem like that.

Charles Christian: You are almost into the realms of fantasy; what if a meteorite hits New York type of thing.

Robin Wilkinson: I do not think that is fantasy. There are localised collapses and for somebody like Dell, selling millions every day over the net, or Amazon, these are expensive things. But I have not seen or heard of a product that will pick that up.

Reg Brown: I am sure there are some, but I am not aware of any specific ones. On a client by client basis, as long as your perils are limited to something that could happen to that specific client, and probably no other, then you can afford to give the cover. It is the Californian earthquake syndrome; you have got to limit your aggregate exposures. Single events are just becoming so large now with such ferocious consequences.

Robin Wilkinson: Won't there be a knock on effect even if you are not insuring that directly? It could have other business interruption risks for people that you might be insuring.

Reg Brown: With the old style, traditional consequential loss policies, there are fire and specified perils. They only pay if the property policy pays. What we are talking about is way, way beyond all of that, and we have to start looking at the perils that we name. That is brick by brick type protection. If you go the other way, we are now talking about all risks and we say: From whatever cause. That is pretty frightening.

John Winn: Would the market countenance an exclusion for the direct consequence of criminal activity in that particular risk?

Reg Brown: I do not think so, because much criminal activity is also tortious activity. Also, it may be a criminal activity here but not there.

Charles Christian: A lot of hacking related crimes are from employees or former employees.

Reg Brown: Hacking itself is not necessarily a crime, is it? No intention to cause injury or damage. You are just looking. It depends on what you intended to do. I may unintentionally get into somebody's web site. What a mistake. Am I hacking? What does hacking mean? A lot of the problems that we have in the insurance products are those that require proof of intent.

John Winn: Malicious damage.

Reg Brown: The intention to deprive the owner thereof in the old Larceny Act sort of thing. Some of the fidelity policies talk about employees with particular intent, criminal intent.

Stephen Lewis: It has to cause damage to the insured or to make a personal gain.

Reg Brown: So you have to prove all of those things, which is rather difficult.

Lee Coppack: John, the shipping industry has used EDI for a long time. I wonder if there are any lessons from that which pertain to the wider use?

John Winn: I worked for five years with a company called Maritime Cargo Processing which provides cargo clearance and inventory controls services to the shipping industry. With cargo movements, what happens in most major ports in the world now is that you have trusted service providers. The problem with the internet and the things you are talking about is that you are endlessly trying to talk about individual contracts. You have not got a wholesaler who is monitoring and controlling anything. You have no editor, really. In order to deal with cargo movements and things like hazardous cargo, there is sufficient money and enormous risk in the system to make that necessary.

In the internet open world, you just have access service providers which are really no more than gateways, and nobody has ever said he has got to be a trusted service provider or he has got to be responsible for what he allows through his gateway. It is an unspoken discussion, isn't it?

Robin Wilkinson: There was the conviction of one of the German managers of Compuserve over pornographic material that got on to a site. They held the service provider responsible. The last I heard it was being appealed.

John Winn: But unless you advance that concept, you have got no one else in the network on whom you can impose the responsibility. In the ports and shipping world, there is a model. In order to get your hazardous goods from Rotterdam to Felixstowe, the information goes through two trusted service providers. Now the information may still be wrong, but a. it is much less likely to be wrong than it was in the days when the chief mate used to have two drinks and try and understand the blue book; and b. it has been through two service providers.

Again, people still worry about the absolute disaster. You report back that the cargo is not something sulphate, but it is something else sulphate. It gets stored next to the wrong thing, so you blow up the entire port of Rotterdam. But you have to imagine a sequence of such nightmarish proportions that it is obviously not worth talking to a broker. You would just frighten him, probably.

This is just at a much higher level, because you have the trusted service provider and it is warranting the information that passes to customs. It is warranting the information, so it is responsible for the data, in other words. In what you are talking about, nobody appears to be accepting any responsibility.

Charles Christian: The 1996 Defamation Act in this country changed the status of internet service providers. As it now stands, if you are Compuserve or AOL and somebody posts a libel on one of your bulletin boards, then you are not responsible for it, if you do not operate an editorial policy. If you say you vet everything, then you are liable because you have accepted responsibility.

Now it has just been held that Demon could be sued on the basis that the person who claims to have been defamed complained to them and they did not remove the libel within a 14 day period. The question there is: Have they then changed in their status because they have been alerted to it and, therefore, they are in a slightly different area? There is going to be an appeal on it, so watch this space. It is a completely grey area.

Reg Brown: It is the defence of innocent dissemination.

Charles Christian: Innocent dissemination and Demon say they are covered by the 1996 act. But in the original proceedings, the judge said: “No. It is a different situation, because there was a formal complaint. Therefore, you were on notice, if you like.”

Robin Wilkinson: It touched on an issue that goes way beyond libel, which is this. It is very hard to know from a web site what is behind it. There is an awful lot of information people are now using in their businesses that they pick up off a site. When you say: “Where did you get that information?” You hear them say: “I got it from the internet”, as if that is some reliable source of information. People do not say: “I got it from a book.” They give you the name of the author. Somehow there is this feeling about the internet - people seem to have a certain gullibility, if I can put it that way, in the way they take the information, use the information. The amount of information that can be disseminated I find stunning.

Reg Brown: That is no different than the daily press! Absolutely no different. We all believe it because it is in the newspaper.

Charles Christian: It is so much easier to put information on a web site than it is to run your own newspaper.

Stephen Lewis: If a professional puts out misleading information or advice on a web site, then he can incur liability, which Reg Brown may be insuring under a protection and indemnity policy. That is one possible exposure. There is defamation. There is also negligent mis-statement.Reg Brown: Certainly, one of our perils that we cover is negligent mis-statement.

Stephen Lewis: If you can prove a duty of care is owed. If you place something on a web site, are you assuming a duty of care, a responsibility to the entire world who may choose to rely on it?

Robin Wilkinson: Are you assuming a duty of care to anyone, that means everyone in the whole world who could pick up your site?

Reg Brown: I doubt it.

Stephen Lewis: The legal effect of disclaimers could vary from jurisdiction.

Charles Christian: Most law firms, for example, brought in very extensive disclaimers on their sites and, indeed, it is often the largest part of their site.

John Winn: It says: “Some of this may be true . . .”

Lee Coppack: Charles, I understand that some firms are marketing legal services over the internet. How does that work?

Charles Christian: The idea is that you have a selection of legal forms to cover every-day situations, such as terms of services for a director, partnership agreement, a will, a statement of claim if you are in a motoring case. You pay a small fee by credit card, download it and then you can fill it in yourself and use it as a legal document. The idea is you do not have to go a solicitors' practice for all that information, which they do not provide you anyway.It is this concept of the commoditisation of law, that certain aspects of law do not actually need a lawyer involved. It is the same old precedent that they have been cutting out of a book and using for the last 20 years. Instead of going to your lawyer and sitting there while they bring it out for you, you just download it off the web site.

Stephen Lewis: That is automatic? If you click on the web site and say: I desire to use the service that you offer, then the lawyer does not have any discretion? He cannot say: No. I do not want to provide you with the service. In those circumstances, I think an English court might well hold that that lawyer owes a duty of care to whoever might access the web site.

Charles Christian: There are a couple of firms that are now offering interactive services for powers of attorney, which seems to be a very dangerous thing, because you apply for powers of attorney, and the next minute poor old granny is in a home somewhere. You have flogged off the family farm and she is saying: But I am not gaga.

John Winn: They say they are selling a 10 line document. They are not selling you advice as to whether granny is compos mentis.

Charles Christian: The argument is that if you went into their offices and had a face to face transaction, you could still do the same dirty deed.

John Winn: But if you were face to face, you have to say why you wanted to do this.

Stephen Lewis: But once a professional puts that service on the internet, he or she takes the risk that it could be abused or used in certain circumstances where it is totally inappropriate.

John Winn: It is almost bound to be, isn't it?

Stephen Lewis: We must have a condition that says they have some duty to take. It is difficult, isn't it, because you are covering them against their failure to take reasonable care.

Reg Brown: Reasonable care is already in there in the law of the land.

Robin Wilkinson: The problem is that most people do not really know what they want. The last thing you do is give them a document. They usually start off asking one thing, but by the time you have talked to them about what their problem really is, there might be a totally different solution.

Charles Christian: The concept behind this system is the help line service. You contact them and you get, I think, 15 minutes free advice. I think if it is more complicated, they will then refer you to a solicitor. But I suspect what will happen is no one will want to be referred to a solicitor. They will just think they understand the advice they have received over the telephone and say: That must be right. I will use that form.

Robin Wilkinson: They are given some advice, anyway, theoretically.

Charles Christian: Wait to see just how much.

John Winn: So you are not going into this, Stephen?

Stephen Lewis: We do Next Law which is a very limited step in that direction.

Charles Christian: But you are selling to in-house lawyers.

Stephen Lewis: Yes. It is an entirely different audience, entirely different circumstances, and I do not think we would go much further than that.

John Winn: So when you say to them: “You must check your particular case. This is just general information”, that will protect you. It will not protect you on a screen in Tescos.

Charles Christian: It is the Joe Public element that is the problem. The Linklater's system is the same and that is sold to in-house lawyers or in-house financial advisers of existing clients, so there is an element of vetting, as opposed to throwing it open to the great unwashed.

Lee Coppack: How is the law in relation to the internet likely to develop, do you think? John made the point about trusted providers. Is it going to come to the point where some authority says to Compuserve or AOL, you must monitor what you are putting up? And what authority could that be?

Stephen Lewis: It is very difficult. There is no UN to police it. Unless there is some over-arching international body which is capable of enforcing rules, then I do not see how there can be an international system of law and regulations. I think what people are trying to do is they are trying to have global frameworks. Bill Clinton was talking about that in a speech a year or two ago. The EU are certainly putting out directives, e-commerce, electronic signatures, which are trying to promulgate at least within the EU a system of rules that will apply. But as to something that everyone would adhere to, even if they were prepared to adhere to it, to make it enforceable in such a way that an international court or tribunal could enforce it is virtually impossible.

Charles Christian: They are already talking about an e-commerce war with the United States over the data protection issue, the fact that within the EU we have regulation on data protection. In the US, it is an industry free market, and the threat is that any organisation trading in Europe would be unable to export data to the US because the US do not have a comparable data protection regime.

John Winn: The only way forward usually with this sort of situation is that it is done by sector in the end. The shipping community did. They said: “Actually, the risks of not doing it are greater than the risks to our competitive position,” so they then started devising community systems of some description. Perhaps when other industry sectors reach the point of being forced to defend their industry's reputation from electronic cowboys, they, too, will put up the money to introduce some industry led voluntary editorial control of a similar nature.

Charles Christian: You are starting to see that in the music industry where they have woken up to the fact that music can be sold as downloadable files on the internet. It is virtually impossible to stop it, so the idea is that: “Okay, we will embrace it. We will draw up standards. We will licence it. We will set our own standard for the format and we will make money out of it. Close down the pirates that way and make it legitimate.”

Lee Coppack: Is there anything that you think has come out of what we have been discussing that points us forward?

Reg Brown: It is an exciting new era, isn't it? It does not generate much by way of new products but it does generate enough to keep the insurance industry occupied for some time to come. Will we really end up with virtual insurance companies? The virtual insurance broker? Who knows where it is all going and what products we can produce to protect those businesses? I think we have a lot of thinking to do and a lot of work yet to be done.Robin Wilkinson: Do you think we are going to see some exclusions in existing policies for liabilities that come from the internet?

Reg Brown: I do not think we are. One, it is still a very soft competitive market, and the buyers and the brokers have the upper hand at the moment, so I do not think insurers are going to be brave enough or able enough to introduce too many exclusions. Two, I am not sure that they would want to. I think they would want to approach this in a constructive way and say: “How can we cover these new exposures? How can we provide the cover that our clients want?” There will be some new products that focus on the specific aspects of the internet, but most existing policies will probably only need a bit of tweeking to do that.

Charles Christian: Have brokers generally woken up to the fact that their clients who have a conventional business but now have an internet selling arm are exposed to an entirely different set of liabilities? You have a manufacturer of widgets. You can have some fairly predetermined ideas of their liabilities. You have been insuring them for the last 30 years. But the internet adds a whole new flavour that you may not be aware about. Do brokers say to their clients: How do you sell your product?

Reg Brown: Some no, but a lot yes. I heard a talk a couple of weeks ago and the speaker said: “In the old days these were the risks that our clients perceived they had: buildings, plant, machinery, physical. Those were the things we used to insure. Now, our clients perceive the risks to be the reputational risk, brand value risk, and so on. This is the uninsured bit of our clients' perceived risk. The insured bit has shrunk to a percentage figure of 19%.” That is a hell of a lesson to the insurance industry, that we are actually only covering 19% of our clients' perceived risks, whereas 25 years ago we used to cover 100%. I think we will take this on board and very strongly. You will see new products. You will see amendments to existing products, but the whole thing is moving so fast.

Lee Coppack: Stephen, there will be plenty of business for insurers. Is there going to be a lot for lawyers?

Stephen Lewis: Undoubtedly, because as the insurance extends, these new risks may not be all that well defined. There may be lots of scope for dispute resolution arising out of questions as to whether they are covered or not, particularly with the uncertainty as to the international dimension of internet risks, whether it is conflicts of laws, conflicts of jurisdiction or the applicability of certain national laws which purport to apply whatever the proper law of the contract may be. I think there is a lot of scope for lawyers. Probably the American lawyers will do the best out of it, but I suspect we will also see our appropriate share of disputes coming over, which we will now have to deal with under the Woolf reforms.

Lee Coppack is co-editor of Global Reinsurance.