Attorney Advertising

Articles Posted in Insurance

by

IMG_0297-300x225The law aspires to be fair, though it may not always appear that way.  Often that means enforcing fair procedures to try to reach a just outcome.  A recent New York Insurance Law case makes this point.  State Farm Fire and Casualty Company v. Chauncey McCabe, 2018 NY Slip. Op.04416 (3rd Dept., June 14, 2018), distills criminal law through the equitable doctrine of collateral estoppel to determine whether an intentional acts exclusion of a New York Homeowner’s Insurance Policy bars coverage for a liability claim for personal injuries arising from what appears to be an intentional act.  Though you may not agree with the decision, the way it is reached is fair, to all involved.

In the case, two insureds made a claim to be defended and indemnified under their Homeowner’s Policy of Insurance against claims that their negligence caused another person serious personal injury.  A Girlfriend alleged she hit her head on a cement wall after she tripped over a hazard left on the floor of the house her Boyfriend lived in with his mother, and the Boyfriend did not help her get medical attention. The Girlfriend sued them both, and they each made a claim for liability coverage.

The Insurance Company alleged there was no coverage for the Boyfriend because the loss was not an accident and the policy provided liability coverage for an “occurrence,” which was defined, basically, as an accident.  It also alleged that a policy exclusion applied, which bars coverage for injuries caused by willful or malicious acts of an insured.

by

FrozenHow can you prove something exists when it can’t be found?  If you ask an investigator, or a New York Litigator, it may not be as hard as you think.

There are always facts to ponder.  The other day I was listening to a podcast with an astrophysicist explaining Dark Matter.  It was more interesting than it might sound.

Dark Matter: things are supposed to work a certain way, interact with each other according to certain well-defined rules.  Think of Newton and the falling apple.  But what if they don’t?  What if the apple fell sideways, instead, as if something else is there, something you can’t see?  What if the only way to tell that it’s there is because it should be, but you just can’t detect it?  It would be something like looking at a dinner table with empty plates with crumbs, and pots and pans with scraps of food, but no one around. It just might have been a really good meal.

by

sunrise-963348-m.jpgThere was an interesting article in Wired.com, the magazine, recently that put a new twist on an old topic: What’s the best way to make sure the internet, and all of the information that travels on it every day, is safe? How do you really make cybersecurity, secure? After all, the safer the information, the more secure people will feel, and the use of the web, for everything from e-commerce to portable electronic healthcare records, will grow. The flip-side is just as true: the more hacks, hackers and data-breaches, the slower the pace of progress. The good will be harder to come by if the bad is hard to avoid.

Peter W. Singer, who wrote the article, entitled, “How to Save the Net: A CDC for Cybercrime,” which was posted on 08.19.14, 6:30 a.m., proposes an interesting idea.

The CDC, otherwise known as the Centers for Disease Control, is much in the news recently. Chances are, if you’ve seen news stories about the Ebola outbreak in West Africa, or the MERS outbreak earlier this year, the CDC has come up in more than just passing. It’s the clearinghouse for health related information, combating communicable diseases, the world over. There was just an article, by Betsy McKay, Nicholas Bariyo, and Drew Hinshaw, that appeared in the August 23-24, 2014 Weekend Edition of the Wall Street Journal in the Review Section, which talks about the invaluable help the CDC gave to another country that used to be at risk of virulent Ebola outbreaks. Uganda used to send blood samples to the CDC’s facilities in Atlanta, to be screened for Ebola. Now, thanks to technology and training the CDC provided, Ugandans do the same for themselves, in country, which lets them detect outbreaks of the deadly virus sooner, respond to them quicker, and stop them before they do large scale damage.

A central clearinghouse for ideas, both proven and proposed, to safeguard digital information seems like a good idea. Having a one size fits all approach, in which the government entity is the one upon whom everyone fighting the problem relies, may not be. That’s not really even the job the CDC is doing with Ebola.

Look at how the Federal Trade Commission is policing cybersecurity: the whole point of the its Reasonable Precautions cybersecurity standard, and its enforcement, and codification, on a case by case basis, is that “Reasonable Precautions” become reasonable, or not, based on the particular facts of a given situation. What might be the right protection for digital information exchanged between wholesale distributors and retailers, might not be sufficient to protect information between retailers and consumers, and that in turn might not be enough to safeguard patients’ healthcare histories when they are exchanged among medical providers. What might be a commercially reasonable effort to safeguard information in one industry, might not be in another.

The FTC encourages individual companies, and the industries in which they compete, to voluntarily join together to ensure data security. By making the terms Industry Standard Practices and Commercially Reasonable Efforts mean something substantive, companies can protect themselves against FTC enforcement actions for lax data security, as we’ve previously noted. Look no further than the April 7, 2014 decision of U.S.D.J. Esther Salas, in The Federal Trade Commission, Plaintiff, v. Wyndham Worldwide Corp., et al., Defendants, Civil Action No. 13-1887 (ES), United States District Court, D. New Jersey, to see why. If a company can’t figure out what the FTC wants it to do to protect its customers’ data, then it should create, and live by, Industry Standard Practices which will become Commercially Reasonable Efforts if all the major companies in the industry implement them. Many companies already say they do this anyway, right in their privacy policies. Instead of meaningless legal verbiage, make the terms mean something concrete; show they can work, and the FTC will have little to complain about, even if those efforts occasionally fail. Some of the most vulnerable industries, including retail, are banding together to do just that.

The Retail Industries Leaders Association, or RILA, as we previously noted, formed a voluntary clearinghouse, known as the Retail Cyber Intelligence Sharing Center, or R-CISC, to develop and share industry leading practices in cybersecurity, by communicating amongst themselves information they learn regarding threats and defenses. The reported backers of the initiative have put in a lot of effort: they’ve conferred with cybersecurity experts and involved interested government agencies. They also have a lot at stake: credit cards and financial information are common targets; just ask the RILA members.

One main benefit of a CDC for the wired world, according to Peter W. Singer, is the trust and confidence it will bring to all those who rely on it. By bringing the best and brightest together under one centralized government-funded roof, it would allow users to know that independent experts, with their best interests in mind, were on the job, fighting off the bad guys. That’s a good thing; but is that the only way to achieve it?

What if the businesses which hold their customers’ information on line were held accountable for not doing enough to protect that data? What if they faced the loss of business, and profits, as well as a government enforcement action, if they didn’t do enough? What lengths would they go to in order to keep their customers’ trust?

If you look at some quotes in the RILA press release, from the people involved in forming the R-CISC, you’ll see that trust is a recurring theme there, too:
Continue reading

by

crowbar-854266-m.jpgThere are a few recent news stories that business owners, fraud investigators, and consumers should be aware of. Though not necessarily related, they point out the ever-growing need to protect digital information and the consequences for those who do not. Cybersecurity, it seems, is something that will affect everyone, eventually.

The topic of the first story, unfortunately, is common; the numbers, thankfully, are not, though we should all hope they stay that way. According to an article by Danny Yidron in the Wall Street Journal, which was last updated at 2043 hrs Eastern Time on August 5, 2014, a gang of Russian hackers has amassed 1.2 billion stolen user names and passwords from approximately 500 million unsuspecting people. According to the private security firm that discovered the theft, Hold Security in Milwaukee, the hackers obtained the information from 420,000 websites, allegedly ranging from leaders in major industries to small businesses and personal websites. No measurable harm evidently has come from the theft, at least not yet. The hackers reportedly so far are using the data only to send spam messages on social media accounts. That doesn’t mean the people whose information was stolen are free and clear: There is a growing trend in recent years, according to the report, where cybercriminals amass online credentials for later use. While that later use isn’t specified, it shouldn’t be all that hard to determine. Consumers, according to the report, often use the same user names and passwords across various websites. If a hacker learns a user name and password for one account, it’s not that hard to imagine that the hacker also could gain access to the consumer’s other accounts, including on websites that store, or have access to, the consumers’ financial information, including credit card numbers.

In order to see the harm that was done already, merely because the hackers have the user names and passwords, you have to remember that just exposing your customers’ confidential information sometimes is enough to trigger an enforcement action by the Federal Trade Commission to force businesses to take reasonable precautions to protect their customers’ digital information. If you remember the LabMD case, which we already spent some time discussing, the FTC’s claims of unfair or deceptive acts or practices in, or affecting, commerce, were directed against LabMD for allegedly inadvertently posting the confidential information of less than 10,000 individuals on a file sharing platform that was intended to share music files instead. During the FTC’s administrative law trial against LabMD, it reportedly did not even plan to present any witnesses who were the victims of the alleged ID theft; exposing the information, allegedly, was enough.

We’re not comparing the theft of user names and passwords to exposing confidential health information, which allegedly is what occurred in the LabMD case. Allowing the theft of user names and passwords could lead to some real trouble, though, especially if it leads to the theft of user financial information, such as credit card numbers. That leads straight to the second news story.
Continue reading

by

football-1134963-m.jpgWhat does investigating Insurance Fraud have in common with the FIFA World Cup currently taking place in Brazil? More than you might think, especially if you’re a world-class goalie trying to stop a penalty kick.

The hardest job in all of soccer, or football as the rest of the world calls it, arguably is that of the goalkeeper on a penalty kick. Think of how big that goal really is. Now think of how small that keeper actually is. There is no comparison between the two. Add in the fact that tied games are decided on penalty kicks, and you’ll understand the pressure involved, especially when you’re playing for the World Cup and know that two World Cup Finals have been decided on penalty shootouts. Many people complain about how unfair it is to decide a game that way, especially when, as they see it, a goalie has to get lucky to stop a penalty kick. Just yesterday, Sunday June 29, 2014, an article in the New York Times by Rob Hughes lamented the fact that Brazil just beat Chile on penalty kicks, especially because Chile’s last one didn’t go in because it hit the goalpost.

How does a keeper have any chance at all to stop the open, unimpeded shot, from 12 yards away, when the penalty-taker has all that room to kick at? As it turns out, he does it in much the same way a fraud investigator detects a lie: He does his homework, knows what to look for, and then goes on instinct. Unlike a fraud investigator, though, not many people expect the keeper to get it right.

A study recently was conducted to see if there was any way to help the goalkeepers with their nearly impossible task. It came up with a few answers, which also, though inadvertently, may give some pointers on how to conduct a fraud investigation. Entitled “The development of a method for identifying penalty kick strategies in association football”, it is authored by Benjamin Noël, Philip Furley, John van der Kamp, Matt Dicks and Daniel Memmert, and is published in the Journal of Sports Sciences.
Continue reading

by
Posted in:
Tagged:
Updated:

by

the-maze-2-1008265-m.jpgFiguring out whether someone is lying or telling the truth isn’t easy, as we’ve previously written.

Investigating Insurance Fraud isn’t easy, either. Just ask anyone who works in SIU, and they’ll tell you about the legwork involved: the interviews to take; the documents to get and go over; the data to analyze. And it all comes down to one thing: Is the person who’s making the claim, telling the truth or lying? That, as we’ve previously written, probably is the hardest question for the fraud investigator to answer.

If the insured is lying about something important, something material and relevant to the investigation of the claim, chances are here in New York he won’t recover anything. If the insured claims he had a lot of expensive, scheduled, jewelry stolen, but it wasn’t, chances are he’s not going to recover anything under his policy. If the insured claims that, when his house burned down, he had a lot of costly new electronics and clothes destroyed, and he’s telling the truth, he’ll get what he’s entitled to under his homeowner’s policy. If he’s lying, though, chances are he won’t get a dime, even for the house.

It’s not always easy, though, to know when somebody’s lying. We’ve all heard the classic telltale signs: A person is lying when he blinks rapidly; looks away; looks up and to the side; has dry mouth. The only problem is, so has the liar. Ask yourself: is someone who is basically trying to steal money, and has to lie to get away with it, going to advertise that he’s lying?
Continue reading

by

puzzles-1439091-2-m.jpgAs we just talked about in our last article, in order for an insurance company to deny a first-party property claim in New York because of arson, and make that denial stand up in court, it has to prove that the insured intentionally caused the fire, and it has to do so by clear and convincing evidence. That is not always an easy burden of proof to meet. There reportedly is an exciting new tool being developed that might make proving arson, i.e., that a fire was intentionally set, easier and help arson investigators become even more effective in determining who caused the fire.

Researchers from the University of Alberta and the Royal Canadian Mounted Police, working in tandem, have developed a new computer program that can pinpoint the presence of gasoline in debris taken from a fire scene. What makes this so important is that gasoline, according to the researchers, is the most common accelerant found in arson fires; evidently preferred by arsonists everywhere. By making it easier to detect, and confirm, the presence of gasoline, you stand a good chance of making arson easier to prove and less profitable to attempt.

What makes the new tool so helpful, is that it often is difficult to confirm the presence of an accelerant in debris taken from a fire scene. No two houses, buildings, or fire scenes, are exactly alike; they contain different mixes of materials. Different materials leave behind different chemical compounds when burned, and these can mask the presence of an accelerant such as gasoline. The researchers, in effect, developed a computer filter that can by-pass the background noise to pinpoint the tell-tale signs of gasoline. They developed their tool by examining data from 232 samples taken from fires across Canada; by using real-life debris rather than merely relying on simulations, the researchers say their tool is dependably accurate.

Currently, determining whether there are traces of an accelerant left behind at a fire scene is time-consuming work. According to the researchers, the Royal Canadian Mounted Police have two separate forensic scientists examine each sample to see if their findings agree; this can take several hours for each sample, and there normally are three to four samples per fire. The newly developed computer program shrinks this time substantially. The first scientist still will have to analyze the debris herself, but will be able to confirm her findings in seconds, rather than hours, by using the computer program. A second forensic scientist will not have to analyze the debris unless the computer program’s findings disagree with those of the first scientist.
Continue reading

by

candle-light-burning-1437374-m.jpgIt takes a lot to deny a first-party property claim in New York because of arson. It is not much easier to make that denial hold up in court. As we’ve previously mentioned, when an insured seeks to recover for fire damage under his own policy of insurance, i.e., when he makes a first-party property claim, the burden of proof is on the insurer to establish the affirmative defense of arson, and it has to do so by clear and convincing evidence. Perhaps the best way to understand what that abstract legal rule means, though, is to see how it is applied to actual, real-life claims. There is a case, from not that long ago, Maier v. Allstate Ins. Co., 41 A.D.3d 1098, 838 N.Y.S.2d 715 (3rd Dept. 2007), that does a good job of showing just what type of evidence you need in order to establish an arson defense in a civil case.

The Plaintiff in Maier v Allstate, supra, owned a home in the Town of Sand Lake in Rensselaer County, in upstate New York. For a long time he lived half of the year in Sand Lake and the other half of the year he rented a home in Florida. The same day he was going to move to Florida permanently, a fire completely destroyed his Sand Lake house. The Insured tried to recover for the property damage under his homeowner’s policy of insurance with Allstate; he submitted a sworn statement in proof of loss, making claim to recover a total of $240,000.00 for damage to the house, personal property, and debris removal. The insurance carrier paid off the $92,000.00 remaining on his mortgage, pursuant to the standard mortgagee clause in the policy, but denied the Insured’s claim. When the Insured sued to recover under his policy, the insurance carrier asserted arson as an affirmative defense. After a bench trial, the carrier won and the complaint was dismissed. Not liking the verdict, the Insured appealed. The Appellate Division, Third Department, upheld the verdict. In other words, the carrier met its burden of establishing, by clear and convincing evidence, that the Insured intentionally caused the fire. The evidence the insurance company used, and the trial and appellate court relied on, shows how arson sometimes can be established through even conflicting, circumstantial evidence.

Arson means that the fire was intentionally set. One thing you normally look for to establish arson is the presence of an accelerant, which is a combustible material used to help start, or spread, the fire; think of a flammable liquid such as gasoline. If you find evidence that an accelerant was used, chances are the fire did not start accidentally. Here, there was conflicting evidence about whether or not an accelerant was used:

  • The County’s fire investigator used a specially trained dog to determine that traces of accelerant were found near the entrance to a bedroom that had a burnt-out mattress. The Insured argued the dog’s actions did not clearly confirm the presence of an accelerant; the court disagreed.
  • The insurance company’s origin and cause investigator, based on his own inspection, determined that the fire began in the same location, on the burnt-out mattress. Presumably he determined this from the burn patterns on the mattress.
  • The lab analysis of the mattress, however, found no traces of an accelerant.

Continue reading

by

butterfly-1427284-m.jpgMost people by now have heard of the Heartbleed bug. It’s the programming flaw in one of the most common encryption methods on the internet: OpenSSL. It makes what should be secure websites, and the personal information they contain, vulnerable to hackers. It is more important, though, than just another internet threat. Every business should consider whether it can be liable for depending on the vulnerable encryption software in the first place. This is especially important in light of the Federal Trade Commission’s efforts to ensure that businesses take reasonable precautions to protect their customers’ digital data.

The same day the Heartbleed bug was announced, April 7, 2014, Federal District Court Judge Esther Salas, upheld the Federal Trade Commission’s right to police corporate cybersecurity practices. As we previously mentioned, the court denied Wyndham Worldwide Corp.’s motion to dismiss a suit the FTC brought against it which arose out of three separate alleged hacking incidents that occurred over a two year period.

According to a story by Matt Egan published on April 8, 2014 in Fox Business.com, the FTC sued Wyndham Worldwide Corp. and three subsidiaries, alleging that Wyndham, unreasonably and unnecessarily, exposed consumers’ personal data to unauthorized access and theft that resulted in hundreds of thousands of customers having their payment card account information exported to a domain registered in Russia and a fraud loss of more than $10 million. The suit reportedly alleged that, among other things, Wyndham:

  • Failed to use readily available security measures like firewalls;
  • Allowed software to be configured inappropriately;
  • Failed to ensure hotels implemented adequate information security policies;
  • Failed to remedy known security vulnerabilities.

[Emphasis supplied]

What makes the ruling especially relevant to the Heartbleed bug is the way that the encryption software the bug affects is developed and maintained.
Continue reading

by

illustration-card-1441198-m.jpgJust in case anyone thinks that cybersecurity is nothing more than an esoteric exercise for computer geeks and technicians, of no importance to the average person or business, the Heartbleed bug has come along to show us all how wrong that is. It was only just discovered two weeks ago and its impact was felt around the world almost immediately.

According to an article in the April 9, 2014 Daily Mail, the Heartbleed bug bypasses the normal safety features of websites. It can affect many of those sites that you might have noticed, which begin with an “https://” in front of their internet address, and which often appear with the symbol of a lock, both of which are supposed to mean they are safe. The bug, though, makes them vulnerable. It reportedly could affect more than 500,000 websites
The bug reportedly allows hackers to bypass normal encryption safety measures to get at encrypted information, including the most profitable types such as credit card numbers, user names, and passwords. The unauthorized user can even obtain the digital keys to impersonate other servers or users and eavesdrop on communications.

It’s not considered malicious software or malware because it is more of programing flaw; but that really is not important. What is important is that the flaw, and the vulnerability, went undetected for more than two years until it recently was discovered, independently, by researchers at Google and the Finnish company Codenomicon. A fix is possible, and reportedly fairly easily applied. The problem seems to be that the fix has to be manually applied by the people who run each individual site. That, unfortunately, will take time.
Continue reading