Source: sadlerco.com - Architecture and Engineering
Author: Jim Ferguson
Managing New Risks in a Rapidly Changing Industry
by Paul Dietrich and Brad Gow
The architecture and engineering professions are undergoing a period of unparalleled change brought about by rapid advances in computing and communications. Technology has transformed everything from project design to client communications in the daily practice of the design professions. The effects of these extraordinary changes are being seen publicly in daring new skyscrapers around the world and more subtly in the use of new materials and in more efficient manufacturing and industrial processes.
In architecture, the use of computer-aided design has enabled imaginative designs such as the proposed twisting structure of the Freedom Tower on the site of the World Trade Center in New York City.(1) Computer design software has allowed architects to move from two-dimensional blueprints to three-dimensional visualizations. Now, architects can take their clients on computerized room-to-room tours long before construction begins and escort them through virtual lobbies to show off the planned interiors in minute detail.
For engineers, design software allows modeling and testing of virtual prototypes before anything is built. Engineers can view sophisticated three-dimensional renderings of complex parts or systems with critical design information. Manufacturers a world away can take those three-dimensional renderings and use them as virtual parts in their own designs. Technology has enabled engineers to collaborate remotely on designs with colleagues in other cities, with client companies, and in other countries.
The huge advances in information technology that have brought about new and more efficient ways of working, however, also have created pitfalls for unwary architectural and engineering (A&E) firms where risk management strategies have failed to keep pace. A&E firms now face exposures in areas such as intellectual property and software copyright that have been viewed as the province of multimedia or technology companies. They bear new responsibilities in terms of network security, especially in a post-September 11 world where plans for infrastructure projects can be high-value targets for terrorists.
Management of the new risks, however, is complicated by the fact that the new exposures often are not addressed in standard insurance policies for A&E firms. While the insurance industry has built up a great deal of expertise both in the A&E sector and in the technology sector, the expertise in one field may not be brought to bear in the other. That means that A&E firms need to recognize the new exposures, to manage their risks accordingly, and to communicate their best-practice efforts to underwriters.
In this article, we will talk about the emerging exposures faced by architectural and engineering firms that have been brought on by new technology; the actions those firms can take to protect themselves; and how traditional industry-specific insurance policies may fail to address the new risks.
New Technology and New Risks
Regulation of the building and design professions has a history almost as long as civilization. Professional liability for builders was first addressed 4,000 years ago by King Hammurabi. In his code of laws, the Babylonian king specified death for builders as well as repayment for any damage to property if the faulty construction of a house led to the death of its owner.(2)
As building technology has progressed over the centuries — from adobe bricks to stone arches in Roman and Medieval times, iron bridges in the Industrial Revolution, and today’s steel-framed, glassclad skyscrapers — a more modest and varied set of penalties for design faults by architects and engineers has evolved into contemporary law. The insurance industry, for its part, has developed comprehensive coverage for those professions in their traditional areas of responsibility — designing buildings, infrastructure, machinery, and industrial processes. The rise of new technology, however, has brought new liabilities.
Compared with the very long histories of architecture and engineering, the development of information technology has been astonishingly rapid. The computer age dates to Valentine’s Day, 1946, when the Electronic Numerical Integrator and Computer, or ENIAC, was dedicated at the University of Pennsylvania. That first electronic digital computer, developed to calculate artillery firing ranges for the U.S. Army, had 18,000 vacuum tubes and filled a large room.(3) Just over two decades later, the Internet age began in 1969 when researchers at UCLA hooked up a computer to a switch the size of a refrigerator, the first step in getting two computers to talk to each other.(4) A communications revolution was launched 20 years later when the World Wide Web was created in 1989 by Tim Berners-Lee, who also developed the first browser in 1990.(5)
Since those initial milestones, the world has been transformed as rapidly increasing processing power has been combined with massive growth in networking capabilities. For example, a 3-pound laptop today has 1000 times more computing power than the 30-ton ENIAC and can communicate wirelessly to systems around the world.
The explosion in computing power and communications, however, has been accompanied by new problems. Just as it transformed the way that architectural and engineering firms design projects, technology has altered the risk landscape for business. Before the advent of computers, a thief would have to break into an office to steal files; now, such theft can be accomplished using a laptop 10,000 miles away. Criminals in Eastern Europe can shake down a U.S. business by threatening to shut down its Web site. Viruses, which began to spread in the 1980s via infected disks, now rampage around the world in hours via e-mail, causing billions of dollars in lost productivity and repair costs.
There are many more risks than just computer viruses. The same technology that allows instant global communications and modeling abilities undreamt of in the days of paper plans also brings risks such as copyright infringement, software piracy, and the loss of valuable data and confidential information.
For instance, firms that use computer-aided design programs face the risk of software-piracy lawsuits and fines that can often run into the tens of thousands of dollars if they fail to secure an adequate number of licenses for employees using those programs. On the other hand, they risk not being compensated for their work because digital plans can be copied more easily and reused by clients without compensating the designers.
Digital technology also enables the theft of detailed trade secrets. Such theft isn’t limited to music and software but also includes theft of competitive information such as industrial research data of product development plans. Those who design infrastructure projects have to worry not only about rivals stealing their designs but also about keeping documents secure from terrorists who may be seeking to target power plants, water treatment facilities, or even schools.
In communications, the use of e-mail as a business tool can lead to lawsuits over offensive messages and to disputes over project changes communicated electronically. While engineers using mechanical computer-assisted design software can collaborate remotely on designs with colleagues and clients, at the same time, they have to be aware of protecting their proprietary data and controlling access to sensitive documents.
One of the most significant developments in the design world — and one of the biggest new risks — is sophisticated design software that enables architects and engineers to work with virtual three-dimensional models of their designs on computer screens, rather than having to picture the finished design in their minds.
The Computer-Aided Design Revolution
Until the 1970s, the process of designing buildings, equipment, and structures was done on paper. Designs were laid out by draftsmen and copied onto blueprints. Then computer-aided design software came into the picture, offering a faster way to lay out, refine, and copy designs. In the 1980s, programs to produce simulated three-dimensional renderings of mechanical drawings began to emerge. Those tools were put to use first in manufacturing smaller items and then in producing larger products such as automobiles. Until recently, computer-assisted design programs were not powerful enough to handle the huge amount of information needed to produce a three-dimensional rendering of a large building. A 100,000 square-foot building can have a half a million parts.(6)
Now, programs that can create virtual models of skyscrapers are commonplace. As in a computer game, architects can now look at their designs from any angle. They can make changes to the overall exterior dimensions of the buildings, and the software will make the changes to the interior dimensions without the designer having to enter every change floor-by-floor. These new high-powered computer design programs have made possible such designs as the ethereal Millau Viaduct in southern France, the
world’s tallest bridge, and the Shanghai Financial Center, where the design features a unique circular cutout in the top floors to account for wind stress in what is planned to be the world’s ’73econd-tallest building.
Mechanical computer-assisted design programs also allow engineers to view virtual three-dimensional versions of complex machine parts such as jetengines or assembly lines with varying levels of data complexity, including three-dimensional visualizations that can be viewed with everyday word processing software.
Software Copyright Risks
Developments in design technology have been accompanied by new laws to protect intellectual property, such as architectural designs and sophisticated software, from piracy and theft. Among the most common liabilities for architectural and engineering firms is the failure to secure adequate licenses for the number of employees using the software. While architects, in particular, may not always take this issue seriously, software companies view it as a significant threat. More than a third of all software installed on computers worldwide in 2003 was pirated, representing a loss of about $29 billion, according to the Business Software Alliance (BSA).(7) Publishers of computer-aided design software are among the most vigilant when it comes to copyright protection of products that can cost thousands of dollars to purchase and hundreds of dollars in annual fees for updates. To avoid those costs, many firms may allow more employees to use the software than their licenses allow, thereby risking substantial fines.
According to a study conducted for the BSA by Ipsos- Insight, 23 percent of U.S. professionals surveyed acknowledged that some to all of the software being used in their offices did not have the proper licenses. While nearly 90 percent agreed that software piracy was an unacceptable risk, 28 percent said it was acceptable to save money by distributing copies of software to coworkers without the right licenses.(8)
Architects were particularly relaxed about licensing. Piracy was an unacceptable risk, according to eight out of ten architects surveyed, but 48 percent said at least some of the software in their workplaces was unlicensed. That proportion was higher than for any other profession in the survey, which included accountants, architects, engineers, financial service professionals, and graphic designers. Engineers took a more stringent view, with three-quarters saying there were antipiracy policies in place in their workplaces. Engineers also had the second lowest reported incidence of workplace piracy at 13 percent, behind accountants.
Failure to obtain proper licenses can be costly. For instance, the BSA said in December 2004 that a Florida architecture firm agreed to pay $150,000 to settle claims that it had unlicensed Autodesk and Microsoft software on its computers.(9) A California engineering firm agreed to pay $43,500,(10) and a Camden, N.J., engineering firm was hit for $75,000.(11) U.S. law provides civil damages of up to $150,000 for each program copied, and criminal prosecutions can lead to fines of up to $250,000 and jail sentences of up to five years.(12) In addition, firms risk damage to their reputations due to the publicity in such cases.
While businesses may assume that software companies will never know if they have secured adequate licenses, antipiracy investigators have a very effective tool: inside tips. Most investigations start with a call from a disgruntled employee or a former employee.
Besides failing to secure adequate licenses, companies can risk copyright actions if they use portions of another company’s software in their own programs. Such cases typically arise when a firm hires an employee from another company to develop or update in-house software. The new hire may then reuse code he or she had developed for his or her previous employer to save time in the new job or inadvertently insert proprietary code from other sources, such as the Internet.
Another risk that has emerged centers on the increasingly popular Linux operating system, which is known as an open-source program because its core code is freely available without licensing. Linux, however, has become embroiled in controversy as SCO Group Inc. has pressed legal action to collect license fees, arguing that it owns a key portion of the Linux code through its acquisition of rights to Unix software. SCO has launched a high-profile legal campaign against companies such as International Business Machines Corp. that include Linux in their products. SCO also has sent warning letters to hundreds of companies that use the software.(13)
Copyright and Trade Secrets
Architects face copyright issues not only as purchasers of software but also as creators of original designs. Those issues, which are heightened by the ease with which electronic designs can be copied, include using someone else’s copyrighted design or not being compensated for the reuse of the architect’s own designs. Just as in software, copyright issues can arise if an employee uses design elements in a building plan developed for a previous employer. For instance, in 2003, a Los Angeles architect sued a former employee for theft of trade secrets, alleging that the employee had copied designs for a one-of-a-kind Bel Air mansion to build a knock-off mansion just a few miles away in Beverly Hills. The architect also sued the builder and the property owners for copyright and trademark infringement.(14)
Copyright protection was extended to architectural works by the Architectural Works Copyright Protection Act in 1990. The law extends protection to the original design of a building in “any tangible medium of expression,” such as the building itself and plans or drawings on paper or in electronic format. Penalties include statutory damages as well as the repayment of any profits.(15) Those profits can be substantial for designs that are used repeatedly.
For example, in 2001, Austin, Texas-based architecture firm Kipp-Flores Architects was awarded $5.2 million in a case involving a Virginia-based home builder that reused the same design hundreds of times. The court found that the contractor had only a one-time right to use the home design and ordered the builder to pay back the profits it had made on 304 houses.(16)
The loss of intellectual property is also an issue for engineers. The theft of trade secrets through copying of engineering designs can represent substantial losses of revenue and market share for companies that have invested billions of dollars in developing new products or manufacturing processes. For instance, in 2004, General Motors Corp. (GM) sued Chinese automaker Chery Automobile Co., Ltd., for alleged copying and unauthorized use of trade secrets from the Chevrolet Spark, which is based on the GM Daewoo Matiz mini-car. GM, which spent hundreds of millions of dollars designing, engineering, and testing what has become one of the world’s most popular mini-cars, said Chery’s QQ mini-car was so nearly identical to the Matiz that the vast majority of parts in the cars were interchangeable.(17)
Electronic Mail
Closer to home, everyday technology poses risks in the more mundane form of e-mail. The same tool that has revolutionized business communications has led to severe legal problems for even the biggest companies.
Recent prosecutions have shown that what employees say in e-mail can and will be used against them in courts of law. Unlike phone conversations, e-mail files present a permanent record of a correspondence that may later prove damaging, even if the original intent was innocent or if it is taken out of context. In one case, an e-mail sent by Silicon Valley investment banker Frank Quattrone suggesting that bankers in his firm “clean up their files” as a federal investigation of his firm was getting underway proved to be a crucial factor in his trial for obstruction of justice.(18) E-mail also played a critical role in the antitrust actions taken against the world’s largest software company, Microsoft Corp.(19)
Firms that do not have well-thought-out document retention programs may find themselves in trouble when they are unable to produce subpoenaed documents or if they are forced to hand over large numbers of e-mails that can be taken out of context and put the firm in a bad light or expose the firm to “fishing expeditions” by opposing counsel.
In addition, very large sums of money can hinge on e-mail communications. The question of whether the receipt of an e-mail constituted acceptance of the contents played a key role in the trial over whether some reinsurance companies were liable to pay billions of dollars more if the September 11 attacks on the World Trade Center were found to constitute two occurrences, as the developer asserted, or a single occurrence, as was argued by the reinsurers.(20)
While affording an easy means of exchanging information, e-mail raises issues about what constitutes valid electronic signatures and document deliveries. Design firms have traditionally delivered finished paper copies of their designs imprinted with their seal as the official completed versions. Any changes to the project then could be compared against those finished plans, which could be used as the basis for settling disputes.
E-mail, however, exposes architectural and engineering firms to the danger of loss of control over project changes that are communicated electronically. The approval of changes via e-mail and the authority to make such changes can become central issues in disputes over project overruns or modifications. Plans transmitted via e-mail can also lead to disputes over whether the designs were to be considered the final version or were an intermediate version and whether the delivery of the final plans via e-mail was considered as final.
In addition, architectural and engineering firms face the same employer practices liability issues common to all industries. Those exposures include improper use of e-mail, disclosure of proprietary or personal information, and sending of abusive or offensive material.
Internet and Network Security
Along with the issues raised by reliance on e-mail, architectural and engineering firms face a number of risks related to use of the Internet and in-house networks known as intranets as well as reliance on electronic data storage.
The Internet provides firms a new medium for marketing and communications as well as a place to highlight their talents. Web sites can be a showcase for prestigious projects and new-designs intranets can be a key means of communication within a business.
If they do not take adequate precautions, however, firms open themselves to potential risks that were formerly associated more with publishers and broadcasters. For instance, the use of third-party content, such as images taken from newspapers, on its Web site without proper clearance can expose a firm to copyright claims. There also are risks of personal injury claims if libelous material or confidential information is posted on a Web site.
When it comes to storing documents electronically, firms also face new exposures that were not an issue in the days when paper plans were stored in file cabinets. Now, designs in progress and completed works that are stored electronically may be subject to corruption or theft. Designs built with older versions of software may not be readable with newer versions. Data can degrade over time, and in the case of a large building, even a small error in a critical area could cause major problems. In addition, traditional threats such as flood, fires, and power outages can also destroy valuable data that is not adequately backed up.
Inadequately protected networks can be hit by malicious code that destroys valuable data or be broken into by hackers seeking to steal confidential data. Besides concerns about their own proprietary business information, companies also have a legal responsibility under federal privacy legislation to protect confidential employee and customer data. In addition, state law in California requires companies to notify residents when their personal information has been compromised. For hackers hunting for personal or confidential corporate information, human resources and accounting systems make a tempting target.
The risks were highlighted by two major incidents in 2005. In February, data collection company ChoicePoint Inc. said that it was hit by an identity theft scam in which hackers passed themselves off as legitimate customers in order to gain access to the personal information of about 145,000 people.(21) In April, information database company LexisNexis said that hackers broke into its system and gained access to the personal profiles of about 310,000 people. The incidents drew complaints in Congress, where both parties pledged to introduce new laws to regulate the use of sensitive personal information.(22)
The threat to computer networks is no longer chiefly from bored teenaged hackers, as is the popular image. Criminal gangs, many from Eastern Europe, have become very active in launching viruses and network attacks. The criminal threat is heightened by the hackers’ possible ties to terrorists seeking information to launch attacks on landmark buildings or key infrastructure facilities.
Terrorism
The same tools used by organized crime for network break-ins and identity theft could be used by terrorists seeking to launch attacks against the United States, a Federal Bureau of Investigation (FBI) official warned in late 2004.(23) Terrorists could seek to strike several targets simultaneously and anonymously through the Internet, hitting out at the nation’s “technological soft underbelly,” FBI Deputy Assistant Director Steve Martinez said at a Miami conference. Vulnerable sites include infrastructure such as water, power, and transportations systems. In March 2005, the U.S. Department of Homeland Security announced $91.3 million in grants to protect and secure critical areas around key infrastructure sites such as chemical plants, dams, and nuclear power plants.(24)
Given the threat of terrorism, those who design public infrastructure projects could put many lives at risk if they fail to adequately safeguard plans for such structures. Terrorists scouting targets to attack may break into unguarded computer systems and download plans for water treatment plants, nuclear power stations, or even schools.
For instance, in 2004, just a few months after Chechnyan terrorists massacred students and teachers at a school in Beslan in southern Russia, the U.S. military found two computer disks that held photographs, evacuation plans, and academic information from eight school districts around the United States.(25) In his State of the Union address in January 2002, President George W. Bush said that U.S. forces had discovered diagrams of U.S. nuclear facilities and water treatment plants in Al Qaeda hideouts.(26)
Awareness of the dangers of failing to adequately protect corporate computer systems from terrorists, criminals, and hackers has been growing, but not all firms recognize the risks.
A survey released in February 2005 by the Business Software Alliance of members of the Information Systems Security Association found that 76 percent of companies surveyed recognized that raising security as a priority makes companies more efficient and less likely to suffer downtime and gives them a competitive advantage in their market.(27) While 78 percent said their organizations were ready to defend against an attack, only 19 percent said employees were adequately trained in their security duties and responsibilities.
Managing New Risks
From headline-grabbing threats to computer networks to day-to-day liabilities raised by the use of design software, e-mail, and the Internet, A&E firms face a risk landscape that has changed dramatically in the last decade.
While technology businesses such as software developers, networking companies, and Internet publishers may be familiar with the liabilities brought on by the technology they have created, architectural and engineering firms that rely on the new technology in their day-to-day business may not recognize the dangers. Given the new exposures inherent in the information age, firms need to make sure they update their risk management strategies as they adopt new technology. When it comes to their insurance programs, firms should take an active role in making sure they have adequate coverage for the new risks and in communicating their loss prevention efforts to their underwriters.
In general, firms need to identify areas of vulnerability, establish policies and procedures to address those exposures, and then conduct periodic performance audits to ensure that those policies are working. Those policies should include taking inventory of software licenses, instituting a document retention policy, establishing procedures for delivery of sealed designs, monitoring design changes, and protecting confidential information.
Digital Information Exposures
While paper files and plans take up large amounts of space, they offer the advantage of being relatively permanent and inalterable. Digital information adds another layer of complexity, as managing electronic files is not as easy as just finding the right filing cabinet.
Like paper files, digital information is at risk not only from fires, floods, and theft, but also in other ways: complex designs can be easily copied and carried out the door in a pocket; hackers can break into insecure networks and steal confidential information; and computer crashes can destroy weeks of valuable work.
To protect their business and reputations, design firms need robust information and technology management policies.
Copyright Exposures
A failure to secure adequate licenses for expensive business and design software remains an area where many architectural firms develop a blind spot. Software vendors are aggressively trying to counter this issue with measures such as auditing their customers’ licenses. Voluntary audits may be done by an A&E firm itself, by a consultant, or by the software vendor. Involuntary audits typically take place after a software vendor or industry group is tipped off about illegal software use.(28)
To ensure that they have — and can document — licenses for everyone using the software, firms should actively conduct periodic software audits. Firms also should take a proactive approach to avoiding the use of pirated software by developing a software management policy and communicating it to their employees.(29) Companies also can consider buying third-party software-auditing programs.(30)
A firm’s information management policy should address new hires and include contracts that forbid the use of material owned by third parties, most typically former employers. As employees move from firm to firm, they may bring with them copies of work that they had performed for previous employers. The policy forbidding the use of such materials should apply not only to architectural and engineering designs, but also to software that is developed in-house in order to prevent a programmer from deciding to save time by using a bit of code developed for a previous employer or borrowed from open-source software involved in a license dispute. Many software development companies now routinely scan their programs to make sure there are no bits of borrowed code or open-source code that may make them a target for litigation.(31)
To avoid getting embroiled in open-source software copyright disputes, firms should seek indemnification from providers of Linux services. Computer companies such as Hewlett-Packard Co. have said that they will indemnify customers that buy Linux to run on HP computers against any legal claims by SCO.(32) Linux distributor Novell, Inc., which sold the Unix rights to SCO, also said that it will indemnify customers against claims from SCO.(33)
Exposures Related to Ownership of Design
When it comes to physical designs, firms need to protect their own copyright interests and limit their potential liabilities. To ensure that commissioned work is not reused or used improperly, firms should institute procedures to inventory and archive information, control access to designs in progress, and maintain system logs.
Because of the ease with which electronic documents can be copied, firms without an adequate digital-rights management plan may stand to lose substantial profits from projects for which they are not being compensated. The same kind of technology that allows software and music pirates to make thousands of illegal copies of a disc also makes it easy for a client to copy complex designs and reuse them over and over.
In most cases, architects and engineers retain ownership of their designs and only through explicit release can third parties use the design for other projects. Design contracts should state clearly which party retains ownership rights for the work and under what circumstances it may be reused or modified. To protect their intellectual property in the event of a dispute, firms should register their copyrights as part of a comprehensive digital-rights management program.
For example, the Texas architects who won the $5.2 million judgment over the repeated use of housing designs said that they always register their designs with the U.S. Copyright Office because of the potential for infringement in multiple-unit housing projects.(34)
Managing Electronic Documents
Running a paperless office doesn’t free a firm from the need to manage documents ranging from human resources records to client enquiries and sealed final plans. While electronic documents are easily created, they may just as easily be forgotten or misplaced. In a lawsuit, however, being able to find the right document may mean the difference between winning and losing. In addition, a firm’s reputation can be hurt by allegations of sloppy record keeping.
To avoid potential problems, firms need procedures to manage all of their electronic documents. A formal records-management program can help improve the overall management of a firm, its projects, and its business communications.(35) Such a program will lay out which documents are to be retained, how they can be retrieved, and which documents can be destroyed on a given schedule. This should cover not only project documents, but also internal business records such as accounting, human resources, marketing, and, especially, e-mail.
A key consideration is the length of time that documents should be retained for both business and legal purposes. Records that are not to be retained permanently should be destroyed according to legal requirements and on a specific schedule. Documents should not be kept longer than necessary nor be destroyed randomly because doing so may create a negative impression in a legal dispute. That is particularly true for e-mail, treatment of which has proven to be among the most contentious issues in legal disputes.
Prosecutors and plaintiffs’ attorneys often will seek to comb through a firm’s e-mail files during investigations or in the discovery process. A document retention plan should ensure that crucial e-mail is not deleted and also establish a regular schedule for the deletion of unnecessary e-mail.
Another important consideration is that under the Electronic Signatures in Global and National Commerce Act, communications via e-mail can be as legally binding as signed contracts on paper.(36) Signed into law by President Bill Clinton in June 2000, the act gives electronic signatures the same weight as those written in ink on paper. It also requires that, to be legally enforceable, electronic contracts and records must be in a form that is capable of being retained and accurately reproduced for later reference.
To prevent unwanted acceptance of changes in design or even contractual terms, firms should establish contractual controls over customer communications. This should clearly set out what constitutes authorized communications and who within the client company has the authority to approve or to recommend changes in the scope of the project or in design. Firms also should place a disclaimer on e-mail that sets out their policy for design use.
A firm’s procedures to deal with project communications via e-mail should cover what constitutes delivery of a document via e-mail or the Internet and what constitutes a sealed deliverable. To track crucial documents, such as sealed plans or original versions of a design, firms should use a docket system that will monitor and manage document changes and protect against unauthorized alterations.
For their own employees, firms should have a clear policy stating what may or may not be sent via e-mail and strictly prohibiting the sending of material that is objectionable or that possibly defames another employee or a rival firm. Even when sent to a small group of people, e-mails can be potentially libelous. In a recent libel action seeking $100,000 in damages, a member of a Massachusetts civic group was sued by another member over an e-mail that was sent to just two people.(37)
Storage and Network Security
Along with the risks brought about by e-mail, firms also need to take measures to protect themselves against exposures brought about by the use of the Internet and internal corporate networks.
While paper plans and files can be lost or destroyed, they generally don’t simply vanish or become unreadable when the file cabinet is damaged. If a computer system is damaged or compromised, however, many hours or even weeks of work can be lost in an instant. For an architectural or engineering firm, the loss of data can mean penalties for missed deadlines as they are forced to recreate work.
Computer files should be protected with formal plans to back up digital data. Those plans should include periodic testing to ensure that the documents would be restored to their original condition in the event of a system crash.
Because computer systems also can be damaged physically, firms should maintain offsite backup storage. Then, if the office is destroyed in a fire or damaged in a flood or even closed down due to an accident at a nearby building, computer files can still be accessed from the remote location, enabling employees to continue to work and communicate on a project and ensuring that the work in progress as well as finished, copyrighted designs are not lost.
As a number of incidents have shown, electronic data and documents can be pilfered, damaged, or destroyed by computer criminals hacking into a system. Viruses can delete whole files, render them unreliable by deleting portions of them, or make them totally unreadable. To protect against those dangers, firms
need to maintain full firewalls and keep antivirus programs up to date.
To ensure that files or computer systems are not misused by employees, firms should institute formally documented access controls, such as passwords that are maintained by managers and changed frequently. A key part of the effort to maintain computer security is adequate employee training.
Internet Exposures
As A&E firms make greater use of the Internet in daily commerce, they also open themselves to exposures that had previously been limited to broadcasters and publishers, including the unauthorized use of copyrighted images. To manage those risks, firms should establish policies and procedures regarding intellectual property rights that include proper content clearance procedures and define what employee and client information should be considered confidential. Firms should also seek outside counsel as needed to protect against personal injury or copyright infringement issues.
The use of Web sites to provide information and plans to clients while a project is in progress can lead to later disputes about design changes or even the use of preliminary design information. To avoid such disputes, firms need to establish ground rules with clients about which plans constitute the final, sealed versions.
Insurance Coverage Implications
As the use of technology such as the Internet, email, design software, and computer networks transforms the architectural and engineering professions, those firms need to make sure their risk management programs reflect the changes. As firms review their loss control and prevention efforts, they need to recognize that their new risks may not be fully addressed by their traditional insurance program. Firms also need to document the best-practice procedures they have instituted to cover their technology risks and communicate those practices to their underwriters.
In the insurance industry, the explosion of digital technology over the last decade has necessitated the development of new products to address the emerging coverage needs of companies in the technology sphere. Many new products have been developed since the late 1990s in response to the rapid spread of Internet-based business and communications.
Today, insurers offer coverage for risks such as the theft of confidential data, loss or corruption of data caused by hackers or malicious code, and lost income when a network attack cripples or shuts down a company’s Web site. Insurers also offer liability coverage for the release of confidential information, retransmission of a computer virus due to inadequate network security, intellectual property disputes, and even costs to restore public confidence after a cyberattack.
While insurers have developed a wealth of expertise in new technology risks, businesses in other industries may not receive the benefit of that knowledge. The insurance industry often operates in separate niches: some insurers are experts in new technology and others in architecture and engineering. Insurers with expertise in traditional architecture and engineering liabilities may struggle with the new risks faced by large multi-disciplined firms.
The adoption of new technology by design firms has led to hybrid exposures that may go unaddressed in a firm’s insurance program. Technology coverage forms are typically used for companies in the technology space, while architectural and engineering firms typically will be covered under an A&E form. A&E forms, however, may not adequately address information technology exposures, such as copyright infringement or multimedia liability arising from the posting of information on the Internet.
Many policy forms explicitly define A&E services as professional services including work such as architectural services, electrical engineering, interior design, master planning, and other traditional areas. Those definitions may fail to reference the technology services rendered in support of the architectural and engineering services.
The definition of professional services is a crucial issue for larger firms that are involved not only in traditional architectural and engineering services but also with the operation and maintenance of systems, programming of manufacturing systems, and process engineering. Those additional services may be a key portion of a multi-disciplined firm’s business, complementing their traditional services. The traditional definition of professional services for an A&E firm, however, may not cover those new areas of business. Such risks may need to be addressed through adding endorsements or by manuscripting policies so that the professional services definition explicitly mentions the new services.
CFOs and risk managers need to ensure that their insurance programs are up-to-date in addressing these new exposures. Some of the newer editions of A&E policy forms now explicitly address issues such as software development under a product exclusion. Coverage in that area may be provided via a carve-back for software design, or the form could be specifically modified to fit the client’s needs. While software copyright infringement is a huge issue in business today, it is not provided as a standard coverage grant under A&E or technology policies. Clients may need to request such coverage separately and have it underwritten via a supplemental application.
Conclusion
In the current insurance market, there is adequate capacity in the traditional A&E markets as well as in the technology market. However, only a finite number of insurers can do both well — i.e., bring adequate expertise to address the new technology exposures for A&E firms and manuscript and tailor policies by providing the right endorsements.
To make sure that they are fully serving their clients’ needs, insurers must recognize the dangers in isolating their areas of expertise into separate niches. A lack of communication between underwriters with varying areas of expertise can leave a modern A&E firm uncovered for new technology risks.
Architects design the buildings where we live and work assisted by engineers who design the integral structural and other related components. Engineers also design the infrastructure of the modern world and the equipment that runs the global economy. Their adoption of digital technology promises to bring even more changes to the physical landscape of modern life.
In the world of technology, the insurance industry has played a crucial role by providing risk transfer opportunities to support the digital revolution. In many cases, they have not been as proactive in bringing that experience to bear in the A&E fields. Insurers, however, can play that same supportive role in working with architects and engineers as they adopt new technology to design bold, new projects.
By combining their talents and expertise in traditional markets with their skills in emerging technology risks, insurers not only open new opportunities for themselves, they serve their clients better and help architects and engineers build the modern world.
Endnotes
- Frangos, Alex, “With 3-D Drawing Software, Freedom Tower Architects Put Mind’s Eye on a PC Screen,” The Wall Street Journal (Jul. 7, 2004). See http://webreprints.djreprints. com/1055491238420.html.
- “Hammurabi’s Code of Laws,” Laws 229-233, translator L.W. King. See http://eawc.evansville.edu/anthology/hammurabi. htm.
- Bergin, Thomas J., Editor, “50 Years of Army Computing,” Army Research Laboratory-SR-93 (September 2000): 17. See http://www.arl.army.mil/main/Main/default.cfm.
- Fitzpatrick, Michael, “Internet just leaving its Stone Age – U.S. experts,” Reuters News (Sept. 2, 1999). See http://www. paksearch.com/br99/Sep/4/INTERNET.htm.
- World Wide Web Consortium, “Tim Berners-Lee.” See http://www.w3.org/People/Berners-Lee/.
- Frangos, ibid.
- The Business Software Alliance, “Software Watchdog ‘Sweeps’ Up California,” Press Release (June 10, 2002). See http://www.bsa.org/usa/press/newsreleases/Software-Watchdog- Sweeps-Up-California.cfm.
- Ipsos-Insight, “Online Software Piracy Poll,” Press Release (Nov. 12, 2004). See http://www.ipsos-insight.com/pressrelease. aspx?id=2452.
- The Business Software Alliance, “BSA Collects More than $200,000 from Companies in Florida,” Press Release (Dec. 1, 2004). See http://www.bsa.org/usa/press/newsreleases/ BSA-COLLECTS-MORE-THAN-200000-FROM-COMPANIES- IN-FLORIDA.cfm.
- The Business Software Alliance, “Software Watchdog ‘Sweeps’ Up California,” ibid.
- The Business Software Alliance, “Watchdog Group Settles Lawsuit with Camden, NJ Engineering Firm After Unannounced Audit,” Press Release (June 17, 2004). See http://www.bsa.org/usa/press/newsreleases/Watchdog-Group- Settles-Lawsuit-with-Camden-NJ-Engineering-Firm-After- Unannounced-Audit.cfm.
- The Business Software Alliance, “Software Piracy Fact Sheet.” See http://www.bsa.org/usa/press/Fact-Sheets.cfm.
- Weisman, Robert, “Code Sleuths: Wary of Lawsuits, Businesses are Spending Millions to Identify Unauthorized ‘Open-Source’ Files in their Software,” Boston Globe (Dec. 27, 2004). See http://www.boston.com/business/technology/ articles/2004/12/27/code_sleuths/.
- Groves, Martha, “Architect Less Than Flattered,” Los Angeles Times (Sept. 18, 2003): B.1.
- Architectural Works Copyright Protection Act, Title VII of the Judicial Improvements Act of 1990, Pub. L. No. 101-650, 104 Stat. 5089, 5133, enacted December 1, 1990, United States Copyright Office. See http://www.copyright. gov/title17/.
- Reynolds, Jamie, “Don’t Mess with Texas Architects,” Architecture, 90, no. 12 (Dec. 2001): 21.
- GM Daewoo Auto & Technology Co., “GM Daewoo Files Lawsuit Against Chery Automobile Co.,” Press Release (Dec. 16, 2004).
- Thomas, Landon Jr., “Uneasy Accord By Investigators In Banker Case,” New York Times (Feb. 8, 2003). See http:// query.nytimes.com/gst/abstract.html?res=F10B17F6395F0C 7B8CDDAB0894DB404482.
- Bank, David, and Keith Perine, “Microsoft’s Windows Developer Defends Company’s Right to Add Other Features,” Wall Street Journal (Jan. 28, 1999): 1.
- Frangos, Alex, and Dean Starkman, “Silverstein Has Another Court Loss,” The Wall Street Journal (May 4, 2004). See http://www.mindfully.org/Reform/2004/Larry-Silverstein- WTC6dec04.htm.
- Hines, Matt, “ChoicePoint data theft widens to 145,000 people,” CNET News.com (Feb. 18, 2005). See http://news. com.com/ChoicePoint+data+theft+widens+to+145%2C00 0+people/2100-1029_3-5582144.html?tag=st.rn.
- McCullagh, Declan, “LexisNexis flap draws outcry from Congress,” CNET News.com (April 12, 2005). See http://news.com.com/LexisNexis+flap+draws+outcry+from +Congress/2100-7348_3-5668119.html.
- “FBI: Hidden threat inside cybercrime,” Reuters (Nov. 10, 2004). See http://www.crime-research.org/news/12.11.2004/784/.
- U.S. Department of Homeland Security, “Department of Homeland Security Announces $91.3 Million in Buffer Zone Protection Program Grants,” Press Release (March 2, 2005). See http://www.dhs.gov/dhspublic/display?content=4380.
- “Disks in Iraq hold details about U.S. schools,” CNN.com (Oct. 8, 2004). See http://www.cnn.com/2004/US/10/08/ schools.iraq/.
- Meyer, Josh, and Aaron Zitner, “Troops Uncovered Diagrams for Major U.S. Targets, Bush Says,” Los Angeles Times (Jan. 30, 2002): A.1. Vol. 19, No. 2, Summer 2005 13
- The Business Software Alliance, “Key Findings from BSA/ ISSA Information Security Survey” (Feb 8., 2005): 8. See http://www.bsa.org/usa/policy/loader.cfm?url=/commonspot/ security/getfile.cfm&pageid=22304.
- Violino, Bob, “Fine Time on the Desktop,” CFO IT (March 17, 2003). See http://www.cfo.com/article.cfm/ 3008630?f=BSA.
- Kruger, Bob, “Respect for Copyrights Allows Creativity to Thrive,” AIA Edges. See http://www.aia.org/tap_a_copyrights.
- Joch, Alan, “Licensing: Software by the Numbers,” Architectural Record. See http://archrecord.construction.com/features/ digital/archives/0304da-1.asp.
- Weisman, Robert, “Code Sleuths; Wary of Lawsuits, Businesses are Spending Millions to Identify Unauthorized ‘Open-Source’ Files in their Software,” Boston Globe (Dec. 27, 2004). See http://www.boston.com/business/technology/ articles/2004/12/27/code_sleuths/.
- Weiss, Todd R., “HP to indemnify users against SCO legal action,” Computerworld, 37, no. 39 (Sept. 29, 2003). See http://www.computerworld.com/softwaretopics/os/linux/ story/0,10801,85454,00.html.
- Bray, Hiawatha, “Novell to Aid Linux Users if Copyright Claims Arise,” Boston Globe (Jan. 13, 2004). See http://www. boston.com/business/technology/articles/2004/01/13/novell_ to_aid_linux_users_if_copyright_claims_arise/.
- Reynolds, Jamie, ibid.
- Cooper, Mary, “Records and Information Management: Meeting the Challenge,” ProNet Practice Notes, 7, no. 3 (Aug. 1994). See http://www.aepronet.org/pn/vol7-no3.html.
- White House Office of the Press Secretary, “Eliminating Barriers to Electronic Commerce While Protecting Consumers: The Electronic Signatures In Global And National Commerce Act,” Press Release (June 30, 2000). See http:// clinton4.nara.gov/WH/New/html/20000630.html.
- Viser, Matt, “Woman Says She Was Libeled in E-mail,” Boston Globe (March 3, 2005.). See http://www.eidos.org/article_ 70.htm
Brad Gow is vice president of business development for ACE Professional Risk, where he is responsible for technology errors and omissions (E&O) product development as well as overseeing technology E&O underwriting operations. Gow has more than 16 years’ experience in the insurance arena, specifically in product development for professional liability and cyberrisk exposures and in developing network security, incident response, and forensic computer investigation services for the insurance industry. In addition, he has extensive international experience in the Asian insurance market working for CIGNA International and American International Group. Gow holds a B.A. in history from Hamilton College in Clinton, New York, and received his Master of International Business Studies from the University of South Carolina.
Paul Dietrich is vice president for ACE Professional Risk, where he is responsible for the management of the architects and engineers product line, overseeing development of product line strategy and underwriting guidelines as well as and serving as home office referral underwriter. Prior to his tenure with ACE USA, Dietrich served as vice president, corporate underwriting with XL Capital, where his responsibilities included management of professional liability and contractor’s pollution legal liability product lines. With more than 17 years’ insurance industry experience, Dietrich has authored numerous articles and frequently presented at industry conferences on the topic of risks associated with architects, engineers, and contractors. He holds the Associate In Risk Management (ARM) designation. He is a member of the Professional Liability Underwriting Society (PLUS) and a founding member of the Mid-Atlantic Chapter of PLUS. In addition, he is a member of the American Institute of Architects (AIA). Mr. Dietrich holds a bachelor’s degree in earth and environmental sciences from Wilkes College in Wilkes-Barre, Pennsylvania.
ACE Professional Risk is the division within ACE USA that offers management and professional liability products to a variety of target markets. ACE USA is the U.S.-based retail operating division of The ACE Group of Companies, headed by ACE Limited (NYSE: ACE). ACE USA, through its underwriting companies, provides insurance products and services throughout the United States. Additional information on ACE USA and its products and services can be found at www.ace-ina.com. The ACE Group of Companies provides insurance and reinsurance for a diverse group of clients around the world.
Read Full Story:
http://www.sadlerco.com/managing-new-technology/