Failed Deals: BSkyB, EDS and Enforceability of Contractual Limitations on Liability for Fraudulent Misrepresentation

February 2, 2010 by

© 2010 Simmons & Simmons.  Reprinted from www.elexica.com with permission.

Judgment in the long running case of BSkyB v EDS was handed down on 27 January 2010, by Ramsey J in the Technology and Construction Court. Although the case has not turned the law on misrepresentation upside down, it hammers home the severe consequences a court will impose on a business if it finds a person acting on behalf of that business has made a fraudulent misrepresentation. Although BSkyB alleged fraudulent misrepresentation in respect of several aspects of EDS’s tender process, it only succeeded in proving that EDS’s assurance that they had carried out a proper analysis of the amount of elapsed time they would need to complete the delivery of the project and “go live” was fraudulent. Barring any successful appeal, this fraudulent misrepresentation looks set to cost them around £200m.

The court battle between BSkyB and EDS is a tale of a contract process that appears to have gone wrong from the start; various allegations of lies told by employees and, bizarrely, a dog with a Masters Degree in Business Administration.

The background

The handing down of the judgment in this case marks the end of a process of deliberation that began in July 2008 when the last court hearing on the case took place. The case itself took a number of years of preliminary argument and amendment of each side’s pleadings to come to court. It concerns allegations of fraudulent misrepresentations and breaches of contract that go back a decade.

In 2000, BSkyB invited Invitations to Tender for a multimillion pound project to build a Customer Relationship Management (CRM) System, which it hoped would cut costs, improve the service offered to subscribers and even reduce the “churn rate”, ie those subscribers who would leave in frustration having failed to get their systems to work. EDS emerged as the successful bidder beating, among others, PwC with their tender.
In an all too familiar way, things started to go wrong with the contract fairly quickly and deadlines slipped. The parties decided to deal with these delays by essentially putting the project on hold and replanning how the rest of the project would proceed; a pragmatic approach. As a result, the original contract was largely superseded by a “Letter of Agreement”, which purported to exclude liability for “all known claims and unknown claims” for breaches of the original contract that EDS may have committed.

This second attempt at implementing the project was as unsuccessful as the first and the companies parted ways in early 2002. Again, in circumstances that are all too familiar, how the parties parted ways was a matter of dispute between them. BSkyB argued that they had accepted a repudiatory breach of contract by EDS and EDS fired back that it was they who had terminated the agreement for non payment of invoices by BSkyB, which they counterclaimed for at trial.

Fraudulent misrepresentation: BSkyB subject EDS to russian roulette

BSkyB alleged that a number of fraudulent misrepresentations were made by EDS both during the tender process and later into the signing of the Letter of Agreement and attempted resurrection of the project. Ultimately, Ramsey J ruled against most of the fraudulent misrepresentations alleged, including representations about EDS’s own resources and readiness to start work.

The importance in alleging fraud arose because the contract contained a limitation of liability provision which potentially restricted BSkyB’s recoverable damages for EDS’s actions. BSkyB claimed that its damages were in the region of £700m. If it could demonstrate that the breaches were fraudulent, then as a matter of law the limitation of liability provision restricting recoverable damages would not apply. In England, it is unusual for fraud to be alleged in civil proceedings. Before a lawyer commits to such a pleading in litigation, he must be satisfied to a higher standard than is ordinarily the case that evidence of fraud exists. This was a fairly high risk strategy for BSkyB and no doubt the substantial legal costs were increased by the need to investigate the background evidence even more thoroughly than usual.

BSkyB however, only had to succeed once on the fraudulent misrepresentation allegation and did so with regard to EDS’s misrepresentation that it had carried out a proper analysis of the amount of elapsed time needed to complete initial delivery and “go live” of the project. EDS had not done such an assessment, yet during both the tender process and prior to the signing of the original contract, Ramsey J held that Joe Galloway MBA, an EDS employee, had made knowingly deceitful representations that EDS had made the assessment (more on his credibility below). The judge said that but for this misrepresentation, the contract would have been awarded to another of the tenderers.

Other claims

BSkyB was also successful in a claim of negligent misrepresentation against EDS with regard to the replanning process that had gone on prior to the Letter of Agreement being signed. The judge found that EDS had not carried out a proper analysis and replanning exercise to produce an achievable programme for the implementation of the system. Contrary to the previous misrepresentations, Ramsey J held that this misrepresentation had only been made negligently.

EDS were also found liable for a number of breaches of contractual terms, including a breach of the invariably implied term that EDS would carry out its work with reasonable care and skill.

Witness credibility and Lulu the dog, MBA

One of EDS’s chief witnesses, Joe Galloway, claimed in his various witness statements that he had achieved an MBA from Concordia College, St John. He said in evidence that he attended classes at the college, while working on a project for Coca Cola on St John in the US Virgin Islands for a year in the mid 1990’s, flying to and from the island by commuter plane. He even supplied materials which he said “may have” been associated with the classes he took.

BSkyB’s lawyers exposed this account as false. Not only had Mr Galloway not attended MBA classes on St John, but the island had no airport for his commuter aeroplane to land at and no Coca Cola facilities for him to have worked at. While the MBA did superficially exist, it was an internet degree, available to anyone for whom an application was filled out and the fee paid. Mark Howard QC, Counsel for BSkyB, starkly illustrated this by obtaining an MBA from the institution for his dog, Lulu. Most gallingly for Mr Galloway, the dog was awarded better marks than he was.

EDS’s lawyers appear to have made a brave effort to salvage their witness’ haemorrhaging credibility by citing various authorities which state that just because a witness has been shown to be lying in some respect does not mean that they have been lying all the time. However Ramsey J noted the “same confident manner” being present in his false testimony concerning his time at Concordia as was in his testimony concerning the facts of the case and held his credibility to be “completely destroyed”, saying that:

“My general approach to his evidence has therefore to be that I cannot rely on the truth of his evidence unless it is supported by other evidence or there is some other reason to accept it, such as it being inherently liable to be true.” Mr Galloway was dismissed from employment during the trial by EDSC, a company related to EDS, for lying about his MBA. The employment status of the similarly qualified dog is currently unknown.

Lessons for drafters: exclusions of liability

As in every complicated commercial relationship, there were as noted above, various limitations on liability (overcome by the successful claims of fraud), entire agreement clauses and other common clauses which EDS tried to use to deflect BSkyB’s claims. These were drafted by experts in their fields and so how they stood up will be of interest to every draftsman in this field and their clients. The judge ruled on the protective measures as follows:

Entire agreement clause

EDS argued that an entire agreement clause in the original contract overrode any representations that they would have made previously, given that the agreement stated that it did “supersede any previous discussions, correspondence, representations or agreement between the parties” (emphasis added). The judge disagreed, holding that while it is an established principle that representations can be withdrawn or corrected, this was not done here. The representations may have been superseded by this clause, but the terms of the clause were not such as to amount to a “contractual renunciation” of the representations and as such they remained in place. Draftsmen take note: a representation must be killed, it cannot be relied upon to die on its own.

Waiver of contract claims in the Letter of Agreement

As part of the letter of agreement which formed the new understanding between the two parties, BSkyB had agreed to waive all “known claims and unknown claims” in contract against EDS. EDS argued that this included misrepresentation. Not so, said the judge. The clause was clearly restricting itself to contractual claims. Representation, including fraudulent misrepresentation is technically a tort however. While the losses that flowed from the misrepresentations were linked to the contract, they were not contractual claims but tortious ones and the judge would not allow the waiver to extend to such tortious claims.

Memorandum of understanding

At the end of the relationship, before litigation appears to have been decided upon, BSkyB and EDS entered into a Memorandum of Understanding which representatives from both signed. This was to smooth the handover between EDS and BSkyB’s own in house team SSSL. The agreement was expressed to be “subject to contract” and both parties envisaged concluding and signing a detailed contract in the future. A binding contract never materialised but the terms of the memorandum were far more congenial to EDS than any lawsuit from BSkyB would be, so their representatives tried to make the terms stick. This did not work, the judge holding that not only was the Memorandum of Understanding merely an agreement to agree, it after all said “subject to contract”. It was thus not a binding and enforceable agreement. Further, in order to hold it to be binding the court would have to have split the binding terms out from the rest of the memorandum.
Limitation of liability

Some good news for EDS can be found from the judge’s ruling on the effect of the limitation of liability provisions. Here, the judge held that BSkyB would be prevented from circumventing or escaping a contractual exclusion or limitation of liability by bringing a contractual claim by way of an equivalent claim in tort. Unfortunately for EDS, the judge upheld the general legal rule that such limitation clauses are not effective in claims based on the tort of fraudulent misrepresentation.

A claim for PWC?

The judge’s ruling on causation, that BSkyB would have engaged PwC to implement its own system but for the misrepresentations made by EDS prior to their selection, may open up a potential claim for PwC. In holding this, Ramsey J is suggesting that PwC suffered actual loss in the form of the lost profits they could have made from any contract with BSkyB. Further, as one of only three tenderers who responded to BSkyB’s invitation, their loss was foreseeable. There already exist a number of remedies in public law available to a disgruntled tenderer to an awarding public body. However, the statement by the judge may well provide PwC with a potential cause of action against EDS, a non public body.

Implications

EDS, in their amended defence, argued that:

“The points to which the Claimants refer are “risks,” which are commonly understood within the IT industry as anticipated potential challenges, to be avoided or managed. The Claimants have treated risks as if they were “issues”, ie currently manifest problems.”

To the relief of suppliers and perhaps the frustration of customers, the judgment does not appear to have given any greater rights to seek damages for the problems commonly associated with the implementation of IT and similar projects. EDS was not held liable for misrepresenting risks which they had discovered. Rather, it was held liable for both fraudulently and negligently making misrepresentations about whether they had properly assessed those risks. The law has not changed (although how it may apply to the implementation of such projects in practice has, perhaps, been clarified). Rather, we have been shown that the consequences of a fraudulent misrepresentation by one employee may be the company being held liable for a staggering sum of money.

Further, it is clear that the judgment has not opened the proverbial floodgates to dissatisfied customers, enabling them to routinely allege “fraud” as a way of circumventing provisions limiting recoverable damages. As is clear from the evidence regarding Joe Galloway, the facts of this case were (probably) exceptional.

Sales people should however take note of the consequences of making representations in the tendering process that are careless or not easily proven. Although BSkyB failed to make most of its allegations of fraudulent misrepresentation stick, it was able to overcome the threshold required to take such claims to court and argue them without a hint of criticism of this approach from the Judge in his verdict. Civil cases such as this cost time, money and are disruptive to the operation of a business, even if successfully defended and especially when they include allegations of deception.

The inevitable appeal (and change in the law?)

While the full figure of damages to be awarded to BSkyB is to be determined at a hearing in February 2010, BSkyB believe that they are likely to be awarded at least £200m. This is more than the limitation clauses would have restricted them to although somewhat less than the total £700m claimed by BSkyB.

HP (which now own EDS), continue to deny any accusations of deceit and are reported to have said that they intend to appeal the ruling. They are likely to hope that the appeal process does not take up as much time and money as the original trial did. Despite the length of the judgment, the long term impact of the decision may well be in doubt pending the outcome of any appeal which may result in a redefinition of the law on misrepresentation. The recent case of CBS v Dunlop Hayward, shows quite how far the courts are willing to go in terms of awarding losses suffered against those they have found to be dishonest.

Case Study for Legal Risk Management for “Cloud Computing”: Data Loss for T-Mobile Sidekick® Customers

October 29, 2009 by

Telecom providers are increasingly outsourcing IT functions for “cloud computing.” A widespread data loss in mid-October 2009 by an IT outsourcer to a mobile telephony provider underscores the practical limitations of using the Internet as a data storage platform.

In this episode, subscribers to T-Mobile Sidekick® mobile devices were informed that their personal data – contact information, calendars, notes, photographs, notes, to-do lists, high scores in video games and other data – had almost certainly been lost. T-Mobile (a service of Deutsche Telekom AG) had outsourced the management of the “cloud computing” function for the Sidekick® devices to Microsoft’s subsidiary, Danger, Inc. While T-Mobile has offered a $100 freebie in lieu of financial compensation and some data was recovered, the case invites legal analysis of the liability of the any service provider – whether for mobile telephony or enterprise backup and remote storage – for “software as a service” (“SaaS”) or “cloud computing.”

Technological Framework for “Cloud Computing. “ “Cloud computing” means simply that data are processed and stored at a remote location on a service provider’s network, not on the enterprise’s network or a consumer’s home computer. Such data could be any form of digital information, ranging from e-mail messages (such as those stored by Google and Yahoo!) to databases, customer records, personal health information, employee information, company financial information, customer contracts and logistics information.

“Clouds” come in two flavors: public and private.

  • In a public cloud, the general principles of the Internet apply, and data transmissions can flow between many different third-party computers before reaching the service provider’s servers. Amazon offers hardware in variable computing capacities in its “Elastic Compute Clouds” (or “EC2”) services. Similarly, Google offers an “Apps Engine.”
  • In a private cloud, one service provider (alone or with its subcontractors) controls the entire end-to-end transport, processing, storage and retrieval of data.

Cloud computing exposes users to some key vulnerabilities and added costs:

  • The user depends on a high-performance Internet connection. Service level performance cannot be guaranteed except in private clouds.
  • ‘Single points of failure” (“SPOC”) in data transmission, processing and storage, for which special security measures and redundancy may be required. Heightened security risks require extra resources.
  • Loss of control over the public portion of a “public cloud” can impair performance through delays and data loss resulting from uncontrolled environments.
  • Delays in data restoration may occur due to interruptions in data transmissions.
  • Business continuity, resumption and data protection require special solutions.
  • Passwords could be guessed at using social networking tools, but if the user accounts are maintained internally in a controlled network, the systems could use techniques to detect and eradicate misuses and abuses from users based on aberrational access profiles and unauthorized territorial access. In a public cloud, security tools such as data leak prevention (“DLP”) software, data fingerprinting, data audit trail software and other tools might not be effective.

Such vulnerabilities explain why “cloud computing” needs special controls if used as a platform for providing outsourced services.

In the October 2009 T-Mobile debacle, users relied on the telecom service provider to store and backup the data. Mobile telephony devices (other than laptops) were seen as tools for creating but not storing, significant volumes of data. Remote data storage was a unique selling proposition, or so one thought.

T-Mobile’s Technological Failure. In its website, T-Mobile exposed the technological sources of the failure of its “cloud computing” for mobile devices. It explained:

We have determined that the outage was caused by a system failure that created data loss in the core database and the back-up. We rebuilt the system component by component, recovering data along the way.  This careful process has taken a significant amount of time, but was necessary to preserve the integrity of the data. SOURCE: T-Mobile Forums, Oct. 15, 2009 update.

Mitigating Damages: Public Relations Strategy for Restoring Customer Confidence and Maintaining Brand Goodwill. After some delay, without admitting any liability or damages, T-Mobile adopted a “damage control” strategy adopted from the usual “disaster recovery” process models:

Compensation. It offered any affected customers a $100 gift card for their troubles in addition to a free month of service.

Communication Outbound. It created and updated a Web forum for Sidekick users to get information about the nature of the problems, whether the data loss was irretrievable and the time to resume operations.

Communication Inbound. It provided an e-mail contact address so that it could respond to inquiries and thus identify and counteract rumors that might have been spreading.

Compliance. T-Mobile notified the public media since the “disaster” exposed it to the possibility that more than 5,000 consumers in any particular state might have had their personally identifiable information (“PII”) exposed to unauthorized persons such as hackers. Such notifications (along with other notices to individual customers and designated government officials) are mandated by state law in over 40 states.

Corrections and Control. It focused on remediation first, deferring problem resolution with any claims against its service provider Microsoft’s subsidiary Danger, Inc..

Confidentiality. It kept its communications with its failing provider confidential and focused on remediation.

Escaping Liability for Damages. Generally, telecom service providers disclaim liability in excess of a small amount. Further, service contracts contain exclusions of liability for consequential damages as well as force majeure clauses. Generally, such disclaimers and exclusions are enforceable. However, various legal theories might prevent a service provider from escaping liability for failed service delivery.

Legal Risks for Providers of “Cloud Computing” Services. T-Mobile consumers might assert various legal theories against T-Mobile for damages if their data are not fully restored, or if T-Mobile fails to act promptly and reasonably to mitigate damages to consumers.

False Advertising; Unfair and Deceptive Practices. State and federal laws prohibit false or deceptive advertising and unfair and deceptive practices. Enforcement of these laws is generally restricted to governmental agencies such as the Federal Trade Commission, the Federal Department of Justice and the state Attorneys General. Deception is a term of art and depends on the facts. In this case, the question is how solidly did T-Mobile portray the benefits of “cloud computing,” and did it warn against loss of data. If T-Mobile can show that it warned users of potential data loss and recommended that they back up their own data, such a warning might relieve it from liability. If T-Mobile represented that it would use reasonable security, backup and business continuity services, subscribers with lost data might have a claim of negligence or gross negligence.

Consumer Fraud. Under common law and state consumer protection laws, generally, a fraud occurs when the seller knowingly misleads or makes a false statement of fact to induce the consumer to make a purchase.A massive fraud is subject to a class-action claim in Federal court under Federal Rules of Civil Procedure.

Magnuson-Moss Warranty Act. Normally, an outsourcing services contract is not one that is associated with the maintenance of a product such as a telephone or a computer. If the service provider were also selling any equipment to the customer, and the customer were a “consumer,” and the service provider’s agreed to maintain or repair the consumer product, then the Magnuson-Moss Warranty Act, 15 U.S.C. § 2301 et seq. would apply. This risk explains why sellers of consumer products (mobile telephones) offer only limited warranties. The Magnuson-Moss Warranty Act is probably not a source of potential liability for T-Mobile, but that depends on the customer contracts.

Privacy Violations. Cloud computing providers may become liable to consumers or enterprise customers for failure to comply with applicable privacy statutes. Such statutes protect personal health information (under HIPAA), personal financial information (under the Gramm-Leach-Bliley Act), personally identifiable information (state and federal laws), financial information of a plan fiduciary under ERISA or other or simply confidential information that could be a trade secret or potentially patentable idea of an enterprise or its customers, suppliers or licensors. Export control laws and regulations governing trade in arms and “defense articles” are thus not good candidates for “cloud computing” except for “private clouds.”

Enterprises hiring third-parties to remotely process and manage their operational data are liable to third parties if any protected data is mishandled, depending on the exact wording of the law. Allocation of liability for privacy and security violations is typically a negotiated element of any outsourcing agreement.

Protecting Consumers in Cloud Computing. The legal framework for “cloud computing” needs to be well defined before it can become a reliable business model replacing networks or local workstations. Regardless of disclaimers in consumer contracts, providers of “cloud computing” services will need to adopt reliable, resilient storage backups, disaster recovery and business continuity services. Moreover, when hiring a “cloud computing” service provider (as T-Mobile did when it hired Microsoft/Danger, Inc.), the seller must ensure high standards by its subcontractors. Telecom outsourcing to IT providers requires special technical and legal controls to protect the consumer and the telecom carrier.