Download this Paper Open PDF in Browser

Products Liability and the Internet of (Insecure) Things: Should Manufacturers Be Liable for Damage Caused by Hacked Devices?

18 Pages Posted: 20 Apr 2017  

Alan Butler

Electronic Privacy Information Center

Date Written: April 19, 2017

Abstract

Despite the fact that discussions of liability for defective software go back more than forty years, there is no clear consensus on what theory governs liability for damage caused by "connected devices" (or the "Internet of Things"). However, the proliferation of IoT devices may be the catalyst for a new field of "connected devices" products liability law, which could provide a good model for determining liability for several reasons. First, attacks on IoT devices can and have caused significant damage to property and are highly foreseeable given the widely acknowledged insecurity of connected devices and numerous high-profile attacks. Second, IoT devices are, in many cases, capable of being updated and secured remotely by the manufacturer, and patching well-known security flaws could significantly reduce the risk of future attacks. And third, holding manufacturers liable for downstream harms caused by their insecure devices is well aligned with the purposes of products liability law—to minimize harm by encouraging manufacturers (as a least-cost-avoider) to invest in security measures.

Keywords: privacy, torts, liability, products liability, law, technology, cybersecurity

Suggested Citation

Butler, Alan, Products Liability and the Internet of (Insecure) Things: Should Manufacturers Be Liable for Damage Caused by Hacked Devices? (April 19, 2017). University of Michigan Journal of Law Reform, Forthcoming. Available at SSRN: https://ssrn.com/abstract=2955317

Alan Butler (Contact Author)

Electronic Privacy Information Center ( email )

1718 Connecticut Avenue
NW Suite 200
Washington, DC 20009
United States

HOME PAGE: http://epic.org

Paper statistics

Downloads
144
Rank
171,574
Abstract Views
453