Advocates began demanding solutions to close the widening gap between then modern manufacturers and consumers who sustained damages due to defective products. This led to the publication of the Restatement (Second) of Torts in 1965, which was widely adopted throughout the United States and introduced the theory of strict liability to products liability laws.
In the 1990s, the United States entered the dot-com bubble with the rapid rise of internet-based companies. As the internet expanded, so did innovation. As stated by Judge Wardlaw, “[i]n 1996, when the internet was young and few of us understood how it would transform American society, Congress passed the [Communications Decency Act].” Lemmon v. Snap, Inc., 995 F.3d 1085, 1090 (9th Cir. 2021); 47 U.S.C. § 230.
The Communications Decency Act, more widely known as section 230, was passed by Congress to “promote the continued development of the Internet and other interactive computer services and other interactive media” and “encourage the development of technologies which maximize user control over what information is received by individuals, families, and schools who use the Internet and other interactive computer services.” 47 U.S.C. § 230(b)(1), (3). To promote such a policy, section 230 protected operators of internet platforms from liability where their platform published third-party content. 47 U.S.C. § 230(c).
As Congress intended, technology flourished and has now transformed our daily lives, and some refer to the present time as “the Fourth Industrial Revolution.” As technology continues to evolve at a rapid pace, a question arises: Will history repeat itself, or can products liability laws keep pace with emerging technology?
In general, products liability laws hold manufacturers and suppliers liable for placing a defective product into the stream of commerce, resulting in personal injury or property damage. A product may be considered defective because of a defective design, a manufacturing defect, or inadequate warnings. Each state has its own variation of products liability laws, but a product liability claim may generally arise under three different legal theories: negligence, breach of warranty, and strict liability.
With respect to strict liability, liability is placed on a manufacturer for a defective product that is unreasonably dangerous, resulting in personal injuries or property damages, regardless of whether the manufacturer exercised reasonable care. Since 1965, the majority of states have either adopted or relied on section 402A of the Restatement (Second) of Torts for the basis of their strict products liability laws. That section states:
One who sells any product in a defective condition unreasonably dangerous to the user or consumer or to his property is subject to liability for physical harm thereby caused to the ultimate user or consumer, or to his property, if (a) the seller is engaged in the business of selling such a product, and (b) it is expected to and does reach the user or consumer without substantial change in the condition in which it is sold.
Restatement (Second) of Torts § 402A.
For those states that have adopted or relied on section 402A, many questions arise as to whether it applies to emerging technology products that operate on software. For example, can software be “unreasonably dangerous”? If a software is updated or evolves from machine learning since it was sold, has it substantially changed so as to bar strict liability? Should strict liability apply to a data breach that results in stolen sensitive information without actual physical harm or property damage?
Most importantly, is software a product? Currently, most courts do not consider software a product; instead, they consider it to be a service. This is crucial with respect to products liability laws, because if software is not a product, then strict products liability will not apply. With most courts recognizing software as a service, how will current products liability laws apply to emerging technology?
Is Products Liability Law Being Left Behind?
One of the largest areas of emerging technology in our daily lives is the Internet of Things (IoT). The IoT is described as a network of smart devices, smart appliances, vehicles, and other devices that use software, sensors, and other technology to connect over the internet and exchange data. Examples of devices that use IoT include smart-home devices, wearable medical devices, health and fitness trackers, and some more recent automobiles. In 2021, it is estimated that there are 12.3 billion global IoT devices, and that estimate is projected to increase to 27 billion by 2025. With IoT quickly evolving, potential legal issues may arise in connection with personal injury or property damage caused by defectively designed software.
For example, property damage may arise when the software in a smart thermostat malfunctions, causing the pipes in your home to freeze and burst while you are away. With respect to autonomous vehicles or airlines, what if there is personal injury or death that occurs due to a software malfunction?
Take for example the Boeing 737 Max that was globally grounded after two flights crashed, leading to the death of 346 people. After an investigation, it was determined that the accidents were caused by a software malfunction in the Maneuvering Characteristics Augmentation System (MCAS), which forced the planes to nosedive and prevented the pilots from bringing the plane back to a level position.
As autonomous vehicles have become more popular, headlines about accidents related to autopilot features and resulting in death or severe injuries have also become more frequent. Another example is a more recent development. In January 2022, David Colombo, a 19-year-old IT security specialist, identified a flaw in the third-party software used in Tesla vehicles, allowing him to hack into and remotely control over 25 Tesla’s across 13 countries and an additional 30-plus Tesla’s located in China within hours.
According to Colombo, he was able to hack into and remotely control features that allowed him to watch every move made by the Tesla owner, remotely start the vehicle, limit the maximum speed of the vehicle, lock and unlock the vehicle, control the charging of the vehicle, control the volume levels, share the location of the vehicle, and disable the sentry mode (a feature that uses external cameras to detect potential threats to protect the vehicle when left unattended, similar to a home alarm system). Colombo did not have access to the steering, acceleration, braking, or other driving safety features; however, he believed that he may have been able to gain such access if he had tried. Because he understood the dangers of being able to hack into these vehicles, he reached out to Tesla to resolve the issue.
Should Strict Products Liability Laws Be Updated?
There are numerous scenarios that can be thought of or that occur similar to those above that all involve and operate on software. Despite a majority of courts not recognizing software as a product, some courts over the past year have applied products liability claims to software. For example, the U.S. District Court for the Western District of Michigan found that software was a product under the Michigan Product Liability Statute because it was an integral and essential part of a robotic automated assembly line that malfunctioned and resulted in the death of a maintenance technician. See Holbrook v. Prodomax Automation Ltd., No. 1:17-cv-219, 2021 U.S. Dist. LEXIS 178325 (W.D. Mich. Sept. 20, 2021).
The Ninth Circuit Court of Appeals also declined to shield Snapchat from liability under section 230 in a negligent design lawsuit brought by the parents of children who died in a high-speed car accident because of a negligently designed smartphone application that documented how fast they were traveling. See Lemmon, 995 F.3d 1085 (9th Cir. 2021); 47 U.S.C. § 230.
While neither the court in Holbrook nor the court in Lemmon applied strict products liability, this may signal that some courts are becoming more inclined to apply products liability laws to software. Even if this is a shift in the products liability landscape, however, will other courts resist or feel disinclined to recognize software as a product? If so, legislation may be required to step in and provide additional consumer protections. While the courts and legislatures may be behind the curve, insurance companies are recognizing the risk of exposure that may arise out of emerging technology and products liability claims.
While it is unclear how products liability will adapt to emerging technology, there are several challenges to overcome to bridge the gap between emerging technology and the current state of products liability law. For example, what standard of care should a software developer be held to, or what duties are owed to the consumer? Should a software developer be required to constantly maintain its software to ensure that it is free from defect or secure from data breaches? If a manufacturer uses a third-party software company for its product, who should be held liable for damages if the software is defective? Again, can software be unreasonably dangerous and pose a risk of injury or harm to consumers?
A problem that also will arise is the issue of recovering economic damages. While there are some exceptions, a majority of jurisdictions have adopted the economic loss doctrine, which prevents the recovery in tort of purely economic damages. Under the economic loss doctrine, a product liability claim against a software manufacturer will be barred for the recovery of economic damages arising out of hacked devices that were believed to be secure.
While a consumer may still seek a remedy under contract law, the consumer may be at a disadvantage because of end-user license agreements. In general, an end-user agreement is a contract between a software developer and the user that limits or shields the software manufacturer from liability in most instances. For example, an end-user agreement may prevent a consumer from pursuing some form of legal action.
As technology continues to advance, courts may also encounter difficulties with products liability claims involving software. They may be confronted with issues of first impression or have a limited body of relevant case law. Also, if the courts do begin recognizing software as a product, can they do so fast enough to keep pace with technology, or will legislation be required to expand or carve out exceptions?
Even if history is repeating itself and the expansion of products liability law is required, will an expansion hinder or discourage technological development? As stated in section 230, it is the policy of the United States “to promote the continued development of the Internet and other interactive computer services and other interactive media” and “to encourage the development of technologies. . . .” 47 U.S.C. § 230(b)(1), (3). The question then becomes this: Does the expansion of products liability laws to address emerging technology outweigh the benefits of continued technological development? Regardless of what the answer to that question is, an investigation into whether our current products liability laws provide sufficient consumer protections against emerging technology may be needed.