Despite the fact that discussions of liability for defective software go back more than forty years, there is no clear consensus on what theory governs liability for damage caused by ‘onnected devices’ (or the ‘Internet of Things’). However, the proliferation of IoT devices may be the catalyst for a new field of ‘connected devices’ products liability law, which could provide a good model for determining liability for several reasons. First, attacks on IoT devices can and have caused significant damage to property and are highly foreseeable given the widely acknowledged insecurity of connected devices and numerous high-profile attacks. Second, IoT devices are, in many cases, capable of being updated and secured remotely by the manufacturer, and patching well-known security flaws could significantly reduce the risk of future attacks. And third, holding manufacturers liable for downstream harms caused by their insecure devices is well aligned with the purposes of products liability law—to minimize harm by encouraging manufacturers (as a least-cost-avoider) to invest in security measures.
Butler, Alan, Products Liability and the Internet of (Insecure) Things: Should Manufacturers Be Liable for Damage Caused by Hacked Devices? (April 19, 2017). University of Michigan Journal of Law Reform, forthcoming.