5 Billion Internet-Connected Devices Raise Liability Issues

The Product Safety & Liability Reporter™ provides updates on significant developments and issues in product safety and liability litigation and regulation, plus analysis from top litigators. Get...

By Julie A. Steinberg

Nov. 10 — More than 5 billion devices connected to the Internet raise new product liability concerns, including those related to hacking and “no-injury” suits, a product liability defense attorney says.

Devices that connect to the Internet include cars and trucks, smart TVs, cell phones, wearables like fitness trackers, home security and maintenance systems that can be programmed remotely, appliances and medical devices, H. Michael O'Brien of Wilson Elser Moskowitz Edelman & Dicker LLP said Nov. 5.

The 5 billion figure is expected to quintuple by 2020, O'Brien told participants of a webcast hosted by a nonprofit, pro-business group in Washington.

But there are costs associated with the explosive growth of devices that talk to the Internet, and to each other.

Moving beyond privacy issues, the connected devices raise product liability implications: A device can fail or become an entry point for a hacker, either of which could lead to property damage or physical harm, O'Brien said.

A home's remotely programmable HVAC system could malfunction while the homeowner is away, causing the temperature to get low enough that pipes could freeze and burst, resulting in property damage, he theorized.

Citing one problem that really happened, O'Brien said that, in July, the Food and Drug Administration warned that Hospira Inc.'s Symbiq insulin infusion pumps could be hacked through hospital networks, which would cause patients to receive incorrect doses (43 PSLR 954, 8/10/15).

And cheaper connected products, while popular, may be less secure than more secure, costlier products, he said.

What are some liability risks?

From Hypo to Real Scenario

“Small glitches” affecting hundreds, or thousands, or even millions of devices make an ideal recipe for product liability “no-injury” class litigation, O'Brien suggested.

No-injury suits are often described by defense lawyers as those where, while a potential for injury exists, no “actual” or “concrete” harm has yet occurred.

Suits have already been filed addressing vulnerabilities in cars, O'Brien said.

In Cahen v. Toyota Motor Corp., N.D. Cal., No. 15-01104, a would-be class of plaintiffs sued Toyota, Ford and GM, alleging the carmakers failed to ensure the electronic security of their vehicles, making the cars vulnerable to hackers who could take control of a car's functions from the driver.

The Cahen suit, in which no plaintiffs actually alleged that such hacking occurred, was tentatively dismissed Nov. 3. The court found the elements of standing weren't met and plausible injury wasn't shown, according to a minute order on the docket.

The hackers-take-over scenario was a hypothetical when the Cahen suit was filed in March 2015, O'Brien told webcast listeners, “but it's no longer hypothetical.”

Hack, Recall, Would-be Class Suit

O'Brien recounted that, in July, Wired Magazine reported about a remote hack of a Chrysler Jeep, in which software developers, just to show that they could, took control of a moving vehicle through its Internet-connected “infotainment” system (43 PSLR 894, 7/27/15).

Within days of the report, Chrysler Fiat announced a recall of 1.4 million affected vehicles, he said (43 PSLR 926, 8/3/15).

And, within days of the recall, plaintiffs filed a would-be class suit in the U.S. District Court for the Southern District of Illinois (Flynn v. FCA US LLC, S.D. Ill., No. 15-855, complaint filed, 8/4/15).

Plaintiffs allege the recall, a software patch for the UConnect system, doesn't fix the entire problem, O'Brien said. According to the suit, the problem arose because a non-secured infotainment system was coupled with essential engine and safety controls. That's a design flaw, not a software problem, the plaintiffs say.

The plaintiffs, even though no real-world hack has yet been carried out, assert breach of warranty, fraud, negligence, and unjust enrichment claims. They also allege the defendants violated state consumer fraud and business practices laws. “The normal recipe of product liability, no-injury class actions,” O'Brien said.

Chrysler and Harman International Industries Inc., maker of the infotainment system, have filed motions seeking to dismiss the suit, arguing, in part, the plaintiffs' speculative fear that cybercriminals could hack their cars doesn't confer standing.

The plaintiffs' response is due later in November, according to the docket.

The Washington Legal Foundation sponsored the webcast.

To contact the reporter on this story: Julie A. Steinberg in Washington at jsteinberg@bna.com

To contact the editor responsible for this story: Steven Patrick at spatrick@bna.com

Harman's dismissal motion is at http://www.bloomberglaw.com/public/document/Flynn_et_al_v_FCA_US_LLC_et_al_Docket_No_315cv00855_SD_Ill_Aug_04.

Fiat Chrysler's dismissal motion is at http://www.bloomberglaw.com/public/document/Flynn_et_al_v_FCA_US_LLC_et_al_Docket_No_315cv00855_SD_Ill_Aug_04/1.

The complaint in the Flynn case is at http://www.bloomberglaw.com/public/document/Flynn_et_al_v_FCA_US_LLC_et_al_Docket_No_315cv00855_SD_Ill_Aug_04/2.