SAN FRANCISCO — The future seems to keep getting here more quickly than we expect. We can monitor our kids from a hand-held device, our takeout might soon be delivered by robots, and self-driving cars are already cruising our streets.
But as more of this technology goes mainstream and interacts with consumers, the legal exposure for companies similarly expands. Here’s an overview of where liability litigation and emerging tech are likely to collide.
Liability on the roads right now is pretty much a driver-centered issue; if you smack into someone’s rear bumper because you’re glued to Snapchat, the fault is yours. But as driverless cars make their way onto the roads, the picture becomes a lot more complicated, said Farella, Braun + Martel insurance lawyer Dennis Cusack in our latest podcast.
Right now, the autonomous cars that are on the road are “hybrids,” with human operators who are expected to remain alert even when in autonomous mode. Parsing whether the machine or the human failed can be a complicated endeavor, especially when other cars on the road are not autonomous. It took federal regulators months to determine whether Tesla was at fault in a May 2016 crash involving an automated Tesla Model S and a tractor-trailer. (They ultimately could not find any defect.)
But product liability for manufacturers could take on a whole new dimension with the advent of totally self-driven vehicles. “I think the presumption we’re going to have at the outset is that, if there is an accident with a fully autonomous car, the car and the manufacturer are going to be at fault,” Cusack said. Expect car manufacturers and insurance companies to tangle in court over who should pay for the damage.
One of the big questions for “Internet of Things” device manufacturers is whether they’ll be held liable for security gaps. There’s been no shortage of data breach litigation in recent years (more on that below). But what’s now emerging is a line of cases that test whether companies can be sued simply because of the existence of a security flaw. It’s a notion that defense attorneys balk at, but say could be a significant threat. It brings into the crosshairs any device “that can be found or alleged by a security researcher down the road to have a flaw or a vulnerability,” said Megan Brown, a partner at Wiley Rein in Washington.
The Federal Trade Commission is already fighting in federal court with D-Link Corp., a Taiwanese manufacturer of wireless routers and Internet cameras, over the use of simple, hard-wired passwords in its devices. And some civil plaintiff attorneys have been arguing that consumers would have paid less for their devices if they had known about security weaknesses. The issue goes beyond small electronics to large manufactured goods such as cars. The U.S. Court of Appeals for the Ninth Circuit will likely hear oral arguments soon in a case against Toyota, Ford and General Motors (Cahen v. Toyota Motor, 16-15496) centering on whether plaintiffs have standing to sue over security gaps in their systems.
Whether it’s land rights, air rights or nuisance claims, drones pose a raft of potential legal challenges for the courts. Depending on how quickly Amazon sends delivery drones zipping over our heads, one of the specific questions they could confront soon is whether homeowners can sue to stop drone operators from passing over their property. “The property issues relating the air above you really haven’t been developed,” said John Yanchunis, a class action attorney at Morgan & Morgan in Tampa.
If that sounds like a cloudy legal issue, companies also have more basic concerns. With some drones collecting hours upon hours of video data, another big question for some large companies is the extent of their legal liability in managing that data. An attorney for BNSF said at a recent conference that the railway operator has had to wrestle with whether it could be found negligent for missing a track problem that an inspection drone might have captured on video.
In the meantime, drone makers are also busy on the regulatory front, pushing to ease Federal Aviation Administration rules that generally require operators of small “unmanned aerial vehicles” to keep the craft within line-of-sight.
With hacking by state and nonstate actors alike showing no sign of abating, litigation over data breaches seems to be here to stay. Although the U.S. Supreme Court’s Spokeo decision made it more difficult for data breach victims to assert standing, it has not extinguished that line of litigation, note Alexander Southwell and several other Gibson, Dunn & Crutcher attorneys in a recent blog post.
Among the cases to watch in that space: the multidistrict litigation over the Yahoo data breach, which affected over 500 million account holders worldwide, and the ongoing case in the U.S. District Court for the District of Columbia over a breach affecting more than 20 million government workers. Yanchunis, who is lead counsel in the Yahoo MDL and is also involved in the OPM case, is confident about plaintiffs’ position.
“The law in four circuits has gone to the point where if your information is taken,” he said, “you have the right to litigate your interest in how your information is protected going forward.”
Ben Hancock is a San Francisco-based reporter for The Recorder and Law.com. He writes about the future of litigation, including third-party finance, legal data analytics, and artificial intelligence in the law. Contact Ben at firstname.lastname@example.org. On Twitter: @benghancock