Products Liability and the Internet of (Insecure) Things: Should Manufacturers Be Liable for Damage Caused by Hacked Devices?

While the application of products liability to insecure software is a frequently-discussed concept in academic literature, many commentators have been skeptical of the viability of such claims for several reasons. First, the economic loss doctrine bars recovery for productivity loss, business disruption, and other common damages caused by software defects. Second, the application of design defects principles to software is difficult given the complexity of the devices and recent tort reform trends that have limited liability. Third, the intervening cause of damage from insecure software is typically a criminal or tortious act by a third party, so principles of causation might limit liability for manufacturers.