Editor’s Note: The following is a brief excerpt from a peer reviewed publication. The complete article is attached here.
From: THE TALLINN PAPERS/NATO CCD COE
by Liis Vihul, Researcher, NATO Cooperative Cyber Defence Centre of Excellence
At whatever level courts eventually recognise the duty of care, if at all, the challenge which plaintiffs can expect to face is that often it will be very difficult to prove causation, i.e. that their injury was suffered as a result of the manufacturer’s breach of the requisite duty of care. To meet this challenge, a plaintiff will first need to be sufficiently technologically savvy to be confident that his or her own actions did not cause or contribute to the harm that ensued. Vulnerabilities in software in and of themselves usually do not generate harm and go unnoticed unless they are so significant that they render the application dysfunctional and unfit for purpose. In the latter case, the law of warranty should adequately handle the issue. By contrast, vulnerabilities in the code become problematic once a malicious third party exploits them. Such cases will demand significant effort on the end-user’s part to determine the root cause of the problem. To overcome this evidentiary obstacle, advocacy for strict liability tends to emerge. Under the strict liability doctrine, which is a non-fault based liability regime, liability is imposed on the tortfeasor irrespective of whether the plaintiff has acted negligently.
Leave a Reply