By Judy Okenfuss, Managing Partner, and Kimberly Metzger, Partner, Ice Miller LLP | via IceMiller.com
The number of products connected to the Internet is rapidly increasing. Smart homes, autonomous vehicles, and clothing that monitor heart rate — all products once just found in science fiction — are now part of the vast array of the Internet of Things, a rapidly growing network of devices, objects and sensors. Manufacturing no longer means simply producing a product that works; now, products must also compile, analyze, and use significant quantities of data in real time.
Every day, companies are finding new ways in which the data generated by the Internet of Things can be interpreted to improve their products and, more importantly, provide previously unheard of services to consumers. The medical industry is one of the leaders in this field. Insulin pumps, implantable defibrillators, and other medical devices send data to health care providers who can immediately implement any changes needed in treatment — all through the Internet. The motor vehicle industry is another leader. Driverless cars are now operating on our roadways. Some companies are already operating fleets of autonomous vehicles in which they control the operation of the vehicles, such as path and speed, and, also, monitor vital signs remotely. If a vehicle needs maintenance or repairs, this information can be detected early before breakdowns or accidents occur — thus improving productivity and reliability.
Companies are approaching the Internet of Things in different ways. Caterpillar Inc. has an Analytics and Innovation Division that is seeking to "transform the mountains of incoming data — from a single machine or engine, an entire job site, the supply chain, a shipping location and much more — into valuable information for our customers and suppliers ... " Other manufacturers are looking to partner with technology companies. For instance, Komatsu Ltd. and General Electric Co. formed a data partnership to allow Komatsu to use available data to determine the most efficient trucking routes for customers and to improve speed at mining sites. Defining State of the Art
As more products become connected to the Internet, considerations for producing "state-of-the-art" products will change. In products liability law, courts generally look to whether a product incorporates "the best technology reasonably feasible at the time the product was designed, manufactured, packaged and labeled." Similarly, the statutory definitions of state of the art looks to the feasibility of technology: "State of the art means the technical, mechanical and scientific knowledge of manufacturing, designing, testing, or labeling the same or similar products that were in existence and reasonably feasible for use at the time of manufacture." In determining whether the knowledge is available, courts have found that "a manufacturer is held to the knowledge and skill of an expert in the field; it is obliged to keep abreast of any scientific discoveries and is presumed to know the results of all such advances."
The Internet of Things will bring new challenges to companies hoping to prove that their products are state of the art. For instance, can an automobile manufacturer claim that its car, which does not incorporate autonomous capabilities but has other safety features, incorporates the best technology reasonably feasible, such that it would be considered state of the art? Tesla Motors Inc., Google Inc., and other companies have demonstrated the feasibility of autonomous vehicles. Testing shows reduced accidents for these vehicles. Or, will a manufacturing process without automation controls meet state of the art requirements when the use of interconnected devices allows a company to minimize failure rates? Reasonably Feasible Technology
In answering these questions, an important factor is whether a technology is reasonably feasible. Courts have wrestled with this question when faced with new developing technologies. Several years ago, the Arizona appellate court was asked to determine whether a single stage air bag inflator was state of the art in 1995. In determining that the car might not be considered state of the art, the court noted that dual stage inflators (the technology which the plaintiff contended should have been used) "were on the shelf ready to be implemented," even though at the relevant time no cars in the United States had been sold with the dual stage inflator technology. A federal court in Florida was asked to consider whether flesh detection technology was needed for a table saw to be considered state of the art. Even though evidence demonstrated that the technology was not reasonably available and that introduction of this technology would "transform the [table saw] into a much heavier saw costing many times more," the court refused to find that a table saw without technology was state of the art. As the Internet of Things continues to develop, courts will need to consider similar factors when faced with the question of whether a product is state of the art, especially with regard to products which are not collecting, analyzing and using the available data.
Considerations for Connected Devices
As for the products which are part of this connected network, there will be additional considerations for the courts in considering a state of the art defense. There have been serious vulnerabilities relating to the security of data shown in products as diverse as cars and baby monitors. Fiat Chrysler Automobiles NV recalled over a million vehicles where it was shown that vehicles could be taken control of remotely. Reports have been made of strangers hacking into video baby monitors and watching children. Without appropriate protections, devices used in smart homes, such as Internet-connected security devices and keyless entries can be hacked and disabled.
As such, any product connected to the Internet will also need to demonstrate that it employed state-of the-art techniques in the protection and handling of data. Although the courts have not yet addressed what might be considered state of the art in this regard, generally, a state-of-the-art system with regards to the data being generated and collected should ensure that data collected will not be misused by unauthorized persons and that product access is limited to authorized users. To reach this goal, a manufacturer cannot simply focus on the design and manufacture of the physical product. Rather, a similar level of attention will need to be given to the infrastructure that manages the data and the protection of the data. Some companies employ privacy by design, which is an approach to protecting privacy by embedding it into the design specifications of technologies, business practices, and physical infrastructures. Privacy by design requires the product designers to think about privacy from the outset. Privacy considerations will impact the risk assessment and could have a significant effect on any failure mode effects analysis performed on the product.
Regardless of the manner in which manufacturers approach the issue, factors that may be considered in determining whether a product has incorporated protections that are reasonably and technically feasible at the time of manufacture include, among other factors, whether manufacturers incorporated the latest techniques for encryption of data and authentication of information. The courts may seek confirmation that as part of the design process manufacturers used reasonable information security coding practices, followed peer code review and conducted security assessments. Also, courts may consider whether quality assurance testing includes penetration testing and other security measure testing before release into the stream of commerce. Finally, courts may broaden the responsibilities of manufacturers and for connected devices require monitoring after sale and patching of identified vulnerabilities. Although the specific factors to be considered are not yet known, there is no question that, as the Internet of Things expands, so does the technology available to manufacturers. As such, it may only be a matter of time until the courts find that the use of interconnected devices, including the collection, analysis and use of the data generated, is reasonably feasible and required for any product which claims to be state of the art.
For more information on the Internet of Things
and its liabilities, contact Judy Okenfuss, Kimberly Metzger, or a member of our Internet of Things practice group.
This publication is intended for general information purposes only and does not and is not intended to constitute legal advice. The reader should consult with legal counsel to determine how laws or decisions discussed herein apply to the reader’s specific circumstances.
-----To read the full article online, click here: http://www.icemiller.com/proposals/2023/What%20is%20State-Of-The-Art%20for%20Internet%20Of%20Things%20Devices.pdf