Torts of the Future

Bruce Schneier, a fellow and lecturer at the Harvard Kennedy School, and the chief technology officer of the cybersecurity company Resilient, has an op-ed piece in the New York Times today, “What Happens When Your Car Gets Hacked?”¹

In it, Schneier asks what will happen in five or ten years, when

the world is going to be filled with literally tens of billions of devices that hackers can attack. We’re going to see ransomware against our cars. Our digital video recorders and web cameras will be taken over by botnets. The data that these devices collect about us will be stolen and used to commit fraud. And we’re not going to be able to secure these devices.

After explaining the problem in some detail, he concludes, “the future will contain billions of orphaned devices connected to the web that simply have no engineers able to patch them.”

An this will be a problem. Here is the scenario Schneier lays out: “Imagine this: The company that made your internet-enabled door lock is long out of business. You have no way to secure yourself against the ransomware attack on that lock. Your only option, other than paying, and paying again when it’s reinfected, is to throw it away and buy a new one.”

Schneier calls for increased government intervention to mandate a variety of solutions to this problem.

Unfortunately, however, Schneier’s example doesn’t go far enough. Imagine your driverless car gets hacked, at 65 miles per hour. Who will be responsible for the ensuing injuries or deaths?

Fortunately, tort law is flexible enough to provide a remedy for those injured by technology run amok. But the courts will increasingly have to grapple with advances in technology which in turn lead to what we are calling “torts of the future.”