Tag Archives: implied warranty

Product Liability—the Unique Position of the Cybersecurity Industry

There are three points that radically distinguish US cybersecurity industry from any other.
One – every cybersecurity company seems to be the self-declared “world leader in cybersecurity.” This can be easily verified by visiting their websites. I haven’t been able to detect any #2. Surprisingly, comedians and cartoonists don’t explore this hilarious situation.
Two – the industry as a whole is de-facto exempted from any product liability, even any implied warranty liability. This is a truly unique break that the cybersecurity industry has been getting away with for over thirty years. In the US every manufacturer is obligated at the very least to make sure that its products are reasonably fit for their intended uses . For example, a car manufacturer must make sure that its cars are at least drivable and can deliver a user from point A to point B. A hammer manufacturer has to make sure that its hammer handles do not break, at least not before you bring one home. The Uniform Commercial Code (UCC) is very explicit about this, and there have been millions of court cases where this principle has been upheld.
But not for the cybersecurity industry. Every firewall gets hacked even before it’s delivered to the first customer. On a daily basis we hear of “big” cases that one or another organization has been hacked with huge losses for millions of people. And don’t forget that only a small fraction of hacks is detected. We never hear about the undetected “big” cases and thousands of smaller ones. But nobody is held responsible despite of many billions of dollars in losses incurred by individuals, companies, and governments. The Government does promise to prosecute hackers – if they can catch them.
The interesting twist here is that every company assures its customers that their personal information and the money in their accounts is secure. Ironically, they assure their customers before they are hacked, while they are being hacked, and after they’ve been hacked. Somehow we listen to them and nod in agreement.
Three – the cybersecurity industry gets countless billions of our dollars for research and development of cybersecurity products. In fact, we spend more on this in a year than the entire cost of the Apollo program that put a few good men on the Moon. Amazingly, these funds seem to be going into a black hole. Nothing comes back. No product, no results, no responsibility for wasted money– the taxpayers money.
The most remarkable thing about this is that we, the people, have put up with this situation for over thirty years.
On a positive note: this industry should be a bonanza for investors — assured high returns with no risk. Stock brokers should take a note.