Embedded software is found in a stunning array of products today. These products are often used in an environment in which people can be hurt, or suffer economic loss if the software contains bugs or otherwise malfunctions. Of particular growing concern are the consequences of embedded devices having inadequate security such that bad actors can obtain control over the devices to the detriment of their owners. In cases such as these, having an in-depth understanding of what it takes to develop safe and secure products is an invaluable asset in assessing whether a product design is defective.
Representative Case
Toyota
Following a string of well-publicized cases of unintended acceleration in Toyota vehicles, the NHTSA commissioned NASA to study the Electronic Throttle Control System (ETCSi). Following the publication of a heavily redacted report, U.S. Transportation Secretary Ray LaHood said, “We enlisted the best and brightest engineers to study Toyota’s electronics systems, and the verdict is in. There is no electronic-based cause for unintended high-speed acceleration in Toyotas.”
However, for anyone that actually read the NASA report it was clear that Secretary LaHood was grossly mischaracterizing what NASA’s engineers had found and reported on. Subsequently a class action lawsuit was certified against Toyota, and Nigel Jones was asked by the plaintiffs’ counsel to be part of the team studying Toyota’s ETCSi source code.
As explained by the plaintiffs’ lawyers in this video, notwithstanding the stringent conditions imposed on the review of the code, the plaintiffs’ experts were indeed able to find “deficiencies in the source code that were the basis of our contentions.” The principal deficiency and a multitude of other deficiencies were discovered by Nigel Jones. Following the issuance of his and other expert reports, Toyota elected to settle the class action lawsuit for approximately $1.2B–$1.6B. A related bellwether personal injury case (Shirlene Van Alfen, et. al. v. Toyota Motor Sales, U.S.A.) also settled under confidential terms.
The first case to go to trial in which the jury heard about the deficiencies Mr. Jones discovered in Toyota’s ETCSi was in Oklahoma. The jury found for the plaintiff and determined that Toyota acted with “reckless disregard.” Before the jury could rule on punitive damages, Toyota settled the case and shortly thereafter announced that they would enter into intensive settlement negotiations to resolve the hundreds of other outstanding unintended acceleration cases.
