Failure analysis is used when a product is known, or suspected, to have failed in operation, typically resulting in some form of harm to the user of the product. In modern systems, the electronics and its attendant software are usually central to a product’s operation and hence are a key area for investigation. Problems are often found at the intersection of the hardware and the software since this is the point where two different domains of expertise meet. Nigel Jones is equally adept at both hardware and firmware and thus is uniquely qualified to investigate embedded products.

Representative Cases

Toyota

Following a string of well-publicized cases of unintended acceleration in Toyota vehicles, the NHTSA commissioned NASA to study the Electronic Throttle Control System (ETCSi). Following the publication of a heavily redacted report, U.S. Transportation Secretary Ray LaHood said, “We enlisted the best and brightest engineers to study Toyota’s electronics systems, and the verdict is in. There is no electronic-based cause for unintended high-speed acceleration in Toyotas.”

However, for anyone that actually read the NASA report it was clear that Secretary LaHood was grossly mischaracterizing what NASA’s engineers had found and reported on. Subsequently a class action lawsuit was certified against Toyota, and Nigel Jones was asked by the plaintiffs’ counsel to be part of the team studying Toyota’s ETCSi source code.

As explained by the plaintiffs’ lawyers in this video, notwithstanding the stringent conditions imposed on the review of the code, the plaintiffs’ experts were indeed able to find “deficiencies in the source code that were the basis of our contentions.” The principal deficiency and a multitude of other deficiencies were discovered by Nigel Jones. Following the issuance of his and other expert reports, Toyota elected to settle the class action lawsuit for approximately $1.2B–$1.6B. A related bellwether personal injury case (Shirlene Van Alfen, et. al. v. Toyota Motor Sales, U.S.A.) also settled under confidential terms.

The first case to go to trial in which the jury heard about the deficiencies Mr. Jones discovered in Toyota’s ETCSi was in Oklahoma. The jury found for the plaintiff and determined that Toyota acted with “reckless disregard.” Before the jury could rule on punitive damages, Toyota settled the case and shortly thereafter announced that they would enter into intensive settlement negotiations to resolve the hundreds of other outstanding unintended acceleration cases.

Point 4 Data Corporation et al v. Tri-State Surgical Supply & Equipment Ltd., et al

Plaintiffs Point 4 Corporation and Dynamic Concepts sued Tri-State Surgical for tens of millions of dollars, alleging that Tri-State had circumvented the copy protection of an accounting software package. Nigel Jones was retained by the defendants to help them understand and respond to the plaintiffs’ technical claims.

At the heart of the case was a security dongle that plaintiffs supplied with their software in order to impose license restrictions. The defendants had continual problems with the dongle malfunctioning, resulting in their accounting and order taking system being inaccessible. After a particularly long outage, Tri-State paid a third-party to modify the binary image of the underlying software such that the dongle was no longer operative. When the plaintiffs became aware of this modification, they sued under various statutes, including claiming statutory damages under the DMCA for every time a Tri-State employee logged on to the software.

After examining the dongle and the relevant software, Nigel Jones was able to show a number of key things, including:

  1. That the dongle was being operated outside its design envelope and thus random startup failures were to be expected, consistent with the defendants’ experience. Since the DMCA has a specific exclusion for malfunctioning dongles, this was a very important finding.
  2. That despite the dongle no longer being operative, Tri-State’s computer configuration was such that Tri-State was still abiding by the terms of the license agreement in terms of the number of users. This finding effectively eliminated the plaintiffs’ claims that Tri-State should be forced to pay for an unlimited user license.
  3. That the actual security used by the plaintiffs was obsolete and easily circumvented, thus undercutting the plaintiffs’ claims for damages necessary to re-engineer their security systems.

After a multi-year litigation, the trial court ultimately entered judgement in Tri-State’s favor. Tri-State is now seeking an award of fees incurred in defending themselves against this action.