Foreseeable misuse - How automotive companies can be held liable and must protect for misuse in development
- June 22, 2015
- Marcel Romijn
In the past years BRACE engineers have been involved in a variety of discussions whether certain designs were safe, secure and compliant enough. One topic that often has proven difficult is the foreseeable misuse.
An automotive manufacturer (cars, trucks, bus, mobile machines, etc.) sells products to end customers and by that is held liable for anything covered under the general product liability demands. In addition specific automotive legislations exist that focus on items such as safety (i.e. crash safety) or pollution (i.e. exhaust gas levels).
While the large number of recalls and government fines have shown that this can be a struggle already it is not enough to just look at fulfilling the requirements and keeping the product in operation as it was designed.
An additional and often overlooked factor is the misuse. Any vehicle owner or operator can use the vehicle in a way that was not intended. As such it can violate the design and in case of financial loss or personal injuries the liability discussion can start. This also applies to modifications made by the vehicle owner or operator. An additional difficulty is that modifications can bring the vehicle out of compliance to the specific automotive legislations.
A good example from the last could be the SCR Catalyst system. This exhaust gas reducing system relies on injection of Urea (the substance used is called AdBlue in the EU and DEF in the USA). To be able to inject a tank is used in the vehicle that at certain time & mileage intervals must be filled again; paid for by the vehicle owner. The introduction of this system, which exists purely for cleaner exhaust emissions, also meant that the vehicle owner could choose to not fill the tank and beyond the exhaust gas emissions being high the vehicle owner would have no negative effects. Therefore specific legislation was created that require some type of penalty system for this "foreseeable misuse". Manufacturers were also warned for intentional tampering and that their systems had to be resistant to the tampering up to reasonable levels.
In the SCR example the legislator stepped in and made it concrete what they expected in terms of foreseeable misuse prevention. However typically the topic is left open for the OEM to solve.
Foreseeable misuse has some more definitions that help. For example a differentiation can be made in reasonable and unreasonable.
** Reasonable foreseeable misuse: Use of a product in a way that was not intended by the manufacturer/supplier but which may result from predictable human behavior
** Unreasonable foreseeable misuse: deliberate use to cause harm, reckless use.
An additional item to take care off is the affordance or the perceived design that suggest the use and may suggest unintended use. If you consider a chair a reasonable foreseeable misuse is that people may stand on the chair as an alternative to more appropriate items. If the chair has the appearance of a ladder the perceived design actually suggests this unintended use.
To bring this back to a hot topic in the automotive domain; infotainment systems in the vehicle with internet connectivity. These systems already have a general setup (and an ISO standard to confirm the setup is close to being published) where the manufacturer describes what apps and functions can run on the infotainment system and in what conditions (i.e. no movies while driving). The internet connectivity consists of a proprietary connection to the manufacturers servers from where third parties and actual internet can connect. A system that is designed so that the manufacturer can keep track of what happens to the infotainment with the added benefit that they can keep the system running as designed (prevent unintended use). For requirements that will follow soon on connected car data security this certainly is a critical item.
A difficulty however is that this approach does not take into account the reasonable foreseeable misuse. An approach as described would have been perfectly fine in a time when smartphones did not exist. However they do and in this world similar restrictions have been set by the smartphone manufacturers. As consumers were annoyed by the restrictions the more techsavy of them have started to hack the smartphones (jail breaking). Once succesful the hacks have been published in a way that any smartphone user can easily apply them. This same group of people has similar opinions about the infotainment systems of cars. And as a result there are quite a few vehicles for which a jailbreak can easily be downloaded and installed. The jailbreak typically allows the bypass of restrictions (now you can watch movies while driving) and also allows the bypass of the manufacturer serers (direct and open internet connection).
If someone crashes the car as they were too busy watching i.e. Netflix while driving this could be considered reckless use and the manufacturer would be off the hook. The more scary part however is that with the direct and open internet connection the data security has also been bypassed. The infotainment system is typically linked to various other and more critical systems in a car that are now fully open to viruses, malware or more intentional forms of hacking. That is with today's generation of car buyers and their history from smartphone use an absolute reasonable foreseeable misuse for which the manufacturer can be held liable.
Another specific automotive difficulty is the timeline of vehicle development and the lifetime of the vehicle. At the start of development a scenario of e.g. the jail breaking may still seem impossible if state-of-the-art protection techniques are used. Therefore it is considered unreasonable foreseeable misuse. By the time the vehicle enters series-production (2 to 3 years further) or has been on the road for some time in IT terms the state-of-the-art is now something for the museum.