Product Liability and Software Implicated in Personal Injury
While software can be considered a product for tort and UCC purposes, trying to fit it into strict products liability theory creates uncertainties
By Thomas G. Wolpert
THE BARRIERS to a successful products liability action against a software vendor remain imposing, and case law has been slow to develop, despite long-standing predictions by law review writers that the issues "inevitably" will come before the courts. One major reason is that most failures of software or computer systems cause purely economic injury. Courts find that contract law, in particular the Uniform Commercial Code, is the most appropriate vehicle by which to pursue a claim.
Another major reason is that some of the most significant software systems, in terms of size, cost and impact on human life, are developed under contract for an agency of the government and the contractor is shielded by government contractor's immunity. In the area of software to support medical decisions, where any significant mistake potentially can result in personal injury, progress in using computers has been slower than expected.
Presented here are four cases in which product liability claims against a software vendor either were raised or realistically could be raised on similar facts in the future. The cases involve
- An energy management system in a high school that was programmed to be inoperable until6:30 a.m. and that prevented an exhaust fan in a chemistry lab from working, thus causing a teacher to inhale chlorine gas (Sparacino v. Andover Controls Corp.);
- A computer system that generated a warning label for a prescription drug that was inadequate and that the pharmacist failed to use anyway (Frye v. Medicare-Glaser Corp.)
- A computer system used by a pretrial service agency that failed to warn an arraignment judge that an arrestee was out on bond for two previous armed robberies, a circumstance that resulted in the release of the arrestee and grave injuries to a person wounded in another armed robbery attempt (Akins v. District of Columbia); and
- A computer and software program that were used to assist in calculating doses of radiation received for patients who were being seeded with radioactive implants to treat cancer of the prostrate (Jones v. Minnesota Mining & Manufacturing Co.).
Beyond the scope of this article are the frequent actions brought against computer systems vendors for injuries caused by a data entry clerk's repetitive keystrokes, such as carpal tunnel syndrome, or other injuries as easily sustained on a typewriter.
APPLICABILITY OF PRODUCTS LIABILITY
As a preliminary matter, the premise that injuries caused by software are amenable to products liability analysis must be explored. The starting point is Section 402A of the Restatement (Second) of Torts:
Special Liability of Seller of Product for Physical Harm to User or Consumer
(1) One who sells any product in a defective condition unreasonably dangerous to the user or consumer or to his property is subject to liability for physical harm thereby caused to the ultimate user or consumer, or to his property, if
(a) the seller is engaged in the business of selling such a product, and
(b) it is expected to and does reach the user or consumer without substantial change in the condition in which it is sold.
(2) The rule stated in Subsection (1) applies although
(a) The seller has exercised all possible care in the preparation and sale of his product, and
(b) The user or consumer has not bought the product from or entered into any contractual relation with the seller.
Section 402A requires that there be a "product in a defective condition unreasonably dangerous." Passing momentarily over the "product" issue, it seems reasonably clear that the remainder of the Section 402A definition is applicable.
Software programs can certainly be defective. Sometimes they fail outright; sometimes they have limitations not recognized by users; sometimes the initial data on which they rely is faulty. The computer industry includes vendors who sell nothing but software, vendors who sell integrated hardware-software systems, and vendors who sell hardware and subcontract their software work. All these vendors are engaged in the business of selling software.
Where either faulty design or a failure to warn creates a risk of injury that otherwise would not be present, then the program, at least arguably, can be termed "unreasonably dangerous." Particularly because of the flexibility of software - it can be programmed almost any way desired - arguments that software may fall into an "unavoidably unsafe" category appear implausible. Once a design problem is identified, fixing software is simple compared to "fixing" a pharmaceutical product.
Commercial software almost always reaches the user or consumer without substantial change from the condition in which it was sold. In fact, software vendors normally distribute and license only a non-modifiable version of the actual code.
A. Software: Product or Service?
The most serious barrier to the application of strict liability to software is the question whether software is a product.
Software is an intangible set of instructions: as ultimately executed, it exists only as minute magnetic fields or voltages held temporarily inside the memory of a processor. The value of the medium that software is transferred on is trivial compared to the cost of developing the software. Software frequently is not offered for sale, except to the government; it is licensed. The issue has been confused because programmers can be hired on an hourly basis to do custom programming work, which is clearly a service. Law review writers have generally argued that software is a "good" in the context of the Uniform Commercial Code, primarily because a transfer of property is "at the heart of the contract".
Although software usually is licensed, that license is a one-time charge for perpetual use, much like a sale. The real purpose of the license is to prevent unauthorized copying and subsequent resale. Generally, software enters the stream of commerce no differently from any other high technology product. Apart from the fact that the consumer technically purchases a license, the sale, marketing and distribution of software is done alongside related electronic and computer components that unquestionably are goods.
The intangible aspect of software is different from that of a song or a book in that if a musician misses a note or a novelist mishandles a characterization, there are no further consequences except the displeasure of the listener or reader. Software, however, is a component part of a real-world tool, and its failure has consequences very likely to be experienced beyond subjective displeasure.
Courts generally have dealt with software as part of a combined hardware-software system and have treated it as a good.
B. Malpractice Liability
Generally, courts have declined to recognize a tort of computer malpractice. When programmers contract out their services, however, the normal standard of those who "hold themselves out to the world as possessing skill" applies. Despite the assumptions of numerous law review writers, typically there is no "one" programmer to be held liable in a commercial setting. Software is generally developed by an organization of project managers, software analysts, programmers, hardware engineers, quality assurance engineers, technical writers, test engineers and configuration management specialists. Commercially significant software is produced by these organizations over a lengthy period of time, in which there is the normal turnover of personnel within the organization. One of the problems with negligence as a plaintiff's theory is that the nature of software development is frequently a series of iterations, lurching forward through what are sometimes referred to as software "builds" or "releases." Assigning a specific time, place or person of negligent behavior is unrealistic.
The premise that programmers are professionals has been challenged by one commentator on the grounds that there is no licensing body, there are no standards embodied in law for programmers and there are no minimum education requirements. In a New York state tax case, the court held that a systems designer/senior computer programmer was not a professional, as understood in New York' s tax law, but instead was conducting a commercial or business enterprise.
C. Misrepresentation and Its Limitations
Courts have allowed fraud actions based on misrepresentation in regard to software or computer system claims. Frequently, however, the fraud claims based on misrepresentation are dismissed outright on summary judgment or subjected to a clear and convincing evidentiary standard. None of the four cases discussed in this article involved an injured party in a direct contractual relationship with the computer or software vendor. Legal theories of negligence or strict liability, which grant rights arising out of the operation of law, appear most appropriate.
D. Negligence and Its Limitations
Two major approaches to the issue of negligence and software-related injuries have been developed in the literature - first, negligence is appropriate but difficult to prove, and second, UCC remedies are so broad that there is no practical need for a negligence action. Avoiding contractual disclaimers, limitations of remedy and notice requirements enforceable under the UCC would appear vital to many plaintiffs, and that suggests negligence as a preferred theory for a claim.
The problems confronting a negligence action, however, are not insignificant.
Is it unreasonable to supply a program with bugs, given that it is assumed that almost every program has some bugs that will be discovered only in the course of long use? The problem of defining the standard of care is exacerbated by the absence of any accepted national professional standards. Relatedly, it may be extremely difficult to show that a breach of a duty of due care is the proximate cause ...since it is often difficult to pinpoint just what has gone wrong.
...Affirmative defenses may also pose difficulties ... since defendants are often able to make a good case that misuse of the program, such as by submission of unacceptable data, has at least played a part in the malfunction.
One commentator has argued for an expanded version of res ipsa loquitur. However, the attempt to find some middle ground for res ipsa, easier for a plaintiff than negligence, but fairer to a defendant than strict liability, appears too "mushy" to be persuasive. The fact that dozens or hundreds of people may organize to produce a software product in many releases, over many years, makes pinpointing a negligent omission or commission unlikely to be satisfactory.
E. Remedies under the UCC
A persuasive argument has been made that tort theories for computer litigation are unnecessary in view of the breadth of the remedies available under the Uniform Commercial Code:
As the case law reflects, unintentional tort theories currently play a limited role in litigation against providers of allegedly defective computer software. Plaintiffs in such cases typically allege only economic loss in the form of business interruptions and lost profits, and thus are barred from recovery on negligence or products liability theories in most states. . . . [I]t is still difficult to draw a persuasive analogy between computer programming and those professions that have traditionally been held to a malpractice standard. The rare plaintiff who has suffered direct injury to person or property will be able to take advantage of unintentional tort theories, but in most cases such a plaintiff will have a less burdensome avenue of recovery under the Uniform Commercial Code.
To that "rare plaintiff", however, the advantages of a tort claim are important and may be essential: contractual disclaimers and limitations are ineffective; extra-contractual representations that might otherwise be barred under the parol evidence rule are admissible; all damages flowing proximately from the tortuous conduct are recoverable; there are longer statutes of limitations; and privity is irrelevant. Since the problems with a negligence action have already been identified, the natural path of claimants will be an action based on products liability.
WHY STRICT PRODUCTS LIABILITY IS APPRORIATE
Once software is identified as a product, the arguments for applying products liability theory can be made on the grounds of policy, by analogy to other product liability actions for defective design of complex machinery and the relative helplessness of third-party claimants to make choices that would limit their vulnerability. Although one court has declined to reach the products liability issue in an early case, the cases discussed in this article are noteworthy on an important point: software is a component part of a larger computer system, about which there is little question that products liability law may attach. In addition, once the products liability action is maintainable against the computer system vendor, in theory software as a component part can lead to vendor liability under circumstances that already have been well-developed in litigation.
The relationship between hardware and software in any given system may be highly complex and unique. The amount of effort and concomitant responsibility for the final system is best evaluated on a case-by-case basis. The entire computer system itself may be a component part of a yet larger system, such as in the building energy management system in Sparacino. But this is no different legally from the questions that are already confronted in delegability-component parts liability questions.
A. Design Defects
" To win a tort recovery in a product suit, one must show that the product had a defect."  This seemingly self-evident statement raises a well-known and previously mentioned problem: all commercially significant software has defects. By the time a product is completely debugged, or nearly so, most likely it is obsolete.
Where personal injury is present, however, it would appear relatively straightforward for a court to conclude that the particular defect that caused the injury is in a different and more dangerous class than other types of software bugs. Particularly if software testing is included under the general rubric of "system design," the idea that flaws can be segregated into categories is difficult to refute. Indeed, for years the Defense Department has categorized degrees of software bugs in the development of its software standards.
If the premise of categorization is accepted, then showing a feasible alternate design usually would be easy for plaintiffs' experts after an injury has occurred, since software programming is a kind of blank slate. More realistically, the extent and thoroughness of the testing effort should be the major focus of the evaluation as to whether a design is defective and unreasonably dangerous. Arguably, the "design" of software is a few board level concepts about data flow and data transformation, algorithms that are frequently mathematical or mechanical in their operation, and a long and painstaking effort to trap and eliminate bugs. To paraphrase Marshall McLuhan, the debugging is the design.
B. Failure to Warn
A manufacturer's duty to warn depends heavily on the expertise and sophistication of the intended and foreseeable user. Courts are more sympathetic when the expected user is unsophisticated. In each of the cases discussed in this article, the injured claimant was a third party decidedly not in the position of an expert.
Computer products usually are sold to sophisticated users, who act as intermediaries between the software developers and the unsophisticated potential tort claimant. A recurring situation is that the intermediary is an expert in a particular line of endeavor - for example, radiotherapy or pharmacy or energy management - but not an expert in computer systems and their limitations. Two questions may be raised in such circumstances: (1) who is responsible when the software/computer system works as expected and designed, and the injury is caused by a misunderstanding as to what the system was intended to accomplish, or (2) which party - the software vendor or the expert user - had responsibility for making the choices about implementation and use.
A related underlying issue is how much justifiable reliance may be placed by an expert on a particular computer system installation. A computer system frequently is a complex tool, applied in a complex situation. Most warnings require some judgment about what dangers are likely, and that judgment does not exclusively reside with either the expert or the software vendor. All systems have limitations, and limitations may demand warnings. Does a software developer have a duty to warn "real-world" expert intermediaries about what they already know or should know?
Product liability tests for delegability also may be invoked to determine who had the greater responsibility for understanding the implications of design choices and the responsibility for giving appropriate warnings.
C. Manufacturing Defect
Once software is designed and a version of the executable code created, further "manufacture" is simply a question of making copies onto appropriate media. Although the possibility exists that defects in the media or method of copying could create a bug, the changes appear remote that such a bug would be both undetectable when the software is loaded and also critical. Rather simple techniques, such as comparing the byte count of the original version to the copied version, are standard in the software industry to prevent these problems.
A. Sparacino v. Andover Controls Corp.
Dominic L. Sparacino, the plaintiff, a chemistry teacher employed by the school district for 18 years, arrived at school at 6:00 a.m. to prepare chlorine gas for a senior honors chemistry experiment, a procedure he had performed numerous times for many years. He entered the classroom and turned on the lights and the radio. The radio ran on current provided from an outlet in the hood of a large exhaust fan. Sparacino prepared the chemical solution, and after the chlorine gas began to form, he flipped the switch on the exhaust fan to vent the dangerous gas. The exhaust fan failed to operate. After flipping the switch several times, he ran to open a window but could not avoid breathing the chlorine gas, which caused acute bronchial damage and chronic respiratory and cardiac problems.
Andover Controls Corp. manufactured the school's computerized energy management system, and Communications Management Corp. (CMC) installed it. The system was programmed to be inoperative until 6:30 a.m. There was no notice given as to what hours the exhaust fan could be operated, nor were teachers warned that particular appliances or switches would be inoperative at certain times. There were no manual overrides to the fan.
Sparacino brought a products liability action against CMC and Andover. CMC the dealer, counterclaimed against the manufacturer, Andover , for contribution.
The trial court granted summary judgment in favor of Andover . The Appellate Court of Illinois affirmed, holding that the energy management system was neither defective nor inherently dangerous, as it performed exactly as it was programmed to do, and that Andover had no duty to warn CMC of a merely conceivable danger that someone would be injured by a chemistry experiment performed during non-occupancy hours.
The court's holding that "Andover's product was not defective or inherently dangerous because the EMS [energy management system] performed precisely in the manner in which it was programmed to perform" demonstrates the difficulties that courts may have with computer software liability. Absent a hardware failure, all computer software always performs in the manner in which it is programmed. It can do nothing else. Even when bad data are entered, computer software always will perform in the manner in which it is programmed because the "manner in which it is programmed" is the software. Software does not break or wear out, and it runs the same way the 500th times as it did the first. In Sparacino, there was no allegation of hardware failure or bad data entry.
The Sparacino court also appears to confuse the relationship between an application program and user-programmability. The court stated: " Moreover, the EMS is user programmable, which allows the customer to write his own strategies into the system. The EMS is shipped without any program built in and the dealer organization, CMC in this case, supplies the actual application program which should conform to the specifications of the user," in this case, the school district.
Andover almost certainly was the developer of the "applications program." Most likely, CMC programmed the system in only a very limited sense, probably making selections from a range of choices developed by Andover. It is unlikely that CMC developed an applications program, but a quick test to determine which organization really developed the system would be to determine who owns the source code and has legal authority to license it. Possession of the source code is generally clear-cut to software professionals, and usually it is the source code that is copyrighted.
A court that attempts to determine who "programmed" a particular device ought to inquire as to who owns the source code. If the answer is the manufacturer - in this case, Andover - then that is the organization entitled to the term "programmer." This is true regardless of whether the executable code it copied onto disk, burned into firmware, downloaded via modem or delivered on magnetic tape or optical disk. The Sparacino court's use of the terms "program," "application program" and "user programmable" is imprecise and misleading.
Significant fact questions are left unanswered in Sparacino because in granting summary judgment, the court obtained neither the alternative explanation that adverse experts could have provided, nor took the time necessary to understand the technical relationship between Andover' s product and CMC's use of that product.
The Sparacino court held that Andover did not have a duty to foresee that CMC "would integrate the user-programmable EMS in a dangerous or defective manner." The question then resolves itself into the familiar problem of the delegability of a duty, either to warn or to provide adequate safeguards, when a component parts manufacturer provides goods to a subsequent assembler. The court did not provide any detailed reasoning for its decision. After announcing "Whether the plaintiff's injury was foreseeable by the manufacturer, and whether a duty to warn existed are questions of law," it cited the deposition of Andover' s director of marketing three times on critical factual points and concluded that there was "no way Andover would know that the EMS was installed in a dangerous manner."
Preferable would have been use of the Verge test - developed trade custom, relative expertise, and practicality.
Applying the first Verge inquiry - developed trade custom - would require expert testimony that was precluded in Sparacino by the grant of summary judgment. Andover's director of marketing asserted the system was user programmable, that it could have been overridden, that schools often utilize an occupancy schedule, that he was not aware of any instance in which an occupancy schedule harmed a user, and that Andover did not install or wire the system in a way to disable the exhaust fan. The court agreed that "there was no way Andover would know that EMS was installed in a dangerous manner."
Statements such as "it could have been overridden" are almost invariably true in regard to software. Software developers usually do not install or wire the systems their software. The conclusion that there was no way Andover could know of the danger is questionable. No evidence was developed on the trade custom for suppliers of computerized energy management systems or how foreseeable problems relating to the disabling of building appliances are usually handled.
The second part of the Verge test is relative expertise, and the facts suggest that all the parties, including those not joined, were experienced in this type of commercial activity. Given the fact that the "programming" choices that Andover provided to CMC were to meet a specification, Andover had a strong argument that the architects, energy consultants, design engineers, contractors and CMC were in a better position to evaluate the potential need for safety measurer, such as a manually wired override or a warning on exhaust hoods. The importance of an exhaust hood for chemistry laboratories is probably better appreciated by a school building designer and architect than by a computer system vendor.
The third part of the Verge test is practicality - at what point is installation of safety devices or warnings most feasible. Here, Andover also has a strong argument that it was most feasible for the contractor or installing dealer to install safety overrides or post warnings. The system¿s functions were dependent both on programming decisions and electrical wiring decisions by others, and those others knew the school environment as well or better than Andover.
On balance, it appears that the grant of summary judgment in Sparacino was not patently unjust. If the three prongs of Verge were used, Andover would have had strong arguments on relative expertise and feasibility. But the court's reasoning contributed little to an understanding of how to resolve these questions relative to software, and the court naïvely assumed that the deposition and affidavit of the director of marketing for Andover answered the hard technical questions.
The court's reasoning had to do with the facts of the system design, not law, making summary judgment inappropriate. It found that the danger of a chemistry teacher's performing an off-hours experiment producing dangerous gas was "merely conceivable" and not foreseeable. But if the foreseeability problem were stated more generally - for example, "Is it foreseeable that a subsequent vendor installing the system might disable an important function? - an answer favorable to the plaintiff and CMC, at least surviving a motion for summary judgment, would have been more likely.
B. Frye v. Medicare-Glaser Corp.
Stephen Frye, being medicated with Fiorinal, a prescription drug, drank alcohol and died, apparently as a result of the combination. Corina Frye, administrator of his estate, alleged a failure to warn of the dangerous effects of combining Fiorinal and alcohol. Count I of her complaint asserted a claim against Dr. John Barrow for medical malpractice. Count II joined Medicare-Glaser, the pharmacy that filled the prescription, and Evelyn Nightengale, a registered pharmacist employed by Medicare-Glaser. The complaint stated that although the Count II defendants "had no duty to warn of the dangerous side effects of the drug in the first instance; they undertook to warn, did so negligently, and caused the death of Stephen Frye."
The trial court granted summary judgment to Medicare-Glaser and Nightengale, accepting their contention they had no duty to warn.
Frye underwent arthroscopic surgery performed by Barrow, who prescribed Fiorinal. Barrow did not include any instruction in the prescription regarding warning labels. In preparing the label, Nightengale entered patient information into the Medicare-Glaser computer, which printed the labels. She stated in a deposition that three standard warnings would be suggested by the computer for Fiorinal: drowsiness, alcohol, and impaired ability to drive.
The computer was programmed to print an additional document that listed warnings that might be applied to the container, and those warnings could be given as separate cautionary labels or could be combined into one label. Nightengale attached two labels to the container of Fiorinal. One showed a sleepy eye and stated "May Cause Drowsiness" and the other "CAUTION: Federal Law prohibits the transfer of this drug to persons other than the patient to whom it was prescribed."
Nightengale stated in her deposition that she did not use a third possible label warning about the effects of alcohol when used with Fiorinal because she "believed people might be offended to think that she believed they drank."
On appeal, the Illinois Appellate Court held that the only issue was whether a pharmacist could be liable for undertaking to warn of dangerous side effects and doing so negligently. The court noted that under the learned intermediary doctrine, Medicare-Glaser and Nightengale had no initial duty to Frye regarding Fiorinal warnings. But since the plaintiff alleged a voluntary undertaking to warn, citing Section 323 of the Restatement (Second) of Torts, the court concluded that the learned intermediary doctrine should not protect a pharmacist who gives a completely inaccurate warning, stating, "A consumer who receives a warning from his pharmacist is entitled to rely upon the accuracy and completeness of that warning." Once Medicare-Glaser and Nightengale undertook a duty to warn, they assumed the duty to do so in a reasonable manner, the court concluded in reversing the grant of summary judgment.
In one sense, it was the computer system that prompted the undertaking of that duty by automatically generating a selection of possible warning labels. Computer torts are frequently thought of in a type of "sorcerer's apprentice" mindset: the software going haywire and causing horrible consequences. The facts of Frye are more likely to be encountered: the computer system and software, doing what they are programmed and intended to do, initiate actions that give rise to legal duties.
On the facts of Frye, two problems arise: the pharmacist did not use a system-generated warning about alcohol for a reason that must be described as irresponsible, and the content of the alcohol warning was inadequate to warn of the seriousness of the consequences. Alcohol did more than "intensify" the effect of Fiorinal. The combination apparently killed Frye.
The question of liability for the software vendor is related to how much expertise the user of that software may reasonably be expected to have. Professionals who are used to a particular computer program and the results it generates also frequently are aware of the program's limitations. They tend not to place any more reliance on the computer output than is warranted, and this may account in part for Nightengale's cavalier attitude in not using the alcohol warning. Presumably, she was aware of the fact that the Medicare-Glaser computer commonly printed multiple warning labels, not all of which were appropriate or important.
The decision whether to use a warning label was left to the discretion of the pharmacist. The more difficult case would have been if Nightengale had used the alcohol warning, relying on the accuracy of the computer-generated label, and Frye had failed to heed it because it inadequately represented the danger of mixing Fiorinal and alcohol. The reasoning of a court on such facts might be similar to the reasoning of the Frye court on the original facts. Once a duty is undertaken, a consumer is entitled to rely.
Generally, in determining what warnings are necessary, courts balance the seriousness and probability of the harm against the burden of giving an effective warning. Having a machine automatically generate a warning certainly lightens the burden of giving that warning, but keeping the label-generated software current on the latest findings for each possible prescription drug would be a daunting task.
C. Akins v. District of Columbia 
Mark Akins was seriously wounded during an armed robbery committed by Clifford Henry Williams, who had been released on $3,000 bond after two previous armed robberies. Arraignment judges had released Williams twice in the preceding three-month period. The third release was based on information provided by the District of Columbia Pretrial Service Agency, whose report noted that Williams had prior juvenile arrests but did not mention the two previous armed robberies because the agency's computer, which had been installed and was maintained by International Business Machines Corp., failed to operate.
Acting pro se, Akins sued the District of Columbia, the agency and its employees, and IBM. Specific facts as to why the computer failed to operate were never developed, in part because the suit was dismissed by the trial court on the ground of the public duty doctrine - that the district and its employees could not be liable for failing to protect individuals from harm caused by criminal conduct.
The District of Columbia Court of Appeals affirmed. Addressing the possible liability of IBM, the court reasoned that IBM's negligence would have to be the legal proximate cause of the injury to Akins. Since there was a criminal act intervening between IBM's purported negligence and the plaintiff's harm, the court required that the injury be highly foreseeable before finding liability.
Standing alone, Williams¿ criminal assault of appellant might possibly be considered a remotely foreseeable result of computer failure at the PSA, but when combined with the intervening inaction of the PSA, and the discretionary decision of the arraignment judge, there is no way to interpret appellant's allegations as showing that appellee IBM had actual knowledge of, or good reason to anticipate, Williams¿ assault. 
Akins demonstrates difficulties for plaintitfs similar to those present in Sparacino and Frye: multiple intervening parties between the developer of a computer system, or software to perform a specialized task, and the party ultimately suffering the harm. In Sparacino and Frye, the applications of the computer system were in specialized areas, and at least one intervening party had as much or more expertise as the developer of the software could normally be expected to have.
In Akins, however, the significance of previous offenses in a bail hearing is arguably not an area of expertise. Arraignment judges are not necessarily law school graduates; nor is there any law school education requirement typical for administrator of pre-trial services. Ordinary common sense, however, would suggest that there might be serious consequences of a failure of a computer system to recall relevant information about an arrestee's prior record. Surely it also is foreseeable that armed robberies may directly cause personal injury. Nevertheless, the conclusion of the Akins court was that there was no way to interpret Akins's allegations as showing that IBM had actual knowledge of, or reason to anticipate Williams' assault.
That result might reflect a pro se plaintiff's procedural shortcomings and pleading deficiencies, rather than reaching any underlying merits. Given the public duty doctrine and approach to foreseeability adopted by the Akins court, even if Akins had pleaded his case and proceeded faultlessly, the result most likely would have been the same.
Akins could have argued that the resulting injustice is analogous to the injustice identified by the New Jersey Supreme Court in the landmark case of Henningsen v. Bloomfield Motors, Inc. We have a rapidly expanding computer society in which the most significant systems frequently are operated by the state or under state license. In Henningsen, the court found it necessary to "break through the narrow barrier of privity" because of the commercial realities of mass marketing. By analogous reasoning, it could be argued that there should be a breakthrough of the barriers imposed because of the realities of large-scale governmental computer systems. Akins¿s position is sympathetic because the public duty doctrine and a narrow notion of foreseeability are not a satisfactory answer to a seriously wounded victim of a crime committed by an armed robber who was three times in state custody and whose behavior was not difficult to anticipate. Public policy arguments can cut both ways, and public policy arguments supporting the imposition of strict liability are applicable here.
Akins also might have argued that IBM was in the business of selling the product that caused the harm. Assuming that the product reached the purchaser, the District of Columbia, without substantial change, and assuming the cause of the failure existed at the time the product left IBM's control, the harm resulted when the product was used in a reasonably foreseeable manner, and the person harmed was a foreseeable plaintiff. The only element remaining is that the defect was the cause in fact and proximate cause of the harm to the plaintiff. The flexibility of causation arguments is well known.
For defense counsel, the current claim preclusions are desirable, but if they gradually give way to social and commercial pressures in the way the warranty disclaimers did in Henningsen, defense arguments will have to be more specifically tailored to the facts of particular cases. In Akins, the IBM system was not a component part, but it did function as a tool in the hands of a system of court administration whose ultimate responsibility rests on experts: the judiciary and the legislature. Most likely, IBM provided a system that met specifications created by the District of Columbia, and it could avail itself of the contract specifications defense, which is premised on the idea that meeting contractual specifications places liability with the author of the specifications.
IBM might argue that the information on Williams's arrest record was available through a manual search of the records, or that the agency used or maintained the system incorrectly, or failed to supply adequately trained employees to operate the system. Computer crashes of new computer systems also are foreseeable, and any purchaser of a new system may have a duty to maintain a workable back-up system for some reasonable period of time. these arguments could work in conjunction with the defenses of contributory negligence or comparative fault.
Several states have provided by statute that it is an affirmative defense that the product conformed to the state of the art at the time of its manufacture. In other jurisdictions, state of the art evidence is admissible. Given the reputation of IBM in the computer industry as being in the forefront of developing technology, the combination of the contract specification and state of the art defenses may be as successful for the defense bar as foreseeability in conjunction with the existing public duty doctrine. Less well-known computer vendors also may be successful in showing they perform at the state of the art, particularly since in the specialized niches that characterize the computer and software industry, many, if not most, of the companies that survive do so by staying on the forefront of a particular area of technology.
D. Jones v. Minnesota Mining and Manufacturing Co.
In Jones, a complex set of facts pertaining to an experimental treatment for prostrate cancer gave rise to an action by two plaintiffs against multiple defendants.
Two physicians, radiotherapists Simmons and Murrell, began treating cancer of the prostrate by implanting a radioactive seed of Iodine-125. Apparently they received little detailed training in this method of treatment, and they relied heavily on the information provided by the manufacturer of the seed, 3M, in marketing the product. From 1977 to 1979, they implanted 18 patients, of whom Arthur Young and Donald Jones were approximately 12th and 13th. The computations for the dosage delivered to the patient depended on the number of seeds implanted, their initial radioactive strength, the age of the seeds and their implanted location.
A computer and a software program were purchased to assist in the calculations. The output of the computer program was delivered in terms of rads per hour. To determine the actual dosage a patient was receiving, the rads per hour figure was converted to arrive at total rads in a year, the ultimate figure. Initially, the software did not make this last conversion from rads per hour to total rads. Apparently at some point the software was modified to make the conversion, but the evidence suggested that modification was made after the treatments to Young and Jones.
The death of Jones and the injuries to Young were caused because the conversion factor used to convert rads per hour to total rads was erroneous. They ultimately received about five times the amount of radiation they should have.
3M's main argument was that there was no duty to warn of dangers actually known to the user of a product, or alternatively that any duty to warn had been satisfied. The plaintiffs contended that the product was unreasonably dangerous or unavoidably unsafe.
The New Mexico Court of Appeals reversed the grant of summary judgment to 3M on the products liability claim, holding that there was a fact issue as to the radiotherapists' knowledge of the nature and extent of the danger, which precluded summary judgment on the issue of the adequacy of 3M¿s warnings. The only information given to the radiotherapists by 3M was marketing material that overestimated the benefits of radioactive treatment by seeding and understated or ignored the risks.
Summary judgment for 3M on the express and implied warranty claims was affirmed, however, because the court found that any affirmations made by 3M were not part of the basis of the bargain.
The court first held that products liability law applied, a point not disputed. The trial court had ruled there was no duty to give a warning which would "educate the treating physicians in correct treatment procedures." Although the parties disputed whether there was a duty to warn, both agreed that whatever warning was required should have been given to the radiotherapists.
The court reasoned that adequacy of the warning was not an issue on the appeal from summary judgment, stating that it made no difference whether the plaintiff's argument was that the seeds were unreasonably dangerous or unavoidably unsafe. 3M contended that actual knowledge by the radiotherapists extinguished a duty to warn whether that duty was advanced under Comments I or k to Section 402A of the Restatement (Second) of Torts or under negligence.
The court agreed, observing that no one needs to be reminded of what he already knows and attributing the harm directly to the erroneous conversion factor: "The decision to increase the number of seeds was based on erroneous dosimetry, and the erroneous dosimetry, in turn, was based on the use of the erroneous conversion factor."
Left unanswered was the question of who had the duty to provide and verify the correctness of the erroneous data. The Jones court decided only the narrower legal question of whether the radiotherapists were to be dismissed on a motion for summary judgment because their existing knowledge precluded any duty on the part of 3M to warn.
In Jones, apparently the capability of the program was enhanced to make the conversion calculation, but this was done after the overdosing of Jones and Young. The ultimate harm would have occurred with or without the aid of a computer in the faulty calculation, because the underlying data supporting the calculation was faulty. But the issue of who bears the responsibility for supplying correct initial data does not automatically point away from the vendor of the software.
The legal problems involved are analogous to legal issues related to supplying information in a map or aeronautical chart. The Ninth Circuit, in dicta, has stated:
Aeronautical charts are highly technical tools. They are graphic depictions of technical, mechanical data. The best analogy to an aeronautical chart is a compass. Both may be used to guide an individual who is engaged in an activity requiring certain knowledge of natural features. Computer software that fails to yield the result for which it was designed may be another.
Generally, the contents of books, magazine and newspapers are deemed not to be products, whereas an aircraft landing chart has been held to be a product. If data constitute a product subject to product liability law, software vendors may not be able to escape liability simply by pleading that they received the data from a recognized expert, even if the expert is the purchaser and user of the system that is being developed. Strict liability under Section 402A can impose liability on all the sellers of a product, up and down the chain of vertical privity. Under principles of comparative negligence, the software developer has an argument that its burden of liability should be proportionally diminished. The software vendor is usually not in a position to check each piece of data supplied by physicians or a hospital for medical and scientific correctness.
In Jones, in which the facts suggest an individual or small group of individuals associated with a university supplied the software, the medical malpractice carrier of the radiotherapists, hospital or other health professionals are more likely targets for a plaintiff. But if the software vendor were IBM or a software house dedicated to developing medical software, comparative negligence might not work equally well as a shield from liability, again reasoning from analogy with landing chart/airplane crash cases.
The defense of actions based on the faulty supply of data to a software vendor may be similar to asserting the contract specifications defense. Defendants were successful in another airplane crash case in arguing that the defect in the chart was not the proximate cause of the crash because that conclusion would involve accepting the idea that the pilot had acted reasonably in disregarding other accurate words and figures.
Defendant software vendors can argue that even if the data supplied were defective, those using that data did not act reasonably in failing to pay reasonable attention to other indications that something was amiss. This type of argument seems to be applicable to Jones: the radiotherapists increased the dosages beyond the recommended levels because they were getting dosimetry reports on the amount of radiation the patients were receiving that were unaccountably low. Those reports should have triggered a more thorough investigation, and that type of medical and scientific investigation is beyond the scope of a software vendor's duty.
Perhaps the most well-settled issue in this developing area is that software can be considered a product, both for purposes of tort liability and for application of the UCC. The reason this issue is well-settled is that there have been hundreds of cases pertaining to software and computer contract disputes. Cases in which software causes injury are still rare, whether that software was sold by an independent vendor or developed and sold in a complete package with hardware. Under negligence theories, strict liability theories or the UCC, an injured party does not need to be in privity with the provider of the product, so claims against software products implicated in personal injury will not have to meet a privity barrier either.
Beyond this, conclusions must be regarded as more speculative. The tort of "programmer malpractice" is not recognized in the vast majority of jurisdictions. It is unlikely that it will be, since as software grows more complex, it becomes more and more like other pieces of highly complex machinery. Courts do not look for individual "designer malpractice" in product liability actions against electrical power plant machinery, paper manufacturing or converting machinery, or other large capital equipment.
It is unlikely they will do so for software. There are no licensing bodies for software programmers, no national standards that are enforced, no mandatory educational requirements, and the definition of what constitutes a "competently designed" software product is highly subjective. All software has flaws. How significant those flaws are depends on the intended use of the product and the expertise of the user, as well as the economic issues relating to how much software can cost and still be commercially viable.
The software implicated in the injuries discussed in the four cases summarized in this article "worked" three times. The injury in Sparacino was caused by the fact that the system was deliberately programmed to disable appliances after hours. In Frye, a label was computer generated, although arguably that label was inadequate to give a complete warning, and was discarded anyway. In Jones, an erroneous constant was initially used, making all further calculations erroneous whether performed by hand or machine. Only in Akins was there an overt system malfunction so that fault would flow clearly to the vendor of the software and/or complete computer system.
It can be expected that in future software implicated injuries, the program will usually "perform as programmed." Courts should not rely on that formulation as a substitute for detailed fact finding.
Misrepresentation normally will not be a favorite choice of theories for plaintiffs. In each of the four cases discussed, no representations were made to the injured parties. Negligence suffers from many of the same problems as "programmer malpractice." Identifying who was negligent, or what the negligence consisted of, in the software arena is extremely difficult. If a negligence claim were pursued, in practice it might be much like a products liability claim. The focus would be on the product itself. A difference between negligence and product liability might arise if the amount of testing done on the product were allowed into evidence on one theory but not another.
Extensive testing goes to rebut the allegation of negligence; it is direct evidence on the standard of care of the product provider. Evidence of testing, extensive or otherwise, might not be admissible under a theory based on strict products liability. This article argues, however, that the amount of testing done should be considered part of the design, and hence, should be admissible for both plaintiff and defendants under either theory.
Although the UCC give remedies to injured third parties, the purposes of the UCC seem inapposite where the action is for injuries caused by some type of alleged tortuous behavior on the part of product providers. The argument that the UCC provides a complete set of remedies hinges on the assumption that there will be very few personal injuries caused by software. So far, the number of cases justifies this assumption, but software and computer products continue to invade the lives of hundreds of millions of people. Although the predictions of mass "computer-tort" have been premature, it is not clear that they are wrong.
Appellate courts have not rejected the idea of a products liability action for software. In all four cases discussed, ultimately the software product vendor was found to be too remote to be held for liability, but for a variety of different reasons. Since software is always a component part of a larger system, the traditional defenses associated with delegability and component parts manufacture will continue to play a large role in the defense of an action against a software product provider.
If the software vendor is not successful in a motion for summary judgment, then issues of design defects, failure to warn or manufacturing defects, will come into play. A design defect is highly problematic for a software developer, since, with enough time and effort, software can be programmed in nearly any way desired. In some respects, a design defect and a failure to warn almost merge in software development, since if there were enough knowledge to create a duty to warn, arguably it would be irresponsible in most cases not to "fix" the bug.
The more significant duty to warn might develop when the software system has limitations, as do all computer systems, but this is so fact-specific that no projections are offered. Possibly the issue of delegability will be important here also. Given the nature of "manufacturing" a software product, which usually involves copying a piece of software onto new media, it is unlikely that this will be a significant focus of litigation.
Defenses based on shields provided to government contractors are of great significance in the software and computer system arena because the most dangerous systems usually are developed under contract to the government. This provides several lines of defense for software vendors: the traditional government contractor defense, foreseeability and public duty doctrine, and the contract specifications defense. If commercial realities, such as were developed by the Henningsen court, begin to chip away at these defenses, then product providers will need to show that their products met reasonable expectations. The state of the art defense may serve the defense bar well in jurisdictions where it is available. Software vendors may be held liable, as are aeronautical chart makers, for faulty data, regardless of the source of that data, but nothing concrete has developed to indicate how the courts will approach this issue.
In general, plaintiffs are still better advised to pursue more traditional professional malpractice, voluntary undertaking or negligence claims where they are available. Software is a component of a computer system, and that system is normally a tool in the hands of an individual or organization with resources and expertise. Where possible, the line of least resistance for plaintiff will be premised on the negligent conduct of the defendant in the use of all its tolls, including its computer system and installed software.
 Vincent M. Brannigan & Ruth E. Dayhoff, Liability for Personal Injuries Caused by Defective Medical Computer Programs, 7 AM. J. LAW & MED. 123 n.2 (1981) [hereinafter Brannigan & Dayhoff]. Similar predictions are found in Jim Prince, Negligence: Liability for Defective Software, 33 OKLA. L. REV. 848 (1980); Daniel J. Hanson, Easing Plaintiff¿s Burden of Providing Negligence for Computer Malfunction, 69 IOWA L. REV. 241 (1983); Susan Nycum, Liability for Malfunction of a Computer Program, 7 RUTGERS COMPUTER & TECH. L.J. 1 (1979)[hereinafter Nycum]; Michael C. Gemignani, Product Liability and Software, 8 RUTGERS COMPUTER & TECH. L.J. 173 (1981) [hereinafter Gemignani].
Contra is John M. Conley, Tort Theories of Recovery Against Vendors of Defective Software, 13 RUTGERS COMPUTER & TECH. L.J. 1 (1987) (arguing that personal injuries are rare and that UCC provides adequate remedies) [hereinafter Conley].
 Note (Bonna Lynn Horovits), Computer Software as a Good under the Uniform Commercial Code: Taking a Byte out of the Intangibility Myth, 65 BOSTON U.S. REV. 129 (1985) [hereinafter Horovits]; Conley, supra, note 1.
 See Tozer v. LTV Corp., 792 F.2d 403 (4th Cir. 1986) (government contractor defense shields either under negligence or strict liability theory); United States v. Johnson, 481 U.S. 681 (1987) (while action was barred, it is likely that air traffic control software was used or misused in negligent vectoring of helicopter).
 Edward H. Shortliffe, Computer Programs to Support Clinical Decision Making, 258 JAMA 61 (1987) ("There is no evidence that machine capabilities will ever equal the human mind's ability to deal with unexpected situations, to integrate visual and auditory data that reveal subtleties of a patient's problem, or to deal with social and ethical issues that are often key determinants of proper medical decisions.")
 592 N.E.2d 431 (Ill.App. 1992).
 579 N.E.2d 1255 (Ill.App. 1991).
 526 A.2d 933 (D.C.App. 1987).
 669 P.2d 744 (N.M.App. 1983).
 See, e.g., In re Repetitive Stress Injury Cases Pending in U.S. Dist. Court for E.D. N.Y., 142 F.R.D. 584 (E.D. N.Y. 1992), in which 44 cases were consolidated for injuries allegedly caused by the routine use of computers, adding machines, checkout scanners, etc.
 See Conely, supra note 1, at 3 ("That program instructions are intangible does not rule out UCC applicability, as programs can be identified, moved, transferred and sold in the same manner as other pieces of personal property classified as goods."); Horovits, supra note 2, at 154 ("[S]oftware does not differ from any other product that is designed, patented or copyrighted, manufactured, and made available for consumer or commercial acquisition.").
 Advent Sys. Ltd. v. Unisys Corp., 925 F.2d 670 )3d Cir. 1991); Triangle Underwriters Inc. v. Honeywell Inc., 604 F.2d 737 )2d Cir. 1979); RRX Indus. Inc. v. Lab-Con Inc. 772 F.2d 543 (9th Cir. 1985); Chatlos Systems Inc. v. National Cash Register Corp., 479 F.Supp. 738 (D. N.J. 1979). But see Data Processing v. L.H. Smith Oil Corp., 492 N.E.2d 314 (Ind.App. 1986) (where custom programming services were bargained for and disks and magnetic tape were involved incidentally, programmer's skill which was being purchased, not a good under UCC).
But some authorities are still cautious. In MARSHALL S. SHAPO, 1 THE LAW OF PRODUCTS LIABILITY ¶ 7.03 (2d ed. 1990) [hereinafter SHAPO], the author places computer programs under the heading "Speculative Applications."
 See Analysts Int'l Corp. v. Recycled Paper Products Inc., U.S. Dist. LEXIS 5611 (N.D. Ill. 1987); Chatlos Sys., 479 F.Supp. at 740-41.
 Data Processing, 492 N.E.2d at 319.
 Gemignani, supra note 1, at 190.
 In the Matter of Whittemore v. Tax Commission of New York, 461 N.Y.S.2d 576 (App.Div. ¿ Dep't 1983) (Section 703 of New York Tax Law exempts law, medicine, dentistry or architecture, and any other profession from unincorporated business tax).
 Glovatorium Inc. v. NCR Corp., 684 F.2d 658 (9th Cir. 1982) (where demonstrator system was much faster than delivered system and system was never designed to perform advertised functions, fraud claim upheld, including punitive damages); Dunn Appraisal Co. v. Honeywell Information Sys. Inc., 687 F.2d 877 (6th Cir. 1982) (assurances by system seller that extensive software conversion could be conducted as part of sale found to be positive misrepresentations, permitting compensatory and punitive damages.) See also Triangle Underwriters, 457 F.Supp. 765 (fraud in inducement upheld).
 See, e.g., Chatlos Sys., 479 F.Supp. at 748-49; Herbert Friedman & Assoc. Inc. v. Lifetime Doors Inc., 1989 U.S. Dist. LEXIS 15239 (N.D. Ill.) (dismissing fraud because of failure to prove elements; dismissing negligent misrepresentation because there was no need for tort remedies for failure to comply with contractual terms); Analysts Int'l Corp. Supra note 12 (allowing claim for fraudulent misrepresentation to survive motion for summary judgment, but dismissing claims for negligent misrepresentation and tort of computer malpractice and suggesting contract law most appropriate where risks and responsibilities divided between parties to contract).
 Conley, supra note 1, at 16 (footnote omitted).
 Hanson, supra note 1, at 248-62.
 Conley, supra note 1, at 32.
 Id. at 2, citing Special Comm. on Computers and the Law, Tort Theories in Computer Litigation, 38 REC. ASS¿N BAR CITY N.Y. 426, 427 (1983).
 Chatlos Sys., 479 F.Supp. 738.
 See, e.g., Bilotta v. Kelly Co., 346 N.W.2d 616 (Minn. 1984) (manufacturer may not delegate duty to design reasonably safe product); Bexiga v. Havir Mfg. Corp., 290 A.2d 281 (N.J. 1972) (manufacturer cannot leave responsibility for safety to ultimate consumer); Jiminez v. Dreis & Knump Mfg. Co., Inc. 736 F.2d 51 (2d Cir. 1984) (that safety guard impairs utility of machine is relevant but not controlling on jury question whether machine without guard is reasonably safe); Mott v. Callahan AMA Mach. Co., 416 A.2d 57 (N.J. App. 1980) (applying trade custom, relative expertise and practicality of installation of safety devices); Verge v. Ford Motor Co., 581 F.2d 284 (3d Cir. 1978) (developed trade custom, relative expertise, practicality test); Union Supply Co. v. Pust. 583P2d 276 (Colo. 1978) (applying substantial change test).
 SHAPO, supra note 11, at ¶8.01.
 Id. at ¶ 19.06 and  (discussing technology oriented products).
 If data are downloaded via telephone lines or other telecommunication devices, this problem is more significant, but also beyond the scope of this paper. To this writer's knowledge, no cases have surfaced that resulted in personal injury because of faulty data transmission.
 592 N.E.2d 431 (Ill.App. 1992)
 581 F.2d 284 (3d Cir. 1978)
 579 N.E.2d 1255 (Ill.App. 1991).
 "The rule ¿ provides that manufacturers of prescription drugs have a duty to warn prescribing physicians of the drugs' known dangerous propensities, and the physicians in turn, using their medical judgment, have a duty to convey the warnings to their patients," 579N.E.2d at 1257, quoting Kirk v. Michael Reese Hos. & Medical Ctr., 513 N.E.2d 387 (Ill. 1987). The Frye court also cited precedent that pharmacists have no duty to interject themselves into the physician-patient relationship.
 "One who undertakes, gratuitously or for consideration, to render services to another which he should recognize as necessary for the protection of the other's person or things, is subject to liability to the other for physical harm resulting from his failure to exercise reasonable care to perform his undertaking, if
"(a) his failure to exercise such care increases the risk of such harm, or
"(b) the harm is suffered because of the other's reliance upon the undertaking."
 526 A.2d 933 (D.C.App. 1987).
 Id. at 935-36, citing Lacy v. District of Columbia, 424 A.2d 317 (D.C.App. 1980).
 161 A.2d 69 (N.J. 1960).
 See DAVID A. FISHER & WILLIAM POWERS JR., PRODUCTS LIABILITY CASES AND MATERIALS 55 (1988) (listing six basic elements of a strict liability claim).
 E.g., ARIZ. REV. STATE.ANN. §39:9; IND. CODE § 33-1-1.5-4(b)(4); IOWA CODE § 668.12; NEB. REV. STAT. § 25-21, 182.
 669 P.2d 744 (N.M.App. 1983).
 "i. Unreasonably dangerous. The rule stated in this Section [402A] applies only where the defective condition of the product makes in unreasonably dangerous to the user or consumer. Many products cannot possibly be made entirely safe for all consumption, and any food or drug necessarily involves some risk of harm¿. The article sold must be dangerous to an extent beyond that which would be contemplated by the ordinary consumer who purchases it, with the ordinary knowledge common to the community as to its characteristic.
 Winter v. G.P. Putnam's Sons, 938 F.2d 1033, 1036 (9th Cir. 1991) (emphasis supplied). Mushroom enthusiasts in California became severely ill, requiring liver transplants, after eating mushrooms in reliance on a reference work on mushrooms published by the defendant. Summary judgment for the publisher was affirmed because the court declined to expand products liability law to embrace the expressions in a book.
 A leading case is Flour Corp. v. Jeppesen & Co., 216 Cal.Rptr. 68 (Cal.App. 1985) (reversing judgment for defendant landing-chart publisher and remanding because trial court failed to give instructions to jury on strict liability). See also AMERICAN LAW OF PRODUCT LIABILITY § 119 (3d. ed. 1987).
 See AMERICAN LAW OF PRODUCT LIABILITY §119:10, summarizing the holding of Brocklesby v. United States, 767 F.2d 1288 (9th Cir. 1985), cert. denied, 474 U.S. 1101: "Restatement of Torts 2d §402A was applicable to a seller even if the seller exercised all possible care in the preparation and sale of its product and even if the defect in the product had originated from a component part manufactured by another party. The court added that in light of defendant's testing procedures and its failure to detect the defects in the instrument approach procedure, the jury could reasonably have found that defendant had been negligent in failing to warn users of the latent defects in the chart."
 Aetna Casualty & Sur. Co. v. Jeppesen & Co., 642 F.2d 339 (9th Cir. 1981).