But very few physical consumer goods are designed to be robust to adversarial or malicious use, and there is no standard of liability for such failures. On the other hand, often in these discussions, people advocate for such a standard for software products.
Consider the example of a music player that was mentioned in another comment upstream in this thread. Suppose a company sells music player software that turns out to have a RCE vulnerability when run on a maliciously crafted .mp3 file. Should they be liable?
It's helpful to consider a physical product analogy: imagine the company sold a cassette player instead. Now, let's say that someone designs a malicious tape that is lined with noxious chemicals, which when played in the cassette player causes it to catch on fire and explode. Would anyone regard the cassette maker as liable if this caused someone to die or a house to burn down?
In the Escola v. Coca-Cola Bottling Co. case that you cite, a key phrase from the majority opinion is:
> Upon an examination of the record, the evidence appears sufficient to support a reasonable inference that the bottle here involved was not damaged by any extraneous force after delivery to the restaurant by defendant.
In other words, there was no 3rd party malicious use or manipulation of the bottle: it exploded during "normal" use. If the bottle had exploded because some 3rd party had deliberately weakened the bottle, or added extra pressure before giving it to the waitress, there's no way Coca-Cola would have been liable.
> It's helpful to consider a physical product analogy: imagine the company sold a cassette player instead. Now, let's say that someone designs a malicious tape that is lined with noxious chemicals, which when played in the cassette player causes it to catch on fire and explode. Would anyone regard the cassette maker as liable if this caused someone to die or a house to burn down?
With respect, a malicious tape lined with noxious chemicals is not analogous to a maliciously crafted .mp3 file for several reasons. First a tape lined with noxious chemicals is dangerous unto itself.
Second, it is not reasonably foreseeable that a tape deck would be used to play a chemically sabotaged tape. If there were millions of tapes in circulation that could cause a tape deck to self-combust, the manufacturer would be (at least partly) liable for that foreseeable outcome. They would be required to take steps to ameliorate that possible outcome.
It is now reasonably foreseeable that software designed to open arbitrary files may be subject to a maliciously crafted attack.
Should auto-manufacturers be liable for emissions produced by cars that have had their catalytic converters stolen?
Should medicine manufacturers be liable if someone circumvents their tamper-proof seals and laces them with a poison?
Should berry growers be liable if someone inserts needles into foods that are sold at supermarkets?
All of these are crimes that are either widespread or famous from media scares that happened in the past, and thus foreseeable going ahead, but I think liability would still be limited because the resulting harms are caused by a 3rd party criminal act.
With respect, I don't see the relevance because the additional emissions caused by removing a catalytic converter are an extremely minor harm to the occupant and others. If, for example, driving a car with a catalytic converter removed caused the vehicle to explode killing the occupants (or any other significant harm), then the manufacturer and retailer would absolutely be held responsible. Physical products are required to fail safely in foreseeable circumstances.
If by my second point, you're referring to circumventing the tamper-proof seal on medications, then maybe you'd like to expand? Manufacturers, retailers, and medical staff are (jointly) responsible for medications for their entire life cycle. A retailer who sells a poisoned medication is absolutely liable, as is the manufacturer who produced a fallible tamper-proof seal (which is worse than no seal at all).
Feel free to elaborate on why you think I'm wilfully ignorant.
Consider the example of a music player that was mentioned in another comment upstream in this thread. Suppose a company sells music player software that turns out to have a RCE vulnerability when run on a maliciously crafted .mp3 file. Should they be liable?
It's helpful to consider a physical product analogy: imagine the company sold a cassette player instead. Now, let's say that someone designs a malicious tape that is lined with noxious chemicals, which when played in the cassette player causes it to catch on fire and explode. Would anyone regard the cassette maker as liable if this caused someone to die or a house to burn down?
In the Escola v. Coca-Cola Bottling Co. case that you cite, a key phrase from the majority opinion is:
> Upon an examination of the record, the evidence appears sufficient to support a reasonable inference that the bottle here involved was not damaged by any extraneous force after delivery to the restaurant by defendant.
In other words, there was no 3rd party malicious use or manipulation of the bottle: it exploded during "normal" use. If the bottle had exploded because some 3rd party had deliberately weakened the bottle, or added extra pressure before giving it to the waitress, there's no way Coca-Cola would have been liable.