Last week a judge in the Southern District of Illinois trimmed several claims from a class action complaint made against Chrysler and Harman International Industries stemming from a 2015 WIRED magazine article. The July 21, 2015 WIRED article described the author’s experience of being a “digital crash-test dummy, a willing subject on whom [two hackers] could test the car-hacking research they’d been doing over the past year.” Less than two weeks after the article was published, on August 4, 2015, the plaintiffs filed their class action complaint Chrysler and Harman – the maker of the uConnect telematics system, which, among many things, pairs an owner’s smart phone to their car. The plaintiffs allege that they suffer pangs of anxiety and fear because of the possibility that their cars could be hacked into.
But as Judge Reagan noted in his opinion, Flynn v. FCA US LLC, No. 15-cv-855, 2016 U.S. Dist. LEXIS 130614 (S.D. Ill. Sept. 23, 2016), the WIRED experiment was conducted in a “quasi-laboratory setting.” He rejected the plaintiffs’ claims that their fear and anxiety amounted to a concrete and particularized injury required for Article III standing. “At the end of the day, four unverified safety-related reports [in a universe of over a million owners] and one safety-related hack in a quasi-controlled setting concerning a purported defect that’s been in existence since 2013 doesn’t add up to a ‘substantial’ risk of harm to the plaintiffs here.” Id. at *8. This is unlike a data breach case, the Judge added, where cybercriminals are likely to use the stolen information. “[I]n this case there is no allegation that a real world hacker has ever hacked the uConnect system to cause injury, nor is there any suggestion that hackers with knowledge of these kinds of vulnerabilities take advantage of them to injure hapless drivers.” Though some claims remain, Judge Reagan’s decision on standing to pursue damages for fear of potential “hacker harm” is noteworthy in a world of increasingly connected cars and devices.