As government agencies are beginning to pursue enforcement actions for substandard security practices, a debate is emerging around how we legally define "reasonable" security for purposes of consumer protection. Particularly as the Internet of Things begins to permeate all aspects of consumers' lives, a future with software liability looms large. It is becoming increasingly important to craft a common legal understanding around what types of practices are "reasonable" security measures. Let's debate what that legal definition should be.
Dr. Andrea Matwyshyn is an assistant professor of Legal Studies and Business Ethics at the Wharton School at the University of Pennsylvania and an affiliate scholar at the Stanford Law School Center for Internet and Society. During this academic year, she is also serving as a senior policy advisor to a federal agency.