Lucia Laprida v. UCU USA Inc.
Court of Appels of Washington
October 22, 2018
Court of Appels of Washington
October 22, 2018
OPINION BY: ARCAUS
The facts in this case are as follows: Lucia Laprida, a student at UCU, decided to join a program promoted by her university through its subsidiary in the United States called UCUSI. This program offered the possibility of connecting to a central computer known as "Secure Server", which offered the possibility of studying to use their iPads from abroad, and store information about their investigations in the "Secure Server" bank. Lucia was doing her thesis by this means, but everything was accidentally deleted by a UCUSI employee.
Lucia sued UCUSI, but also Steve's Sales, who was the manufacturer of the server, and finally, sued Beoing, since, the Central Storage Memory Bank (the "bank") was provided by this. The trial judge dismissed the claim to Beoing. In turn, UCUSI cross claimed against Boeing.
First, I will describe the arguments and evidence made by the parties, and in the end I will give my opinion on all points alleged by the plaintiff and the defendants.
The plaintiff alleges contractual liability against UCUSI, saying that it clearly breached an express warranty, because the defendant offered the possibility of storing data on a server called "Secure Server", which is a warranty because it highlights in its name the essential element of security and generates a lot of confidence to those who use this service. This induced the defendant to entrust her most important work to the server. It is clear that it is not essential that a server is fully secure, in fact, in the markets you can find servers for homes called "NAS", which have no security, so if a server stands out in its name the word "security", the applicant concludes that it is an express warranty.
On the other hand, Lucia say that there is an implied warranty that was violated. On this occasion it states that by explicitly offering "prepare research papers by storing all research material", it is understood that, implicitly, a server that stores extremely important information must have sufficient security to avoid loss of information. Lucia argues that, if you store a physical good in a warehouse, the expectation is that the good will not disappear and return to her hands, and if it does not, they must pay the damages, and similarly it would be the same with an intangible asset, such as information, if stored in a certain place, the expectation is to recover it or charge the damages.
In addition, as stated in Chysky case, when a consumer implicitly or explicitly discloses the purpose for which he obtains the goods, and there is a trust in the seller, there is an implicit or explicit guarantee that "the products shall be reasonably fit for such purpose." In this case, it is easy to visualize what the purpose was, since not only the plaintiff warns it, but explicitly the defendant promotes that use, therefore, the requirement in this case is even greater.
It is indisputable that the defendant knew the importance of the information stored in their servers, since they were created for that purpose, and UCUSI conducted a huge advertising campaign for students to access the program.
In Randy case, the reasons why the advertiser of a product inviting consumers to use it were extensively commented on, cannot avoid being held responsible if their statements caused damages.
Also, the applicant emphasizes that it complies with the rules established in the Codling test: she used the product in the appropriate manner and for the purpose for which it was promoted, that is, kept the information of its research on that server. Nor did he notice any defect in the operation, and when it stopped working it was too late to do anything about it. In addition, it is such a complex technological product that, it is beyond the consumer's reach to understand why or how the article works and, therefore, even further away from its scope to detect when there may be a defect (Colding).
Lucia also alleges negligence on the part of UCUSI since everything is derived from an employee of the same, who negligently erases all the information. When it comes to a service with this kind of information, a minimum error can cause great damages, therefore, precautions must be taken, principle that is extracted from MacPherson: who "invites another to make use of an appliance is bound to the exercise of reasonable care." According to Lucia, a poster is not enough to prevent a disaster, real measures must be taken that physically prevent an accident from happening, and even warn new employees that under no circumstances should they go to unauthorized places, something that was not done.
Finally, the applicant states that UCUSI acknowledged its error after having changed the Bank model to a safer one. This means that it was defective, in that case, a defect in the design, since it did not have the necessary security. In the Lancaster case, it is emphasized that a subsequent modification is proof that they did not act prudently when deciding on its final design. Leaving in evidence, according to Lucia, another negligence on the part of UCUSI.
On the other hand, UCUSI defended itself in the following terms: In the first place, it denies the existence of an express warranty of security, that name was given to the server "Secure Server" since it prevents information theft and any other hacking technique or cracking, and not for the possible loss of information. Protection against the latter is found in the Central Storage Memory Bank and not in the server as a whole. Therefore, the name serves for general confidence, but only in terms of possible leaks of information.
He also denies that there is an implicit warranty, he says that the only explicit warranty was the advertised, in summary, access to information in all parts of the world, and that warranty was fully executed. Do not confuse the purpose, which is to instantly access information from anywhere in the world, with the alleged purpose claimed by the applicant. The server was not created with the intention of being a center of backup or protection of important information, the purpose was clearly not that. The product was advertised for the "UC For Me" program whose mission was that students could study in other parts of the world from their iPads, and to study, it is necessary to have a place in which to order information, but not a place in which protect that information.
The importance of the information although it is known by UCUSI, alleges that, since the aim was not to protect, who has the ultimate responsibility of looking for a safe place of information is Lucia. Nobody with reasonable diligence leaves the most important information of his life in the hands of a single company, it is always possible that failures or problems occur that prevent temporary or definitive access to the information, failures that have even happened to large companies such as Google, Wikipedia, Microsoft, etc.
UCUSI continues its argument saying that it is not likely that a person only keeps that important information on the cloud, without having it also in its internal memory of the device, or in any other device. Lucia was not diligent making a backup of her information, backups are highly recommended and, above all, necessary in this type of information, all companies and people with knowledge in the area warn that the only way that the information is totally sure of possible data losses and possible corruptions, is through a backup.
Following this line of thought, UCUSI alleges that it did not comply with the Codling test, since it did not use the product properly. As stated, the purpose was to be able to access information remotely, not to protect the data. Therefore, if Lucia had used in a normal way, making backups periodically and using the servers only to access the information through the internet (while her backup was safe at home), many damages would have been prevented. As stated in Goldberg, everyone is aware of the dangers that certain things entail, in this case, how dangerous it is to not have such important information backups.
Regarding the accident committed by the employee, UCUSI argues that it took the necessary precautions training all the personnel and, prohibiting access to unauthorized places to untrained workers. If a person ignores the warnings installed in UCUSI, it is not due to lack of diligence of the company, since it is not expected that a company has an army to protect the entry of untrained personnel. For the fault and negligence, it is necessary that common, reasonable measures have not been taken and that every average man would take, and it is not reasonable to install an army to defend a database. This was solely the fault of that employee.
Finally, UCUSI defends itself by saying that the change of the product is due to business decisions aimed at improving the quality of the services, not for that reason it is admitted that they were negligent. The valid question here, is if the previous model was correctly chosen, and the answer is yes, it is reasonable to choose a model with the sole purpose of being accessible from all parts of the world, for this, the maximum protection was not necessary.
Lucia regarding the lawsuit against Steve's Sales Corp for breach of the express security warranty, for the name given to the server, argues that there is liability because, although there is no privity, in the Greenberg case it is established that this rule must be revised, and finally in Randy case, the traditional privity was dispensed with when there is an express warranty. In the same case, it is emphasized that, in a world with so much publicity, when the express warranty is false, the consumer is harmed by his confidence in those warranties.
In addition, it alleges that although Steve's Sales Corp may be held responsible for the falsity of its warranty, and Boeing Airplane Company for the security defect of its product, it would be only after a long litigation process, it is late, useless and extremely expensive, at the same time that it is complicated by all the interruptions that could happen, such as insolvency, disclaimers, etc.
In turn, it is based on Goldberg arguing that, if an article when used for the normal purpose is likely to generate a danger (in this case, the damage would be the loss of information), if it is not designed properly, the manufacturer and the seller are responsible in case of non-compliance with the implicit warranty of the law.
On the other hand, it also argues that the purpose of extending the scope of the warranty is to impose the burden on the manufacturer that put its product on the market, and that consumers have fewer tools to detect the defects of products of that complexity, however, other companies like the three defendants, do have that capacity. The article in the hands of the consumer is mysterious and too sophisticated.
According to Lucia, is part of the negligence of Steve's Sales Corp not to ensure that their products have the necessary security, since the purpose for which UCUSI would use it was known. Not only did he provide a misleading name to the server, but he is also responsible for not warning that the product would not serve that purpose. This is proved with the subsequent behavior of Steve's Sales, they began to develop a safer model after the failure.
Finally, both Lucia and UCUSI blame Boeing, the argument of both is that Boeing had manufactured a defective product without the necessary security. Lucia emphasizes once again that they immediately began developing a safer Model B with Steve's Sales, which shows the lack of security.
In response, Steve's Sales Corp alleges that Goldberg requires normal use by the consumer, and that the product may cause a hazard. However, who used negligently was UCUSI and not the consumer or Steve's Sales, so, the only responsible is UCUSI because of his negligence.
On the other hand, Steve's Sales argues that, as established in the Greenberg case, Judge Froessel ruled that, the modification and extension of liability was only for that specific case and for those specific facts, and however much he may want expand the responsibility, that should be left to the legislature. On the other hand, it is unfair to hold a diligent retailer responsible, who has not committed negligence or error of any kind, for a supposed defect of a product manufactured by Boeing.
For its part, Boeing Airplane Company bases its defense on the fact that its product, the Model B, was sold as a cheap product, without much protection and with inferior safety qualities to the Model A that it also offered, the latter being more expensive, because of the better protection and a better quality in terms of safety. All this information was known by UCUSI and by Steve's Sales Corp, who decided, despite the lack of security, to buy that product.
The product did not have a design flaw, simply the diligence of whoever had it in their hands should be greater to avoid damage, and that is obvious. If a person buys a lower quality product to save money, his expectation cannot be that the product is of a higher quality. Even the product did not fail due to a defect, a lack of warning or its poor quality, it was a total oversight on the part of UCUSI, which did not prevent untrained personnel from having contact with such a complex product.
It is undeniable, according to Beoing, that the lack of protection was warned UCUSI, and that he also wanted the product despite their concerns. Whoever wants a cheaper product and is willing to take a risk, which is not imminent, is the one who should take responsibility. It clarifies that the risk is not imminent since it did not occur due to the normal use of the thing; on the contrary, there was a person without knowledge who came into contact with the product, that is, it was a negligent use, and not a normal use.
In addition, Boeing alleges that the developing of a new product is not synonymous that the previous one had a failure. It is well known that the world of technology advances day by day, it is a sector that is constantly developing new systems, designs and increasingly advanced products. If a technology company does not update its components, all its products will be obsolete and many customers will be lost. In addition, after the negligence of UCUSI, Boeing products got a bad image, and the only way to change that is by offering a better service to customers, and assure them that Boeing cares about the safety and welfare of the customers.
A technology company lives in constant updating, and for that reason it should not be held responsible. The old design used was never offered as a high-quality product. If the customer uses the cheap product for something so important and does not take the necessary care, it is not Boeing's responsibility.
First of all, as a judge, I must specify many points. First, I believe that the express warranty made by of UCUSI is existent. If a service with the name of "Secure Server" is offered, it should be safe, and if it is safe only against the theft of information, against hacking or cracking, it should be warned that it is only safe against it and not against any other type of inconvenient. It is evident that a name generates confidence in the consumer, and if all those advertising strategies that give express warranties turn out to be false, the consumer who trusts in those express warranties is affected, as mentioned in the Randy case.
All these huge advertising campaigns are usually made to make the consumer trust the product, for this reason, it should be given the clearest and most accurate information possible, and not be excused later saying that it was only safe in an area and not in the another, this is totally unknown to the consumer.
In addition, it would be good to emphasize that, if UCUSI knows of the weaknesses of its server, and also decided that its purpose was not data protection, it would have been honest and fair that UCUSI take more diligent behavior by letting consumers know that the only way to avoid losing information before any inconvenience, is making backups every certain time. Warning about this, signaling that your server did not have the necessary tools to recover information that can be lost, is extremely important if it was not intended to be a database intended for protection. In this case we could talk about a defect due to a lack of warning, not from Steve's Sales or Boeing, but from UCUSI.
It is clear that the announcement of this type of thing is important, since the common user does not have the tools to detect by itself only when a server is reliable and safe, and only lets himself be carried away by the advertising of a company that he trusts. For the average consumer, this type of technology surpasses their understanding, does not know how it works or why it works, much less if it has sufficient security measures. However, I will later analyze Lucia's guilt.
On the other hand, I agree that the end of the product is not clear, on the one hand, it is called "Secure Server" but, on the other, it is promoted as a service to access information in all parts of the world. Even if we say that the purpose is only to access the information and not to protect it, it is well known that there should always be a minimum of security for the clients when the importance of the information is high.
Different would be the case of a server designed to store information not so priority, perhaps in this type of servers it is reasonable to choose a cheaper bank model without much protection. This principle derives from Chysky case, a product intended for a purpose must have sufficient and reasonable elements to fulfill that purpose.
UCUSI alleged that Lucia had to make backups, with which I agree. It does not seem reasonable to me that a person does not have a copy of such an important work. Either his thesis was not so important, or she was not diligent enough to make sure that her thesis was safe and copied in different places. It is evident that, with a medium diligence and care, any person would have avoided all this damage, especially with information as important as a thesis. Who has not been worried about losing their thesis or information of equal value? We have all made backups of that important information. Maybe not all of us do backups of absolutely all our information, but it is certain that we all worry about the information on which our future, our work and, in general, our whole life depends.
There is a special point that I want to highlight; when someone stores information in the cloud, it does not automatically erase the information in the device in which it was originally, so, I infer that, the only way that the information could be only in the cloud and not on the device of the applicant, Lucia he had to manually delete the information from his device, leaving only his most important information in the cloud. Which shows deeply his disregard for the thesis.
Much of the fault is on the part of UCUSI to not have the necessary diligence to prevent an untrained employee from entering manipulated prohibited elements, and that there is no person controlling the server. All this negligence, although it is attributable to UCUSI, it is not possible to point out that the loss of the thesis is entirely his fault. A minimum diligence of both, UCUSI and Lucia would have avoided all problems. As much as it is argued that UCUSI is a secure company that provides trust, this does not mean that the applicant should stop being diligent with their information.
Going into more technical details, it is well known that every server has at least two groups of storage units, a group for all information, so that people can access it, and a second group of storage units in which is a backup of all that information. That is to say, it is also the obligation of UCUSI to make backup of all the information, he himself alleges that he knows the risks of not making backups. Anyway, I understand that, if they did not intend to make a database for protection, perhaps it could be accepted that to save money it would be omitted to have another large storage unit for backups, since it is cheaper than is the users themselves take care of the information and use the service as a simple means to access information remotely anywhere in the world.
Again, I conclude that there was not enough care of either of the two parties, UCUSI did not make clear the purpose of the server and, Lucia did not behave like a careful person. There is a clear comparative negligence.
As for the subsequent modification made by the three defendants, each case is very different. On the one hand, UCUSI realized the error and problems involved in buying a cheaper model, knowing all the inconveniences that could cause and decided later change to the safest. If from the beginning you could have paid the most expensive model, and it was within your possibilities to grant more protection, it is not credible that the change is a simple strategy to improve your services, clearly admitting that it was not the right product.
Regarding the modification by Steve's Sales and Boeing, first I would like to analyze whether the existence of privity is necessary or not. In many cases it has been left aside, from Greenberg, where it insinuates that this theory should be left aside because it is unfair, going through Randy in which this theory is completely eliminated, the Goldberg case also speaks about strict tort liability, and they are not given so much importance to privity, even in Lancaster case where strict tort liability is finally applied also without giving much importance to privity. All these cases are more current than Chysky case, which has been far behind in time and has been modified by all those already named. Therefore, I conclude that it is possible to make an exception in privity in this case.
Returning to the modification, both are technology companies, both need a constant update of all their devices, that is a reality. It is certainly a very big coincidence that just after the problem they decided to develop a safer Model B. However, here I believe there is a confusion of terms. If UCUSI buys a cheaper product which is not suitable, does not mean that the product is defective, it should be noted that a defective product is one that has problems in its construction, design or warnings as it is indicated in Lancaster. Different is the case of a product not suitable for the task that UCUSI would develop.
UCUSI clearly knew the quality of the product and its functions, for which, we can deduce that they understood that this product was perhaps not the most appropriate, which does not imply that the product was defective. I do not think that the problem was a defect in the product, but rather a bad choice on the part of UCUSI, combined with an oversight, so it is not possible to say that Steve's Sales and Boeing are responsible, neither against UCUSI, nor in front of Lucia in this aspect.
Regarding the express warranty that Lucia alleges against Steve's Sales, I refer to the a forementioned, if the name of "Secure Server" is given, I believe it is an express warranty. If it was Steve's Sales who gave the name to the server, it must be responsible for that warranty, and not UCUSI, however, as UCUSI continued using that name to promote its product, it also has a part of responsibility for this express warranty, because it knew It was not as safe as the name indicated. Therefore, there is a shared responsibility of Steve's Sales and UCUSI against Lucia.
Regarding the implied warranty that Lucía alleges against Steve's Sales, I must say that the company warned UCUSI of the qualities of the products and gave two options, one with outstanding security and the other with weaker security, to choose. It is not possible to say that Steve's was negligent in offering a product with less security, even if he knows the purpose for which it will be used, it proved that the product worked correctly and fulfilled its objectives, and without a doubt it would have continued working if it were not for the UCUSI's negligence, which did not use the product correctly and normally. On the other hand, we have previously warned that the modification in this specific case did not imply an acceptance of a defect in the product.
If we apply the Codling Test, the defect should appear when the product was used properly, however, the server was not manipulated in UCUSI by a trained person when the information was deleted, on the other hand, UCUSI knew the weaknesses of the Bank that bought and used, for which reason it cannot allege that it did not know the frailty of the server. Finally, if Lucia had been careful enough, she would not have received any kind of damage.
Then, as a final conclusion, there is shared and compensation of negligence on the part of UCUSI and Lucia regarding the loss of information due to their fault for not using the server correctly and for not making backups. There is a shared liability between UCUSI and Steve's Sales against Lucia for the express warranty after naming the server as "Secure Server" and using it for promotion. Finally, any possible liability of Boeing in any of the cases is discarded.
The judgment appealed from should be modified according with this opinion.
No hay comentarios:
Publicar un comentario