Typically, courts impose liability on the party that is in the best position to minimize the harm a new product can cause.

Why not decentralize and privatize that debate by putting the costs of encryption on the same company that is reaping its benefits? If the benefits outweigh the costs, the company can use its profits to insure itself and victims of crime against those costs. Or it can seek creative technical solutions that maximize security without protecting criminals—solutions that will never emerge from a political debate. Either way, imposing tort liability makes this a private decision that companies can make with few externalities, and the company that does the best job will end up with the most net revenue. That’s the way tort law usually works, and it’s hard to see why the U.S. shouldn’t take the same tack for encryption.
—Stewart A. Baker, lawfare blog