California passes cybersecurity law for connected devices, receives mixed feedback

It’s official: California is the first US state to regulate IoT security after Governor Jerry Brown signed the bill into law. The law, which takes effect on Jan. 1, 2020, was first introduced in 2017 and has been discussed ever since. It addresses weak security and information privacy by demanding manufacturers provide ‘reasonable security features’ for connected devices released on the market.

“This bill, beginning on January 1, 2020, would require a manufacturer of a connected device, as those terms are defined, to equip the device with a reasonable security feature or features that are appropriate to the nature and function of the device, appropriate to the information it may collect, contain, or transmit, and designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure, as specified,” states the official document.

“The lack of basic security features on internet connected devices undermines the privacy and security of California’s consumers, and allows hackers to turn everyday consumer electronics against us,” said Sen. Hannah-Beth Jackson, who introduced the bill. “SB 327 ensures that technology serves the people of California, and that security is not an afterthought but rather a key component of the design process.”

This is not the first attempt to regulate IoT cybersecurity: in the past other bills were presented to Congress but didn’t make it to the final stage.

The new law will have a significant impact since California is the first state in the US to go down this route to protect consumers and demand security improvements. It in fact received mixed feedback. While some consider it a first step to regulate and improve security for connected devices, there were also critics claiming the law was rushed and vague, as it leaves room for interpretation.

The law was signed together with the already criticized net neutrality law – which the Trump administration is attempting to block by suing California.

One comment

  • By Linda - Reply

    This is a hoax. A very expensive hoax. If California wants to foot the bill for this I guess they can. But It’s more likely they will want everyone else to pay. IBM is the only company that has managed to create computers that no one could hack but the PC’s are popular and people bought them. Then they connected them. And then they connected them to the internet. And yes the internet is dangerous and most people have no idea how to protect their devices nor do they want to spend the time or money to learn. The government cannot keep pacifiers in every mouth. I just don’t think they can do it spending anything short of a fortune on every person. Meanwhile people will remain homeless and hungry and in need of a variety of other things. The result would most certainly be a reduction of access to the internet. “For our own good”. I just don’t think this will fly with current technology. I was an IT professional for over 30 years.

  • Add Comment

    Your email address will not be published. Required fields are marked *