[ad_1]
Governor Jerry Brown has signed two bills that could make Internet-connected device makers more accountable for protecting the privacy and safety of California residents.
On September 28, the governor's office announced that Brown had signed the law, Bill 1906, and Senate Bill 327. He had until the end of the day of September 30 to do it. Both bills will come into effect in about 15 months on January 1, 2020. This delayed effect, said one of the legislators behind the legislation, is intended to hold the industry accountable. without, however, stifling innovation and regularizing it. Senate Bill 327 is the older of the two and was introduced in February 2017 by state senator Hannah-Beth Jackson, D-Santa Barbara, but as amended currently, the senator said Government Technology, is "almost a mirror" of AB 1906, presented in January by MP Jacqui Irwin, D-Thousand Oaks.
Both require connected device manufacturers to provide them with a "reasonable security feature," tailored to their nature and function, as well as the information they can collect, store, or transmit – and that are designed to protect the device. device and its information "unauthorized access, destruction, use, modification or disclosure. "
The invoices also specify that if such a device has a "means of authentication outside a local area network", this will be considered a reasonable security feature if the preprogrammed password is unique. for each device created; or the device requires a user to create a new "authentication means" before the initial access is granted.
They define "connected device" as a device with an IP (Internet Protocol) or Bluetooth address, and able to connect directly or indirectly to the Internet.
Jackson said she had "privacy concerns for many years" and was asked to act last year after learning from her constituents and learning that the Smart doll My Friend Cayla, banned in Germany children have not been banned in the United States. She asked how IoT devices, including microwaves, thermostats and security cameras, were secure and shocked by the lack of security she had discovered.
"This bill requires these manufacturers to equip their devices with reasonable security features," said Jackson, adding that the legislation is "the first of its kind" calling for companies to consider the safety aspects of their devices. re developed and produced.
However, the question of what constitutes a "reasonable security feature" is one of many industry groups, including the Security Industry Association, the National Electrical Manufacturers Association (NEMA) and the California Manufacturers and Technology Association (CMTA) – cited in their opposition to AB 1906.
In a statement provided to GT, the CMTA stated that these bills were intended to "create a cybersecurity framework by imposing undefined rules on California manufacturers", but to create a loophole allowing imported devices to "avoid" any implementation of security features ". attractive for manufacturers, less competitive and increases the risk of cyberattacks.
"We recommend an approach that ensures the compliance and security of all connected devices, no matter where they are produced. Not only do these two measures of smothering innovation not protect consumers, but they hijack California manufacturing investment, "said the CMTA.
The Entertainment Software Association, one of three industry groups opposed to SB 327, including NEMA, said that existing legislation already requires manufacturers to put in place "reasonable privacy protections tailored to the nature of the information collected ".
Jackson said the bills still leave the industry to use their "best judgment" to determine reasonable security and disagree with the idea that the invoices could create a loophole for the imported devices.
"I think the concern is misplaced because when the products are sold in this country, they will have to meet those standards even if they are manufactured elsewhere," she said.
State law would have allowed bills to become law if they were neither signed by Brown nor opposed to his veto – but both pieces of legislation specified that they had to be signed by the governor and a Jackson staff member described this as a provision to ensure that both houses stay on the same footing.
Editor's Note: This story has been updated to indicate that the Governor has signed both laws. An earlier version was released before it was reported.
Source link
