A bill to set cybersecurity standards for Web-connected devices — from thermostats to webcams to cars — is awaiting Gov. Jerry Brown’s (D) signature after cruising through the state legislature late last month. If Brown signs it, California would become the first state to pass legislation to govern security of the Internet of Things...
The California bill, SB-327, seeks to address some of those flaws, setting baseline cybersecurity standards for IoT devices where none exist.
A most recent bill analysis is posted at California's Legislation Information website. The analysis includes a summary of existing law, a summary of this bill, background, comments, fiscal effects, and those groups in support and those opposed with a brief summary of their arguments. Here are some comments from the 8/28/18 Senate Floor Analysis:
Consumer devices that connect to the internet have moved well beyond the traditional desktop PC to include a wide variety of consumer electronics, such as microwaves, refrigerators, and children’s toys. While such capabilities may increase product functionality, many consumers are uninformed about the consequences of owning connected devices. Consumers may buy a device without realizing how it makes use of the internet, what types of information it collects, and how that information is used, until well after they have begun using the device in their home. Some internet connected toys, for example, prompt children to provide personal data verbally - including their parents’ names, the name of their school, and where they live – and explicitly reserve the right to conduct direct marketing towards kids. An alarming number of these internet connected devices lack even the most basic security features, rendering them vulnerable to hacking and coordinated cyber attacks.
This bill creates a common sense security requirement for internet connected devices that can evolve as technology evolves. Mirroring a provision in California’s Data Breach Law, this bill requires manufacturers to equip their devices with reasonable security features appropriate to the nature of the device and the information it collects.
Devices like #Alexa may seem like a “smart” idea at first, but can lead to #privacy issues in the long run. Read about how #SB327 is trying to help. https://t.co/riZit7bSy1 #IoT— Common Sense Kids Action (@CSKidsAction) September 5, 2018
No comments:
Post a Comment