California Governor ‘Jerry Brown’ has reportedly signed two legislative bills focused on enhancing the privacy and security of California residents Internet of Things (IoT) devices. The two bills: Assembly Bill 1906 and Senate Bill 327 will make it compulsory for IoT devices manufacturers to ensure the privacy and safety of their customers.
The governor signed the bill on September 28, though he had time to make a decision on it by September 30. The two bills signed will become law on January 1st, 2020. This means it will be nearly 15 months for the bills to go live. The planned delay is focused on providing the IoT industry enough time to adapt to the changes rather than halting innovation, one of the lawmakers behind the legislation said.
Senate Bill 327 is the oldest one of the two recently signed bills, as it was introduced in February 2017 by the State Sen. Hannah-Beth Jackson, D-Santa Barbara, however, was amended to replicate bill AB 1906 introduced by Assemblywoman Jacqui Irwin, D-Thousand Oaks, in January, reports Government Technology.
Under the newly signed bills, manufacturers of IoT devices will have to equip themselves to include enhanced security measures for the safety of the users. The manufacturer will have to draft reasonable measures to ensure that the information they collect, transmit or store are protected from any unauthorized access, modification, disclosure, and destruction.
According to the bill, an IoT device with authentication feature on third party or outside the local area, will be considered bearing the security feature in case the device has a provision for a unique password or the user is provided with authentication tools before granting access. The bill defines connected devices as Internet Protocol or Bluetooth address devices that are capable of connecting to the internet directly or indirectly.
Jackson has growingly expressed her concern over the safety and privacy issues with the usage of IoT devices. In 2017, a smart doll dubbed “My Friend Cayla” was reportedly banned in Germany for security issues; however, it was not banned in the US which raised concern over the safety of the kids in the US. Jackson, since then, has raised questions regarding the security and privacy of IoT devices dominating smart homes like thermostats, security camera, and microwave.
Commenting on the bills Jackson said – they are focused on creating a sense of responsibility for manufacturers involved in the development of IoT devices. The Governor believes that bills are one-of-a-kind, asking respective companies involved in the manufacturing of IoT devices to take added responsibility.
Industry experts like the California Manufacturers and Technology Association (CMTA) and the Security Industry Association have questioned the true meaning of the bills when it states reasonable security features. CMTA, in fact, has criticized the bills calling them undefined legislation of the manufacturers. The association further states, the bills are likely to encourage imported device to dominate the local market, as they will be free from the implications of the legislation.