California governor Jerry Brown signed a new cybersecurity law governing the internet of things. The bill (SB 327) mandates that any maker of an internet connected or “smart” device ensure that the gadget has a “reasonable” security feature to “protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure”.
Effective January 1st, 2020 any device that can be accessed outside a local area network without a personal password, needs to either come with a unique password for each individual device or force users to create their own password the moment first time connect.
While the bill is a bit vague in its wording which may complicate some development or implementation in the future, it has overall been praised as a great step in the right direction towards a more robust cybersecurity standard. The vagueness of the bill could have been done purposefully in order to allow it to further encompass unexpected developments.
In doing so IoT vendors would be expected to keep up with the development of state-of-the-art security standards change or improve upon their own as time goes on. Any bill that is written in a way that is too specific could have the unintended consequences of creating a bare minimum safeguards necessary or hamstring the vendor's developments. The bills harshest critic Robert Graham says that the flaws lie in the fact that the bill focuses on adding good features instead of eliminating bad ones.
Regardless of how it is being debated, we here at PCP see any measure to better protect the individual and their privacy as a step in the right direction. Any action towards improving the status quo and giving the end-user and added layer of security is always welcomed.
While the law is currently localized to California, the other 49 states can I expect to see the fallout from this bill passing. As IoT vendors seek to make their products adherent to California standards, residents of the other states would likely see these products enter their markets as well. It could be something similar to the auto industry and its efforts to meet California's strict MPG/emission standards in order to tap into the lucrative Market of the nation's most populous state. The results of their efforts will be passed on to the rest of the nation for what appears to be the better in this case.