As of the 1st January 2020, California has implemented a new security law that covers Internet of Things (IoT) devices and technologies that states that manufacturers need to implement ‘reasonable security features,’ but there’s no denying this has left some confusion as to what this means for businesses, service users, and customers.
Today, we’re going to explore this new law, define what it means, and then discuss whether this is a rule that other states and countries are going to follow, giving you a clear idea of what this all means in the future.
California’s IoT Law: Will Others Follow Its Example
What is the Law?
According to Wired, IoT is an umbrella term for home gadgets and devices that connect to the internet to carry out certain tasks.
This includes in-home smart thermostats, assistant devices such as Google Home or Amazon Alexa, and smart home security cameras.
As of the turn of the decade, California declared a law that states that these devices must come with a reasonable standard of security that protects users’ data from being misused or inappropriately accessed by those with this malicious intent.
For example, if you have an Amazon Alexa in your home, without security, what’s to stop someone from hacking into your device and listening to all your conversations?
What’s to stop hackers from being able to monitor your internet traffic to see what data these devices are sending to the official servers of the services to gain your private information then?
This is why the law, Senate Bill 327, is being implemented; to protect users. (LegInfo)
Within this law, certain requirements have been made, such as not allowing single hard-coded passwords and that every device requires a unique password to use.
Every user must create a new password when using a device for the first time.
What’s the Problem?
Many attorneys are arguing that the law isn’t currently enough.
Sure, the law covers the device’s initial setup, and many privacy advocates agree that this is a step in the right direction, but a few key areas are missing.
For example, what happens when a device is updated, upgraded, or uses third-party applications and software?
There’s still no law covering data encryption from the IoT device to the servers that make it work, leaving these areas vulnerable for malicious intent.
From a company standpoint, this leaves a wealth of flexibility as to what they can do legally, and many companies are simply waiting for further guidance on how to proceed.
While the law exists to protect users and their data, it doesn’t do the job thoroughly, and it’s unknown what will happen in the future.
Will Other States and Countries Follow?
The chances are that countries worldwide will start to implement these laws, and others will follow.
User data and privacy is such a huge topic right now, and governments are being pressured immensely to ensure regulations are passed to give customers protection on things many don’t actually know about.
However, many issues need to be resolved with the laws, so it will be interesting to see whether California sets the standard or another state or country will take the guiding point.
On the grand scale of things, IoT technology is still relatively new, and problems are being addressed and considered every day.
What’s more, with technology evolving so rapidly, there’s no doubt governments will be hard-pressed to keep up.