As of the 1st January 2020, California has implemented a new security law that covers Internet of Things (IoT) devices and technologies that states that manufacturers need to implement a ‘reasonable security features‘, but there’s no denying this has left some confusion as to what this means for businesses, service users, and customers.
Today, we’re going to explore this new law, defining what it means, and then discussing whether this is a rule that other states and countries are going to follow, giving you a clear idea of what this all means in the future.
What is the Law?
IoT is an umbrella term for home gadgets and devices that connect to the internet to carry out certain tasks.
This can include anything from in-home smart thermostats, assistant devices such as Google Home or the Amazon Alexa, and smart home security cameras.
As of the turn of the decade, California declared a law that states that these devices must come with a reasonable standard of security that protects user’s data from being misused or inappropriately access by those this malicious intent.
For example, if you have an Amazon Alexa in your home, without security, what’s to stop someone hacking into your device and listening to all your conversations?
What’s to stop hackers from being able to monitor your internet traffic to see what data these devices are sending to the official servers of the services to gain your private information then?
This is why the law, Senate Bill 327, is being implemented; to protect users.
Within this law, certain requirements have been made, such as not allowing single hard-coded passwords and that every device requires a unique password to use.
Every user will need to create a new password when using a device for the first time.
What’s the Problem?
Many attorneys are arguing that the law isn’t currently enough.
Sure, the law covers the initial set up of the device, and many privacy advocates agree that this is a step in the right direction, but there are a few key areas missing.
For example, what happens when a device is updated, upgraded, or uses third-party applications and software?
There’s still no law covering the encryption of data from the IoT device to the servers that make it work, basically leaving these areas vulnerable for malicious intent.
From a company standpoint, this leaves a wealth of flexibility as to what they can legally, and many companies are simply waiting for further guidance on how to proceed.
While the law exists to protect users and their data, it doesn’t do the job thoroughly, and it’s unknown what will happen in the future.
You can find the latest updates at sites like Lawalways.
Will Other States and Countries Follow?
The chances are that countries around the world will start to implement these laws and others will follow.
User data and privacy is such a huge topic right now, and governments are being pressured immensely to ensure regulations are passed to give customers protection on things many don’t actually know about.
However, there are many issues that need to be resolved with the laws, so it will be very interesting to see whether California sets the standard, or whether another state or country will take the guiding point.
On the grand scale of things, IoT technology is still relatively new, and there are problems being addressed and considered every day.
What’s more, with the technology evolving so rapidly, there’s no doubt governments will be hard-pressed to keep up.