Internet-connected devices sold in California, such as thermostats, televisions, and security cameras, would need reasonable security features by January 2020 under two bills headed to Gov. Jerry Brown (D).
The two identical bills would apply to devices that can connect directly or indirectly to the internet and are assigned internet protocol or Bluetooth addresses. Smart home devices like the Amazon Echo and Google Home would fall under the bills.
The proposals come amid rising privacy and security concerns about Internet of Things devices, including the potential for data collection from users.
The bills intentionally lack specifics about what reasonable security features the devices must have, Sen. Hannah-Beth Jackson (D), the author of one of the bills, has said. It is up to the manufactures to decide what steps to take.
But manufacturers argue the bills are too vague and would be fodder for litigation. They also contend the bills don’t apply to companies that import and resell connected devices made in other countries under their own labels.
S.B. 327 by Jackson won a final vote of 28-9 in the Senate Aug. 29 to accept amendments made while the bill was in the Assembly. It passed the Assembly 46-20 Aug. 28 and first passed the Senate in January.
“This bill, if enacted, will secure our smart homes and our smart cities from being leveraged against us,” Jackson said on the Senate floor Aug. 28.
An identical bill, A.B. 1906 by Assemblywoman Jacqui Irwin (D), won a final vote of 48-14 in the Assembly Aug. 30 to accept Senate amendments. It passed the Senate Aug. 29 with a 29-8 vote and first passed the Assembly in May.
The bills are joined together, so that both must be signed by Gov. Jerry Brown (D) for either to take effect. Brown hasn’t taken a position on the bills. He has until Sept. 30 to sign or veto them.
The responsibility for reasonable security for the devices would be on manufacturers or those who contract with manufacturers to make devices offered for sale in California.
Medical devices and other items subject to federal standards would be exempt from the bill.
The bills are opposed by the Custom Electronic Design & Installation Association, Entertainment Software Association, and National Electrical Manufacturers Association. They are sponsored by Common Sense Kids Action and have support from the Consumer Federation of America, Electronic Frontier Foundation and Privacy Rights Clearinghouse, among others.