California's New IoT Law
By Yasel Hurtado
Dee Margolis was satisfied with her ADT home security system, an added safety measure to the gates of her community. However, after a home invasion in her Calabasas community, she and four neighbors decided to upgrade their security. Margolis purchased a Ring Video Doorbell system through ADT.
The Ring system records a clip of the front door each time the doorbell is rung. With the Ring mobile app on their phone, users can check who’s at the door and speak to them whether they are home or not.
Margolis purchased the Ring to enhance safety for herself and her family; the possibility of a hacker remotely breaching the system never crossed her mind.
“It doesn’t concern me, I don’t care if someone can access video footage of my front door,” said Margolis.
The problem is, a seasoned hacker could access more than just video. The Ring is considered an Internet of Things (IoT) device. Because each IoT device is either connected to the internet or bluetooth, it has an IP address. Once a hacker attains this information, they would have a direct line to the rest of devices on the same network, and access it all.
“The bottom line with IoT is that will live in a very interconnected world. Whether you are at work, home, your car, or out in the community, you and your information may be connected to a variety of devices that are gateways to internet,” said James Baker, Interim Director for Industry Outreach at the California Cybersecurity Institute of California Polytechnic State University, San Luis Obispo.
More and more of our lives are online these days, which has led legislators to be concerned with cybersecurity and the safety of personal information.
On Sept. 28, California became the first state with an internet of things cybersecurity law. The name of the bill is SB-327 Information privacy: connected device, and it was signed by Governor Jerry Brown.
Essentially, this means every gadget in our home that can connect to bluetooth and the internet must be made with certain security features that prevent it from being hacked.
The bill aims to “create a common sense security requirement for internet connected devices that can evolve as technology evolves,” according to a press release on Senator Hannah-Beth Jackson’s website.
Senator Jackson introduced the bill in 2017, but it wasn’t until late August of this year that it passed state senate. Her concern with cybersecurity came after hearing about a children’s doll called My Friend Cayla.
The doll, created by Genesis Toys, must be connected to bluetooth through a smartphone app in order to access all of its features. The most troubling feature of the toy is that it has the ability to respond when asked any question, therefore it can detect and store audio. Due to safety concerns, the doll has been banned in Germany, however in the United States you can still easily pick one up Wal-Mart.
Although this specific toy spurred Senator Jackson’s action to create Senate Bill 327, she sought cybersecurity for all devices with this legislation.
“This was a measure whose time has been long overdue,” Jackson said. “The landscape of technology is ever-changing; it’s up to the policy-makers to be proactive.”
It turns out, California has been the most proactive state in creating legislation in cyber security, as it is the first state to pass such a bill.
Jackson attributes this to the fact that a lot of technology is designed and built here. Tech giants like Google, Apple and Facebook all call Silicon Valley home, so it makes sense that the state is wary of cybersecurity.
“Our consumers are more aware and educated about the risks,” Jackson said.
The bill won’t officially go into effect until Jan. 1, 2020. Until then, consumers must take safety measures to protect their personal information from online hackers.
“People should be very mindful of the information that they transmit online because anyone with the right knowledge could have access to it,” Jackson said.