The California Senate passed legislation Monday intended to beef up security on wireless routers, televisions, children’s toys and other smart devices that connect to the Internet.
The measure — SB 237, by Sen. Hannah-Beth Jackson, D-Santa Barbara — directs manufacturers to equip Internet-connected gadgets with “reasonable” security features, such as the ability to change passwords or detect hackers. And it leaves it up to the industry to decide what is reasonable — a key concession made by Jackson when she narrowed her bill to address concerns raised last year by business groups and the tech industry.
“Given the rapidly evolving nature of technology, we are leaving it up to the industry’s best judgment to determine what security is reasonable for each type of device,” Jackson told her colleagues on the Senate floor when she presented her bill.
The tech industry had argued that Jackson’s earlier bill would have led to overly burdensome security features on everyday products that Californians use, and they argued that existing state and federal laws protect consumers.
The earlier version of SB 327, for example, included a requirement that gadgets must alert a consumer whenever data is being collected from their device — with either an audio or a visual signal, such as the blinking red “record” light on a video camera.
The coalition of opposition that formed led Jackson to pull her bill from a vote last year while she worked to alleviate their concerns. On Jan. 17, the group officially pulled back their opposition in a letter and took a “neutral” position — organizations including TechNet, CompTIA, The Internet Coalition, the State Privacy and Security Coalition, and the California Chamber of Commerce.
Andrea Deveau, vice president of state policy and politics for TechNet, described Jackson’s bill as unnecessary because it “tracks with current statute as it relates to privacy protections.”
But her organization dropped its opposition because “Senator Jackson removed those provisions which would have been impossible to comply with,” she told Techwire in an email.
Jackson, who has contended that her bill would deter the theft of personal and sensitive information, said most Californians are concerned that their devices might one day be hacked.
“There’s no question, colleagues, that technology has and will continue to revolutionize our lives,” Jackson said. “But it is up to us as policymakers to ensure that technology serves the people of California and that security is not an afterthought but rather a key component of the design process.”
Lawmakers approved the bill by a 28-9 vote without any debate. It now heads to the Assembly for consideration.