Skip to main content
  1. Home
  2. Smart Home
  3. News

California passes bill that regulates security for Internet of Things devices

Patrick Hearn
By

A home full of Internet-connected devices can spur privacy concerns, and California plans to do something to help keep them from arising. The California State Legislature passed a first-of-its-kind bill on Internet of Things (IoT) security titled SB-327 Information Privacy: Connected Devices. and sent it to the governor for his signature. The bill introduces regulations for all connected devices sold in the United States.

A quick read-through shows the bill leaves a lot to be desired. Specific guidelines are not established, and many features that need to be included in a bill centered around security are not present. For example, manufacturers should be required to perform a security audit on components purchased from overseas.

Despite not being complete, this legislation is a step toward much-needed oversight of security measures. Manufacturers like Google and Amazon place strong security protocols on their products, but even these can be broken by a determined hacker or via a weak link in a connected system. A bill like this will place pressure on American manufacturers to ensure all connected devices provide device-level protection against attacks.

A connected device is defined as any device that connects to the Internet and has an IP or Bluetooth address. As anyone could might, a lot of different products meet that definition. Here’s the exact wording of the legislation:

1798.91.04. (a) A manufacturer of a connected device shall equip the device with a reasonable security feature or features that are all of the following:

(1) Appropriate to the nature and function of the device.

(2) Appropriate to the information it may collect, contain, or transmit.

(3) Designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure.

(b) Subject to all of the requirements of subdivision (a), if a connected device is equipped with a means for authentication outside a local area network, it shall be deemed a reasonable security feature under subdivision (a) if either of the following requirements are met:

(1) The preprogrammed password is unique to each device manufactured.

(2) The device contains a security feature that requires a user to generate a new means of authentication before access is granted to the device for the first time.

Editors' Recommendations

Despite its new features, Astro is still impractical for most people
Astro looking at a dog on a couch.
Amazon Astro gets new pet- and security-focused features
Astro looking at an open front door of a home.
Everything announced at Amazon’s 2022 Fall Event: new Echos, Fire TVs, Kindle Scribe, and more
Amazon Astro in a build with Ring Virtual Security Guard on its screen.
New Ring cams get radar, fresh design, and now they can dispatch Amazon Astro’s robot
Ring Spotlight Cam Pro wired on a wall.
New Amazon Echos bring ‘dot displays’ and mesh networking, plus models for kids and cars
The Echo Dot with Clock sits on a table.
Blink gets a wired floodlight camera and a pan-and-tilt mount
amazon blink wired floodlight mini mount reveal pan tilt 1
Bluetti’s EP600 is better, lighter, and more modular than ever
Bluetti EP600 stack safe to use indoors for outages.
Experts warn AI assistants are hurting the social development of children
Wear OS - Google Asssitant
The best robot vacuums for high-pile carpet
Mother and daughter with Roborock S5 Max smart vacuum.
Zendure’s SuperBase V power station is industry-first with Semi-Solid State Tech
Zendure SuperBase V power station product image.
Grab this Roomba alternative while it’s ridiculously cheap today
Trifo Maxwell robot vacuum on a white background.
The history of the Amazon Echo
Amazon Echo sitting on a sidetable.
What we want to see from Google’s fall event
google fall event 2022 smart home predictions made by