California Law Demands More Security From Connected Devices

California is looking to make the Internet of Things more secure.

• By Sydny Shepard
• Oct 02, 2018

California is demanding greater security from connected devices and the Internet of Things. Gov. Jerry Brown has signed Assembly and Senate bills that require hardware makers to include "reasonable" security measures for connected devices. All gadgets will require at least some kind of protection against unauthorized data access.

If a device connects to the internet, it will have to require either a preset password, "unique to each device manufactured," or else the ability to generate a new authentication method (like a custom password) on initial setup. This will help strengthen cameras that were vulnerable to attack because they all used the same default password. 

The laws are set to take effect on January 1, 2020, giving tech companies plenty of time to build the features into their products. The companies, however, are still hesitant about complying.

The California Manufacturers and Technology Association (which includes companies like AT&T, Intel and Honeywell) told Government Technology that the state was imposing "undefined rules" and had allegedly created a "loophole" that let imported devices avoid the rules. The Entertainment Software Association, meanwhile, claimed that existing laws already covered reasonable privacy protection.