California poised to pass new IoT privacy law – San Francisco Business Times
SB 327, which pointedly focuses on Internet of Things devices like smart home appliances and smart office sensors, was handily passed by both houses of the California state assembly last month, and advocates expect that Gov. Jerry Brown will sign it into law. The bill is simple, requiring IoT device manufacturers to do two things: equip devices with “reasonable security” features and force new users to create their own password before using the device for the first time.
The bill doesn’t specify what security measures IoT manufacturers need to take nor does it lay out what best practices to follow, beyond ditching default passwords. What exactly counts as a “reasonable” security measure ambiguous, some in the security industry say, making the law difficult to interpret at best and ineffective at worst.