Morris Manning & Martin, LLP

California's New Internet of Things Law is a Step in the Right Direction


In the fall of 2016, a large portion of the internet, from Netflix to Twitter, became inaccessible on the East Coast of the United States. This was a result of a massive denial of service attacks that we now know as the Mirai Botnet attack. Over 600,000 internet connected devices were infected, crippling that part of the internet. We learned that this attack was accomplished by hacking the default passwords of regularly used internet of things (IoT) devices such as home routers and surveillance cameras. Recently, Amazon Ring cameras have been subject to a series of cyberattacks, with one video showing a hacker harassing a child directly through the camera. These new headlines demonstrate there is an alarming number of internet-connected devices that lack basic security features, making them vulnerable to hackers. 

These types of IoT cyberattacks were the impetus for the enactment of California's IoT law that is set to take effect on January 1, 2020. 2018 Cal. Legis. Serv. Ch. 886 (Senate Bill 327), (to be codified at Cal. Civ. Code Section 1798.91.04). The law is the first of its kind and will attempt to establish cybersecurity standards for connected devices where none have existed before. The technology industry innovates at a rapid pace and does not always take the time to build in security features into new products. This law is aimed at getting device manufacturers to think about the cybersecurity protections needed to protect the devices they are creating and then incorporate those protections into the device. 

Read the full article here. Subscription required.