Interpreting California's IoT Security Law SB 327
In our last post we talked about California’s SB 327 Information privacy: connected devices law. Today we’re going to discuss what it takes to comply with the law. Our conversations at CES 2018 have revealed much confusion on this point. Please keep in mind that we are not attorneys and you should seek council to mitigate your risk until there’s more clarity on compliance such as approved certification programs.
On September 28, 2018, California governor Jerry Brown signed into law the Information Privacy: Connected Devices Act, CA SB 327/AB 1906. The law requires that any connected device sold in California after January 1, 2020 must implement “reasonable” security measures. Despite the understated fanfare, this law will set in motion a series of events that will be monumental for IoT.
HSPA, LTE Cat 1, LTE Cat M, NB-IoT, Wi-Fi, Zigbee 802.15.4, Zwave, Sigfox, LoRa, RPMA, Weightless, and BT-LE are just a few wireless technologies vying for your IoT device, and this doesn't even include satellite networks. Are all these networks really going to survive? Why can't IoT adhere to the "Highlander Principle" (there can be only one)? To answer these questions, we need to learn about a theory developed during World War II.
It is not uncommon for manufacturers to spend months evaluating communication options before starting a device design, and then change course several times during development as new information is uncovered or new technologies start getting deployed. This series of articles will hopefully reduce both planning time and design rework. In this first post we overview all the factors that affect the choice of communication technology.