SALEM, Ore. – The privacy, safety and security features of increasingly ubiquitous ‘Internet of Things’ devices, those smart speakers and other items connected to the internet, are the focus of legislation passed Tuesday by the Oregon House.
House Bill 2395, approved 53-5, requires manufacturers to equip Internet-connected devices with reasonable security features that protect information and the device from access, destruction, modification, use or disclosure that consumers do not authorize, Oregon House Democrats said in a news release.
“From Internet-connected watches to Internet connected thermostats, as these devices are integrated into our most private areas, consumers should have the assurance that these devices are secure and fend off unwanted intrusion,” said Rep. Jennifer Williamson (D-Portland) who carried the bill on the floor. “Times change, and we must ensure that we are at the vanguard in order to ensure Oregonians have the protections they need and deserve.”
In recent years, high-profile cases like that of the Mirai Botnet which has compromised the ‘Internet of Things’ illustrate how vulnerable these devices are to nefarious infiltration. Internet-connected baby monitors have even been the subject of hacking.
The legislation, which was introduced at the request of the Oregon Department of Justice, defines reasonable security as “something that is appropriate to the nature and function of the device to protect a device from unauthorized access, destruction, use, modification, or disclosure.” That could include things like two-factor authentication and unique passwords.
“This legislation is an important step in keeping Oregonians safe from potential cyber-intrusions in their homes,” said Rep. Courtney Neron (D-Wilsonville). “We have to make sure our laws keep up with technology as it changes around us.”
The legislation, which passed the House unanimously, now goes to the Oregon Senate for consideration.