The internet-connected gadgets, devices, baubles, and geegaws we fill our homes with to perform menial tasks and surveil our every move are often times wildly insecure. And so, members of Congress are taking yet another stab at setting device and reporting standards with companion bills set to be introduced in the House and Senate today.
Referred to by marketers as Internet-of-things (IoT) devices and derided by many others as the Internet of Shit—for their general insecurity and uselessness to actual human tasks besides enabling massive denial-of-service attacks—many of these connected devices are eminently hijackable, making them an obvious target for legislation.
This new package is dubbed the “IoT Cybersecurity Improvement Act of 2019.” It’s spearheaded by almost the exact same folks—Senators Mark Warner, Cory Gardner, Maggie Hassan, and Steve Daines, as well as Representatives Robin Kelly and Will Hurd—and would seek similar standards. The burden of setting security standards would fall on the National Institute of Standards and Technology (NIST), and all devices purchased by the federal government would then be forced to comply with NIST’s guidelines.
“This legislation will use the purchasing power of the federal government to establish some minimum security standards for IoT devices,” Warner wrote in a statement.
Lawmakers attempted to get similar bills off the ground in the summer of 2017, without success. As Gizmodo wrote at the time, the legislation outlined bare-bones requirements, like allowing software updates, putting proper authentication procedures in place, and ending the use of hardcoded passwords that cannot be modified.
The incentive to win federal contracts would, ideally, compel device makers to adopt these security and disclosure guidelines across the board for their products. At the very least, it’s a start. Consider that, for every report of these devices bugging out or recording consumers without their consent, the government—which generally handles more sensitive data than civilians—buys these crap gadgets too.
Read the full Senate version of the IoT Cybersecurity Improvement Act here: