AG Rosenblum Testifies on “Internet of Things” Legislation

April 29, 2019
• Posted in ,

Oregon Attorney General Ellen Rosenblum testified today before the Oregon Senate Judiciary Committee in support of HB 2395, which aims to better protect individual Oregonians’ privacy and personal internet-connected devices from cyberattack. The protections in the bill require manufacturers to provide reasonable security for the “Internet of Things” (IOT) such as virtual home assistants, home security systems, internet-connected toys, kitchen appliances, and other internet-connected devices. Some experts estimate that there will be 25 billion connected devices by 2020.

“Protecting the privacy and security of Oregon consumers in this age of Big Data is really important. The term “Internet of Things” broadly refers to the growth of everyday consumer devices (“things”) which are connected to the internet.  And, because all of these devices connect to the internet, they become vulnerable to external attack and exploitation in ways unthinkable only a few years ago,” testified AG Rosenblum.

Under the proposed legislation, a manufacturer must build reasonable security into an internet-connected device. The security must be appropriate to the nature and function of the device, and be designed to protect the device from unauthorized access. The goal of the legislation is to encourage IOT manufacturers to put reasonable security features into their products from the inception of the device. “We have learned that waiting until later is much less effective and may be impossible,” Rosenblum said.

“These devices are starting to embed themselves in some of the most intimate areas of our personal lives: our front doors can be unlocked remotely, our living rooms have a device “listening” for our next request for a weather report, our children’s toys record our child’s voice and send the recordings back to a company. There is even one internet connected thermometer that, when it detects a fever, sends that information to advertisers for disinfectant products,” continued AG Rosenblum’s testimony.

AG Rosenblum has been a leading advocate for stronger privacy and security laws since first realizing the need shortly after taking office in 2012.  In 2017, Rosenblum initiated and helped pass a law that holds companies accountable for complying with their online privacy policies. The Oregon Unlawful Trade Practices Act now clearly applies to the privacy terms consumer agree to prior to downloading an app or other online tool.

In 2015, Rosenblum also initiated and helped pass a law that prohibits online education sites, services, and apps from compiling, sharing or disclosing K-12 student information for any purpose other than educational purposes. The Oregon Student Information Protection Act ( OSIPA) balances protecting students while giving companies room to develop in the digital education market.

During several legislative sessions, including the current session, Rosenblum has worked to strengthen Oregon’s Data Breach laws, the Oregon  Department of Justice has settled several significant data breach actions, including against Uber, since the law was updated.

The Oregon Department of Justice (DOJ) is led by Attorney General Ellen Rosenblum, and serves as the state’s law firm. The Oregon DOJ advocates for and protects all Oregonians, especially the most vulnerable, such as children and seniors.