Dear Chair Jackson: The Center for Democracy & Technology supports Senate Bill 327, which mandates certain security features and privacy disclosures for connected devices sold in California. The bill is a critical step towards imbuing Internet of Things (IoT) devices with reasonable privacy and security protections.
In an effort to raise the profile of these issues, the Center for Democracy & Technology, through a generous grant from the Hewlett Foundation, is in the midst of a two-year research project to identify both key policy issues in the world of security research and solutions to problems like the chill security researchers often face from laws.
“Malicious hacking”—using technological means to penetrate or manipulate the networks, data, or devices of others without permission is a threat to the Internet and to the health of the Internet infrastructure companies that serve as its backbone. “Hacking back” would make us all more vulnerable to more sophisticated and frequent attacks. Our focus should be on protecting networks from intrusion, rather than making them more vulnerable by turning the Internet ecosystem into a digital war zone.
Broadly speaking, net neutrality rules are the protections that internet users have in their relationship with ISPs. In this context, the rules could be thought of as a Bill of Rights for users, enumerating fundamental individual rights that cannot be infringed upon by ISPs. As defined by the FCC, the three bright-line rules are as follows: No Blocking. No Throttling. No Paid Prioritization.
Connected vehicles have tremendous potential to reshape the transportation landscape – bringing important safety and efficiency benefits but also creating new security and privacy risks. In addition, there are long-standing security and privacy issues that, if not resolved, will be compounded with the continued trends towards greater use of software and connectivity in motor vehicles. Our comments focus on three main issues: the need for secure software, the increasing dependence on critical information infrastructures, and the need for greater transparency around data privacy.