MPs to debate landmark IoT security law:
The proposed Product Security and Telecoms Infrastructure Bill will receive its second reading in the House of Commons today in a debate to be opened by current digital secretary Nadine Dorries, as it takes a significant step forward towards becoming law.
The bill – which mandates improved cyber protections for smartphones and other smart or connected internet of things (IoT) devices – has been years in the making. Its scope has expanded over time to include new provisions that will supposedly spur the roll-out of full-fibre broadband services by making it easier for operators to upgrade and share infrastructure, and reform the process of how they go about negotiating with landowners to whose property they need access.
At its core it places strict new requirements on the manufacturers and retailers of connected consumer technology, banning easy-to-guess default passwords programmed onto devices, creating a vulnerability-reporting system, and forcing manufacturers to be upfront about how long their products will receive security updates.
Failure to comply could result in fines of up to £10m, or 4% of global turnover, and up to £20,000 for every day in the case of ongoing breaches.
“Whether it’s your phone, smart speaker or fitness tracker, it’s vital that these devices are kept secure from cyber criminals,” said Dorries.
“Every product on our shelves has to meet all sorts of minimum requirements, like being fire resistant or [noting if it’s] a choking hazard, and this is no different for the digital age where products can now carry a cyber security risk.
“We are legislating to protect people across the UK and keep pace with technology as it transforms our everyday lives,” she said.
The bill will apply to any device that can access the internet, including smartphones and smart TVs, games consoles, security cameras and connected alarms, smart toys and baby monitoring kit, smart home hubs and voice activated assistants (such as Alexa) and connected appliances such as washing machines and fridges.
(Score: 5, Insightful) by Runaway1956 on Friday January 28 2022, @03:37AM (6 children)
Aren't these the same clowns rolling out a huge PR campaign against end-to-end encryption? So they're talking out both sides of their mouths. "We need to make devices secure against those criminals we disapprove of, but leave them wide open to exploitation by criminals we approve of."
(Score: 2, Insightful) by Anonymous Coward on Friday January 28 2022, @05:31AM
So.. you're saying there should only be one step back, rather than two steps forward and one step back...
(Score: 0) by Anonymous Coward on Friday January 28 2022, @08:14AM
My thought exactly. I was just waiting for the "...security, but...". I guess that'll come in at some point or it's there already in small print.
(Score: 2) by WeekendMonkey on Friday January 28 2022, @01:34PM (3 children)
Both of these measures work in a government's favor. By increasing "cyber" on your phone they know it was you, not a cybercriminal, connecting to WhatsApp and sending that message criticizing the government. A message that is easy to read without end-to-end security.
(Score: 2) by PiMuNu on Friday January 28 2022, @01:42PM
Not really.
(Score: 2) by Freeman on Friday January 28 2022, @02:52PM (1 child)
Obviously you are a cybercriminal, if you're criticizing the government. Thus, not just some random cybercriminal. They will know it was you and come knocking.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: -1, Spam) by Anonymous Coward on Friday January 28 2022, @08:51PM
https://soylentnews.org/comments.pl?sid=47311 [soylentnews.org]
(Score: 1, Funny) by Anonymous Coward on Friday January 28 2022, @06:45AM (3 children)
They put the 'S' in IoT!
(Score: 2) by Freeman on Friday January 28 2022, @02:49PM (2 children)
Pretty sure that S doesn't stand for Security, even though, they might want it to.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 3, Funny) by DannyB on Friday January 28 2022, @04:45PM (1 child)
They put the SH (Security Hardened) in SHIoT.
The people who rely on government handouts and refuse to work should be kicked out of congress.
(Score: 2) by Freeman on Friday January 28 2022, @05:49PM
Sounds much more reasonable.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 5, Interesting) by PiMuNu on Friday January 28 2022, @10:09AM
I skimmed some parts of the legalese. It seems there are some very important issues raised here.
* The bill seems to refer to *any* software on *any* internet connected device, even where the software is not installed by the manufacturers (i.e. it is installed, indeed developed by the user).
* The bill seems to make requirements on the manufacturer/importer, not the user or software devs (unless they are also manufacturers).
So, logically, the only way for IoT and cell phone manufacturers to comply with the bill may be to force "walled garden" implementation, and it applies to regular PCs as well as IoT devices.
Note that AFAICT there are no specific provisions/requirements within the bill; rather the bill makes it possible for UK government to make a requirement on IoT manufacturers.
I haven't read it in detail so may be over-interpreting.
(Score: 1, Funny) by Anonymous Coward on Friday January 28 2022, @06:34PM
PARTY PARTY PARTY!!!!!