[Cryptography] A reasonable cybersecurity law?

Jerry Leichter leichter at lrw.com
Sun Dec 5 08:22:34 EST 2021


We'll have to see what law actually emerges and, even more important, how it works in the real world, but Forbes reports https://www.forbes.com/sites/daveywinder/2021/12/04/this-new-2022-law-will-ban-use-of-dumb-passwords-in-smart-devices/ on a proposed British law that, for consumer "smart" devices:

  o Forbids the use of default weak passwords.  Every device must have a unique    
    password, and there must be no mechanism to reset it to a single universal
    default.
  o Requires that a contact for reporting security vulnerabilities be published;
  o Requires that the period during which the device will receive security updates
    must be published at the point of sale; or if the device won't receive such 
    updates, that must be explicitly declared.

Then again, the article mentions a California bill from 2018 with some similar provisions - but I'm not sure if it ever went into effect, or if it did what effects it had.
                                                        -- Jerry



More information about the cryptography mailing list