[Cryptography] A reasonable cybersecurity law?
Jerry Leichter
leichter at lrw.com
Sun Dec 5 08:22:34 EST 2021
We'll have to see what law actually emerges and, even more important, how it works in the real world, but Forbes reports https://www.forbes.com/sites/daveywinder/2021/12/04/this-new-2022-law-will-ban-use-of-dumb-passwords-in-smart-devices/ on a proposed British law that, for consumer "smart" devices:
o Forbids the use of default weak passwords. Every device must have a unique
password, and there must be no mechanism to reset it to a single universal
default.
o Requires that a contact for reporting security vulnerabilities be published;
o Requires that the period during which the device will receive security updates
must be published at the point of sale; or if the device won't receive such
updates, that must be explicitly declared.
Then again, the article mentions a California bill from 2018 with some similar provisions - but I'm not sure if it ever went into effect, or if it did what effects it had.
-- Jerry
More information about the cryptography
mailing list