The Senate Homeland Security Committee has advanced a bill governing the security of the Internet of Things. The "Internet of Things Cybersecurity Improvement Act of 2019" sets baseline cybersecurity standards for IoT devices purchased by the federal government. "This legislation will use the purchasing power of the federal government to establish some minimum security standards for IoT devices," said sponsor Senator Mark Warner (D-VA). EPIC recently told Congress that "the IoT network is the weak link in consumer products" and urged the establishment of of mandatory privacy and security standards. The Committee also advanced a bill by Senators Gary Peters (D-MI) and Rob Portman (R-OH) that would promote coordination between the Department of Homeland Security and state and local governments in protecting against cyber threats.
In advance of an oversight hearing for the Consumer Product Safety Commission, EPIC wrote to the Senate Commerce Committee to say that the CPSC must do more to protect consumers and ensure security of IoT devices. EPIC advised the Commission to require manufacturers to (1) minimize data collection, (2) conduct privacy impact assessments, and (3) implement Privacy Enhancing Techniques. EPIC told the Senate committee that "CPSC should establish mandatory privacy and security standards, and require certification to these standards before IoT devices are allowed into the market stream." In 2017, EPIC and other consumer privacy groups petitioned the CPSC to recall Google Home Mini after it became known that a defect in the product set record to always on. In recent comments to the CPSC, EPIC urged the agency to regulate Internet of Things devices.
EPIC has sent a statement to a Senate committee in advance of a hearing on drone security. EPIC pointed to the new rules for drone operators in Europe. The EU drone rules require real-time drone identification. In 2015, EPIC made very similar recommendations to the FAA to improve drone safety in the United States. EPIC pointed to widely available technology for boats and planes and said that an app should allow anyone to determine the course, location, operator, and purpose of a nearby drone. EPIC restated the remote ID recommendation proposal in a recent statement to the agency. In a letter to the FAA last month, Senators Edward Markey (D-MA) and John Thune (R-SD) also urged the FAA to establish a rule for the real-time, remote identification of drones. During the hearing, an FAA official said the agency will issue a rule on remote drone identification later this year.
