California IoT law requires manufacturers to build security into connected devices

FacebookTwitterGoogle+PinterestLinkedInRedditEmail

A pair of linked bills passed by the California legislature and signed into law late last month by governor Jerry Brown require manufacturers to preload passwords or install other security features on any kind of device that’s directly or indirectly connected to the Internet, beginning in 2020. Assembly bill 1906, carried by assemblywoman Jacqui Irwin (D – Ventura) and senate bill 327, authored by senator Hannah-Beth Jackson (D – Santa Barbara) are aimed at protecting privacy, and preventing the rise of botnets – networks of online devices that are infected with malware and used by cybercriminals for their own purposes.

The new law isn’t limited to consumer electronics products. Commercial and industrial devices – anything that’s part of the Internet of Things (IoT) – fall under the legislation’s broadband definition…

“Connected device” means any device, or other physical object that is capable of connecting to the Internet, directly or indirectly, and that is assigned an Internet Protocol address or Bluetooth address.

Manufacturers will have to equip a device with “a reasonable security feature” that’s “appropriate” to its “nature and function” and the type of information it collects. Preprogrammed passwords are specifically mentioned as acceptable, as is forcing users to create a password or otherwise “generate a new means of authentication” the first time they use it.

Enforcement of the new law is limited to the attorney general, county district attorneys and city and county attorneys. It doesn’t create a new windfall for contingency fee lawyers.

Up until now, California law hasn’t had much to say about IoT security. A law passed in 2015 requires warnings on Internet-connected television sets with voice recognition features, and prohibits using recorded conversations for advertising purposes. A 2006 bill established similar consumer notice requirements for WiFi access points.

A third IoT-related bill – AB 2167 by assemblyman Ed Chau (D – Los Angeles) – died in the California senate on the final day of the legislative session. It was specifically aimed at “ingestible” sensors used for health monitoring.

T-Mobile, Sprint merger review widens in California

FacebookTwitterGoogle+PinterestLinkedInRedditEmail

It seems someone jumped the gun at the California Public Utilities Commission, and prematurely sent out a ruling defining the scope of California’s regulatory review of T-Mobile’s proposed purchase of Sprint. On Thursday, the commissioner in charge of the inquiry, Clifford Rechtschaffen, issued an amended version of the “scoping memo” he released the week before, saying the first one “was mailed in error”.

There are several wordsmithing changes in the updated version, and a few that are more substantive. One big change is a broad, up front statement making it clear that there are no particular limits to what the review will cover…

The scope of this proceeding includes all issues that are relevant to evaluating the proposed merger’s impacts on California consumers and determining whether any conditions should be placed upon the merged entity.

Additions to the specific, but “non-exhaustive” list of items that will be covered include consideration of potential new services the combined company might offer and – for both new and existing services – the impact on communities and regions, as well as California a whole.

The net result is that the focus (if you want to call it that) of Rechtschaffen’s investigation is even wider than before. It won’t be limited to a few specific and largely technical issues, as T-Mobile and Sprint had hoped.

The original schedule called for a final decision by next June. The core of the new schedule tracks with the original one, but the beginning of public hearings over the next two or three months, and the final wrap up next spring (or maybe summer?) are more indeterminate. Instead of the CPUC voting on a final decision in “June 2019”, the schedule calls for that to happen in “2nd Quarter 2019”. Given the way decisions are drafted, reviewed and then put on the commission’s agenda, June is still a reasonable bet. But it might happen sooner. Or later – CPUC timelines have been known to slip.

Stalled federal bill preempting local pole ownership, authority gets a push

FacebookTwitterGoogle+PinterestLinkedInRedditEmail

Congress might jump into the tug of war between the Federal Communications Commission and local governments over control of municipal property located in the public right of way. According to a story in Politico, the chairman of the federal senate’s commerce committee, senator John Thune (R – South Dakota) wants to move his small cell preemption billS. 3157 – ahead as the current congressional term winds down.

As originally drafted, S. 3157 tracks closely with the “small wireless facility” preemption ruling issued last month by the FCC. Permit application review times would limited, in some cases to as little as two months. The bill goes beyond the FCC’s plan and says that any permit that hasn’t been approved or denied before the shot clock runs out is automatically granted.

The bill also limits the amount that cities and counties can charge to lease out poles they own. Lease rates would be calculated using the same formula used to split utility pole costs between electric utilities and telecoms companies. In California, a typical rate is $25 per year per foot of space occupied on a pole. The net result would likely be rental rates below even the $270 a year that the FCC considers reasonable. That compares to the Californian average, which runs between $500 and $900 per pole per year.

Politico says that Thune wants to bring local governments on board with his bill, but he’s having a hard doing that…

The measure faces opposition from several organizations representing local and state governments. “I don’t know if they’re ever going to get on and fully endorse this,” Thune told reporters on Thursday. “I think in the end it’ll be hard, unless the cities get to a better comfort level than where they are today, it would be hard to advance the bill just because they have obviously a lot of influence with senators.” He said his staff continues to negotiate with an eye toward finding consensus and says a hearing is a good idea in any case “because I think we need to elevate the issue.”

A federal law has a lot more impact than an FCC ruling. As it stands now, the FCC can’t order a city to lease out a pole or issue a permit. It can only establish standards that judges might or might not use to settle disputes between cities and mobile carriers. And its authority even to do that is in question – last month’s FCC decision faces years of litigation before its effect is fully known.

Congress, on the other hand, does have the power to preempt state and local authority when communications and interstate commerce is involved, and delegate the job to the FCC.

Broadband speeds are the first casualty of truth

FacebookTwitterGoogle+PinterestLinkedInRedditEmail

Internet service offerings slow down when service providers are forced to advertise accurate speed levels. In particular, the speed of teaser packages, designed to lure in price conscious subscribers, fall by 41%. That’s the conclusion of a British consumer group, following a study of how ISP advertising practices changed in the wake of a new U.K. regulation that forces them to make accurate service claims.

The Consumers’ Association says the down shift was sudden, coming soon after the new rules took effect…

The majority of broadband providers have been forced to cut the headline speeds they advertise when selling deals, following recent changes to advertising rules, according to new [Consumers’ Association] research.

An analysis of the biggest broadband providers found that, since new rules were introduced by the Committees of Advertising Practice in May, 11 major suppliers have had to cut the advertised speed of some of their deals, with the cheapest deals dropping by 41%…

Previously, suppliers were able to advertise broadband deals which claimed ‘up-to’ speeds that only one in 10 customers would ever reach.

But the new advertising rules mean that at least half of customers must now be able to get an advertised average speed, even during peak times (8-10pm).

There’s no equivalent requirement in the U.S.

The Federal Communications Commission punted the consumer protection ball to the Federal Trade Commission. Even when it subsidises incumbent telcos, like AT&T and Frontier Communications, to provide 10 Mbps download and 1 Mbps upload service in rural areas, it only expects them to hit 80% of that speed 80% of the time.

The California legislature passed a generic online truth in advertising law last year, but didn’t specifically call out Internet service or ISPs. Enforcement is up to California attorney general Xavier Becerra, who hasn’t done anything with it yet.

In practice, ISPs on this side of the Atlantic can advertise any speed they want, regardless of actual performance, so long as they qualify it with “up to” and back it with a long list of exceptions and conditions, buried somewhere on their websites.

Shouldn’t we expect the truth too?

Big telecom drops lawyers and lobbyists on California’s net neutrality law

FacebookTwitterGoogle+PinterestLinkedInRedditEmail

Lobbying front organisations for AT&T, Charter, Comcast, Frontier and mobile carriers joined forces to mount another legal challenge to California’s new network neutrality law on Wednesday. The four are the American Cable Association (ACA), the Cellular Telecommunications Industry Association (CTIA), the National Cable Television Association (NCTA) and the U.S. Telephone Association (USTelecom) – they keep trying to rebrand themselves, but that’s what the initials originally stood for, and what they’re really about.

They filed a complaint and motion for an injunction in a Sacramento federal court, claiming that the network neutrality law – senate bill 822 – signed by governor Jerry Brown on Sunday is “a classic example of unconstitutional state regulation”. Because the Internet does not stop (or start) at California’s borders, it is inherently an interstate service, their argument goes. So, they say, the Federal Communications Commission’s most recent net neutrality decision overrides California law…

The 2018 Order expressly “preempt[s] any state or local measures that would effectively impose rules or requirements that [the FCC has] repealed or decided to refrain from imposing in this order or that would impose more stringent requirements for any aspect of broadband service” addressed in the 2018 Order.

SB–822 plainly falls within the scope of this express preemption provision. It is a state measure that seeks to reinstate net neutrality requirements that the 2018 Order repealed.

The lobbyists’ challenge follows a similar filing by the federal justice department on Sunday evening. It’s likely that the two cases will be combined, but for now the Trump administration’s challenge is taking the lead. It’s assigned to judge John Mendez, who scheduled the first hearing in the case for 14 November 2018.

California’s defence is led by attorney general Xavier Becerra, who has aggressively gone after high profile Trump administration policies, but also takes money from AT&T, Comcast and Charter. His response to their lawsuit was to tweet that it “was brought by power brokers who have an obvious financial interest in maintaining their stronghold on the public’s access to online content”. We’ll get a look at how he intends to do that in a couple of weeks, when his first response is due.

California kicks bots off of social media

FacebookTwitterGoogle+PinterestLinkedInRedditEmail

You won’t be able to use an anonymous bot to tweet or boost Twitter profiles, or post items on Facebook in California, beginning next year. Or use a bot that pretends to be a person to try to sell something – including a candidate for office – on high traffic websites.

California governor Jerry Brown signed senate bill 1001 into law. Authored by senator Bob Hertzberg, it’s particularly intended to stop automated social media posts that inject comments – fake or otherwise – into political debates.

It only applies to websites that attract at least 10 million unique, U.S. visitors per month. There are a couple of hundred websites that meet that qualification, according to Quantcast.com. The list includes big, California-based platforms, like Google, Youtube, Facebook, Apple and Netflix. But as written, it also applies to out-of-state giants, like Amazon and the New York Times.

SB 1001 makes it…

Unlawful for any person to bot to communicate or interact with another person in California online, with the intent to mislead the other person about its artificial identity for the purpose of knowingly deceiving the person about the content of the communication in order to incentivize a purchase or sale of goods or services in a commercial transaction or to influence a vote in an election.

Using a bot would still be legal, so long as it’s identified as such and the disclosure is “clear, conspicuous, and reasonably designed to inform persons with whom the bot communicates or interacts that it is a bot”.

Online platforms, web hosts and Internet service providers won’t have to do any policing. SB 1001 specifically doesn’t apply to them.

A “bot” is defined as “an automated online account where all or substantially all of the actions or posts of that account are not the result of a person”. It doesn’t appear to apply to customer service bots that websites use to communicate with visitors, but there’s enough wiggle room that the courts will have to decide where to draw the line. That’ll be after the law survives the inevitable challenges on First Amendment and federal preemption grounds.

California’s new muni broadband law establishes rights, and net neutrality responsibility

FacebookTwitterGoogle+PinterestLinkedInRedditEmail

California governor Jerry Brown actually signed two network neutrality bills into law on Sunday. The Big Kahuna was senate bill 822, which establishes net neutrality rules for Internet service providers doing business in California. But alongside it was assembly bill 1999, which, among things, requires publicly owned broadband systems to abide by net neutrality principles, whether or not their private competitors have to.

It’s a mixed blessing. On the one hand, it’s good thing for muni broadband systems to operate on a net neutral basis, both from a public policy and a customer service perspective. On the other hand, it might not always be a viable way of doing business. If SB 822 is tossed out by a court, and the current anything goes federal policy stays in place, then a few years from now the broadband business might look completely different. If muni broadband systems are handcuffed to a business model that is no longer competitive, the only ones who will benefit are the big, monopoly model ISPs like AT&T, Charter and Comcast. That’ll be a problem to worry about later, though.

AB 1999 does two other things. It lifts a restriction on community service districts (CSDs) that effectively bars them from the broadband business. It was the only meaningful restriction on public agency broadband on the books in California.

The bill also clearly spells out that cities, counties and certain kinds of special districts, including CSDs, county service districts, utility districts and infrastructure financing districts can offer broadband service. It’s long been assumed they can, but there wasn’t much in the way of explicit legal authority. Cities have a long history of precedent to rely on, but other kinds of agencies don’t have that level of confidence to fall back on. I know from experience that there is a huge difference between “there’s nothing that says you can’t” and “the law specifically says you can” when you’re trying to convince local officials that a broadband enterprise is a good idea.

But there’s also potential danger. A law that explicitly allows muni broadband service is a tempting target for corporate lobbyists who want to fiddle with it, to the benefit of their business models and at the expense of the public. We’ll have to keep a permanent watch on California’s new muni broadband law.

Court gives California three weeks to defend net neutrality law

FacebookTwitterGoogle+PinterestLinkedInRedditEmail

The gears of justice are grinding on California’s newly minted network neutrality law. Yesterday, the federal court in Sacramento gave California attorney general Xavier Becerra three weeks to respond to the Trump adminstration’s attempt to nullify senate bill 822.

Signed Sunday afternoon by governor Jerry Brown, the law reinstates the core elements of the Federal Communications Commission’s 2015 ban on blocking, throttling and paid prioritisation of Internet traffic on the basis of content, and also clarifies that selective zero rating is prohibited. It’s a close cousin of paid prioritisation: Internet service providers charge subscribers to watch competitors’ video streams, but let them download in-house content for free.

If the court doesn’t act, ISPs have to begin following the new rules on 1 January 2019. The Trump administration is hoping for action before then. In a motion filed Sunday evening, the federal justice department asked the court to block California’s law before it takes effect. Acknowledging California’s influence, the justice department told the court that unless the law is blocked, net neutrality rules will return to all 50 states

Given that ISPs cannot realistically comply with one set of standards in this area for California and another for the rest of the Nation — especially when Internet communications frequently cross multiple jurisdictions — the effect of this state legislation would be to nullify federal law across the country.

Becerra has the job of defending SB 822. He tweeted his support for it after the lawsuit was filed on Sunday night. Yesterday, he told the Sacramento Bee information shouldn’t be throttled “simply because there are a few robber barons who get to control the flow of that information”, and promised what the Bee characterised as a “vigorous defence”.

So far, California’s big monopoly model ISPs – AT&T, Frontier, Comcast and Charter – have let the FCC and their other friends in the Trump administration do their talking for them. Republican commissioner Michael O’Rielly expressed his appreciation for the justice department’s action and defended paid prioritisation by ISPs.

Jessica Rosenworcel, currently the lone democrat on the FCC, offered “a hefty thank you to the Golden State for your effort to get right what the FCC got wrong”. But she stopped short of predicting that California’s law will survive court challenges. Rosenworcel is a smart lawyer – it pays to listen to what she doesn’t say.

Brown signs SB 822 and establishes Californian net neutrality rules, Trump lawyers hit back

FacebookTwitterGoogle+PinterestLinkedInRedditEmail

Jerry Brown doesn’t have a problem stepping into policy territory claimed by the federal government. He’s signed bills that fly in the face of Trump administration immigration policy, and carved out a place for California in international environmental diplomacy. You can add telecoms policy to that list. Yesterday, he signed senate bill 822 into law. Authored by senator Scott Weiner (D – San Francisco), it reinstates network neutrality rules that were approved by the democratic majority on the Federal Communications Commission in 2015, and quickly scrapped when republicans took over control of the FCC in 2017.

Trump administration lawyers were on hot standby. The federal justice department had a press release and two court filings ready to go, and found time between football games on Sunday night to upload them to a federal court in Sacramento (links below).

Assuming for the moment that SB 822 withstands legal challenges, come the new year Internet service providers in California won’t be able to block or throttle subscribers’ traffic on the basis of its content, or give some bits priority over others because someone is paying them to do so. Or because they own the content. That ban also applies to zero rating, which is a close cousin of paid prioritisation where ISPs let subscribers watch as much in-house video as they want for free, but charge for data used to download competitor’s content. California’s new rules bar ISPs from fiddling with upstream connections to content providers and others, if it’s intended to achieve the same result.

SB 822 travelled a rocky road to victory. Introduced by senator Scott Wiener (D – San Francisco) earlier this year, it was gutted by AT&T and Comcast’s friends on the assembly’s communications and conveyances committee. The committee chair, assemblyman Miguel Santiago (D – Los Angeles), was slammed by a tsunami of online rage, although his principle wingmen, Evan Low (D – Santa Clara) and Eduardo Garcia (D – Imperial) escaped unscathed. They were forced to back track, and the bill finally cleared the legislature on super majority votes, and yesterday won Brown’s approval.

The ink on Brown’s signature barely had time to dry before the feds filed a complaint, um, complaining that California “seeks to second-guess the federal government’s regulatory approach”.

Duh.

AT&T, Comcast and other monopoly model ISPs will pile on to the federal justice department’s lawsuit – they’ve promised as much. But the Trump administration is happy to do the heavy lifting for them. Its core argument is “pursuant to the supremacy clause [of the federal constitution] and federal statutes, the Federal Communications Commission sets uniform, national policies governing interstate communications, and contrary state laws — like the one challenged here — are preempted”.

The federal judge who gets the case will have to unravel a circular argument. The Trump administration claims that the FCC declared broadband isn’t a common carrier service, so California can’t impose common carrier rules. Which, it says, is what SB 822 does. SB 822’s supporters say that because the FCC also reclassified broadband as an information service, it gave up any preemption power it might have. So states can use the authority they share with the federal government to establish consumer protection laws. Which is what, supporters say, SB 822 does.

Although supporters of SB 822 have plausible arguments against federal preemption, it’s a question that’s very much in play. A lot can happen between now and the end of the year. Enjoy it while you can.

California senate bill 822, as signed by governor Jerry Brown, 30 September 2018

Complaint for declaratory and injunctive relief, the United States of America versus the State of California; Edmund Gerald Grown jr., governor of California and Xavier Becerra, attorney general of California, 30 September 2018
Memorandum of law in support of [the federal justice department’s] motion for preliminary injunction

California net neutrality bill faces midnight deadline

FacebookTwitterGoogle+PinterestLinkedInRedditEmail

UPDATE 2:the Trump administration’s political hacks in the justice department were on alert – they challenged SB 822 in federal court. Quickly. Click here for more.

UPDATE: Brown approved SB 822. Click here for more.

Today is decision day for network neutrality in California. Governor Jerry Brown must either sign senate bill 822 into law, or veto it, or simply ignore it and let it become law automatically tonight, when the midnight deadline for acting passes.

It would reinstate rules adopted by the Obama adminstration’s Federal Communications Commission in 2015, then repealed in 2017 by the Trump administration’s FCC. Under SB 822, ISPs would be banned from blocking, throttling, paid prioritisation and zero rating of subscriber’s traffic based on content. Upstream evasions, through deals with content providers or others at interconnection points, would be prohibited as well.

According to Scott Lay at Around the Capitol, Brown had 183 bills sitting on his desk as of Friday night. He acted on 56 bills yesterday, leaving 127 bills to decide today. That’s a lot – a little bit more than 10% of his annual bill signing workload in one day. The legislature sent him a total of 1,217 bills this year, most of them during the end of the session crunch in the last week of August.

SB 822 was carried by senator Scott Wiener (D San Francisco). He’s held two pro-SB 822 rallies in the past month: one in San Francisco featuring Nancy Pelosi, a San Francisco congresswoman and minority leader of the federal house of representatives, and one in Los Angeles with fellow California legislators. He’s a prolific tweeter, but he hasn’t said much about it in the past couple of weeks

I predicted Brown will sign the bill into law and I’m standing by that. But it’s no more than a guess. Brown makes his own decisions for his own reasons and he’s not afraid to use his veto pen. So far, he’s vetoed 16% of the bills he’s acted on, and that rate has been rising as the deadline nears – nearly 40% of yesterday’s bills were vetoed.