The New Law Affecting AV Manufacturers and the Industry at Large

AV manufacturers with California markets: listen up, because there’s a new law that might affect what you’re making (and give integrators a harder time).

Josh Srago Leave a Comment
The New Law Affecting AV Manufacturers and the Industry at Large

If you’re one of the AV manufacturers that isn’t ramping up their development team to meet the known, immediate needs of 2020, let me be the first to say that there is no time to waste.

In 2018, manufacturers had to take on challenges in regards to how to manage data capture and privacy. Thankfully, this led to significant developments in how the audiovisual manufacturers support the deployment of network connected devices.

While the industry is still adapting to recent regulatory changes and still has the daily operations challenges of 2019, there’s a new challenge that’s awaiting once we hit 2020 – and it revolves around passwords.

What a California Law Means To The Whole Industry

Back in 2018, the California state legislature passed SB-327. In summary, the bill requires that the manufacturers of connected devices provide appropriate security measures for any connected device they make.

Per the law, a connected device is defined as “any device…that is capable of connecting to the Internet, directly or indirectly, and that is assigned an Internet Protocol address or Bluetooth address.”

The pending law stipulates that if the devices are “equipment with a means for authentication outside a local area network,” that each device must have a unique preprogrammed password, or the device is required to have a feature forcing the “user to generate a new means of authentication before access is granted to the device for the first time.”

So what does this mean for AV manufacturers?

If you make a device that connects to a network and, either directly or indirectly, is able to connect to the Internet via IP or Bluetooth addresses, you will no longer be allowed to ship the device with preprogrammed passwords like “admin,” “password,” or “12345,” unless the firmware and software are updated so as to require the device to prompt the user or contractor to change the default password prior to configuring any settings on the device.

Alternatively, manufacturers could take the other secure option in the law by providing unique passwords for each device that’s shipped.

There are some consultants and integrators that have requested this kind of security feature and offered the solution of using a device’s MAC address as the default password.

The implications to large deployments is plain to see.

Simplicity for Integrators

By using a default password for all devices, set up becomes simpler for integrators.

It’s a known entity and for simpler devices with no global management software suite, just about any level of installer can log on and set up the basic configuration of the devices while only needing to know that “admin” is the user name and password.

While the law is rather straight forward, there is nothing in the language that states that an integrator or end user cannot change the default password from something unique to something common, and potentially something that could easily be guessed.

Additionally, there is nothing in the law that talks about devices being accessed by a global management suite with a single common password. So, there are exceptions that have to be examined.

Ultimately, to do business in California in 2020, AV manufacturers should ensure that any device being specified, sold, or installed that can be connected to a network is compliant with this change in the law. It will be inconvenient for the installation of the devices, but compliance will be paramount to avoiding potential damages

About the Author

Contact:

Josh Srago, an award winning AV professional with experience as a consultant, integrator, manufacturer, and end user, is currently attending law school at Santa Clara University with plans to return to the audiovisual industry and aid with the quickly changing legal and regulatory landscape of technology. Any article written by Josh that includes statutory or legal analysis does not constitute legal advice.

Commercial Integrator Magazine

Read More Articles Like This… With A FREE Subscription

Commercial Integrator is dedicated to addressing the technological and business needs of professional integrators who serve the small and midsize business market. Whether you design, sell, service, or install… work on offices, churches, hospitals, schools or restaurants, Commercial Integrator is the dedicated resource you need.

No Comments yet. Be the first to comment!

Leave a Reply

Your email address will not be published. Required fields are marked *