On Tuesday, two lawmakers from Massachusetts introduced bills in the state’s House and Senate aimed at mandating that companies inform customers about when support for their connected devices will end. This initiative is designed to address cybersecurity concerns while enhancing consumer protection. By knowing how long they can expect their devices to function reliably, consumers can make informed decisions about their purchases and plan for eventual replacements.
The proposed legislation, known as An Act Relative to Consumer Connected Devices, was brought forward by state senator William Brownsberger and state representative David Rogers. “Our daily lives have become intertwined with smart devices,” Rogers stated in an email to WIRED. “When a company decides to stop providing software updates, those devices turn into ticking time bombs for hackers. We need to empower consumers to understand their devices and the associated risks before they buy.”
Although Brownsberger’s office acknowledged our request for comment, he has not yet responded. These bills come nearly a year after a joint report by consumer advocacy groups—including Consumer Reports, US PIRG, and the Secure Resilient Future Foundation—that urged lawmakers to pass legislation informing customers when their connected products would stop receiving support. This includes a wide range of smart home devices, such as Wi-Fi routers, security cameras, connected thermostats, and smart lights. While the proposed law is currently a state-level initiative, supporters hope it will serve as a model for future legislation.
“Almost everyone has experienced a situation where a beloved device suddenly fails to work as expected or just stops functioning entirely,” said Stacey Higginbotham, a policy fellow at Consumer Reports. “Your product is tied to a manufacturer through software that dictates its performance.”
If passed, the Massachusetts bills would require manufacturers to clearly state on product packaging and their websites how long they will offer software and security updates. Additionally, companies would need to notify customers when their device is nearing the end of its service life and inform them about lost features and potential security vulnerabilities after support ends. Once devices stop receiving updates, they become more susceptible to cyberattacks and may serve as targets for malware.
“This issue is becoming increasingly important as the internet of things continues to mature,” said Paul Roberts, president of the SRFF and a Massachusetts resident who collaborated with the lawmakers. “We can’t leave these devices connected and unpatched.”
Wi-Fi has been a staple in homes and offices for over 20 years, leading to a growing number of old devices still linked to the internet that likely haven’t received security updates in years. These outdated gadgets—routers, sensors, connected appliances, and home security cameras—are left vulnerable to attacks by unsuspecting users.
“We’re trying to minimize the risk,” Higginbotham noted. “While we can’t completely prevent it, we want consumers to be aware that they might be hosting a vulnerability. Essentially, they have an open door that can no longer be securely locked.”
The focus on cybersecurity in these bills is also likely to attract the attention of concerned US legislators. “I hope lawmakers can easily grasp the issue and rally behind the solution,” Roberts added.
