This bill AFIK only covers the "they are allowed to do it" part but not the "how do they gain the capability to do it" part.
But spyware which can do so exists in endless amounts, including from companies focused on selling it to governments.
Hence also why in recent years physical microphone switches, or e.g. stuff like (I think it was) Apple laptops "physically" disconnecting the microphone/camera if you close the lid have been become increasingly more common and in demand. (Through the demand comes more from bad actors using it then from people being afraid the government spies on them AFIK, but technically there is 100% no difference)
Also, I recall that the green light on the apple camera is controlled by the camera's firmware, making it more difficult to turn on without the light come on. (You'd need to overwrite the camera firmware.)
I should have included the caveat that my comment was from memory.
I just did some brief research, and it seems that it was the case prior to some point in time between 2008 and 2019, but it is now hard-wired. It is discussed near the end of https://daringfireball.net/2019/02/on_covering_webcams
The engineer quoted in the article pointed out that it may be possible (at least in 2019) to briefly turn the camera on - flashing the led too quickly for someone to see.
I didn't find a discussion of this issue in the May 2022 Apple Platform Security guide.
It could be simple, just hook the led to the reset line of the camera and you'll know if the camera is in use. Downside is that the led will blink on boot when linux probes the driver.
That is the difference between something being firmware controlled and hardwired.
And for new macs the off switch for microphone/mic if the lid is closed is hard wired using some "dump circuit logic switch" AFIK.
The problem with lights (even if hard wired) is that you might still find ways to brake them, like finding a way to fry them without braking the camera or switching on/off so fast that it isn't really visible but you still get some image/sound you might be able to post process to a point where it's usable even if not grate. You probably can prevent this with further hard wired circuits, like a hard wired "super slow de-bouncer" which in a on-1->off-2->on makes sure 2 is prevented if not at least Xs passed since 1. And which in a off-2->on-3->off cycle makes sure the LED is on for at least Ys (the camera can be switched off faster, just not on again). But I don't think apple has something like that. At that points the question is why not put in physical switches like e.g. on Framework laptops or some older ThinkPads.
Probably, if you hacked a device to a point you have root access or worse it's not that uncommon that you are able to reflash firmware to custom firmware.
A lot of firmware, and firmware signature validation, is ... not very well done.
Practically it's often not worth it (you already had root+ access. It's doable, but not simple and less uniform applicable.).
But there have been known cases of viruses tryign to persist themself in the firmware of connected devices (which in this context includes all internal devices including the motherboard).
But spyware which can do so exists in endless amounts, including from companies focused on selling it to governments.
Hence also why in recent years physical microphone switches, or e.g. stuff like (I think it was) Apple laptops "physically" disconnecting the microphone/camera if you close the lid have been become increasingly more common and in demand. (Through the demand comes more from bad actors using it then from people being afraid the government spies on them AFIK, but technically there is 100% no difference)