Examination of Witnesses

Part of Product Security and Telecommunications Infrastructure Bill – in a Public Bill Committee at 10:19 am on 15th March 2022.

Alert me about debates like this

Dave Kleidermacher:

I would like to make a quick comment. Especially as we look forward in time, beyond the minimum requirements to the larger set that are codified into the ETSI EN 303 645, and extended requirements even beyond that, in different vertical markets there will be a desire to have additional requirements. For example, on the Android side, a Google-certified Android device already meets baseline requirements, so we are working with NGOs on how to define higher levels. For example, the strength of a biometric is really important on a smartphone, and that is not currently covered by the baseline requirements.

As we go forward, there will be an increasing set of requirements, and there is a way to balance that challenge. You will always hear of some manufacturers, including smaller ones, that have more difficulty meeting a certain requirement in a certain timeframe, and one way to help balance that is by focusing more on transparency about whether the requirement is met, versus requiring that all those requirements be met. I like to say that transparency is the tide that raises all boats. That is the key.

To go back to our analogy with food, it is not that on a label it says that you cannot have more than 50 grams of something; it is that you can compare the number of grams of carbohydrates and other ingredients between products. If you look at EN 303 645 and all its provisions—there are many—you could ask manufacturers simply to attest as to whether those are met. Yes, I still believe that there are minimum requirements that are critical, but in as much as we run into some difficulties on timeframes, you could just ask them to state whether they meet those requirements. That transparency will still be really valuable for consumers. Again, the NGOs that are setting up those conformance schemes can take the attestations of yes or no across the requirements and translate that into a health score, if you will, to help consumers make better decisions.