Users of technology naturally assume that the gadgets they purchase and use are safe physically and governments go to great lengths to ensure that this is the case. In European countries the CE marking is required for many products. It:
- shows that the manufacturer has checked that these products meet EU safety, health or environmental requirements
- is an indicator of a product’s compliance with EU legislation
- allows the free movement of products within the European market
In the US, the The FCC Declaration of Conformity or the FCC label or mark is a certification mark employed on electronics products manufactured or sold in the United States which certifies that the electromagnetic interference from the device is under limits approved by the Federal Communications Commission.
But the certification marks do not currently address the risks related to cyber security. Is this something that should be included in the CE and FCC markings in future?
Imagine buying an internet-enabled surveillance camera, network attached storage device, or home automation gizmo, only to find that it secretly and constantly phones home to a vast peer-to-peer (P2P) network run by the Chinese manufacturer of the hardware. Now imagine that the geek gear you bought doesn’t actually let you block this P2P communication without some serious networking expertise or hardware surgery that few users would attempt.