Consumers Need Push to Choose Secure Devices: Simington
FCC Commissioner Nathan Simington thinks the agency should provide consumers with more of an explanation about why they should buy secure smartphones and other devices, he said during a Silicon Flatirons’ conference on global fractures in tech policy. The two-day conference ended Monday.
The potential remains for some foreign-made devices and technology “to be vehicles for espionage and sabotage,” Simington said. Bad actors can build backdoors in software providing access to a device's data, he said. Even when discovered, these backdoors are difficult to distinguish from “an inadvertent coding mistake or just sloppy design,” he added.
Prohibiting use of gear from some Chinese companies in U.S. networks isn’t enough, Simington said. Given the choice, American businesses and consumers often "buy untrustworthy equipment from Chinese companies instead of Western-made alternatives,” he said. Chinese manufacturers often don’t take security seriously, are careless about how they develop software and ignore known vulnerabilities, he said.
Bans “will never be enough,” Simington said: “We need to figure out how to get consumers to choose secure products over insecure ones.” Consumers are willing to pay more for secure devices, but only if they can tell the difference, he said. “It’s basically impossible” for a consumer to “make an informed assessment that one [device] is more secure than the other,” Simington said. Product marketing rarely provides information on why a device is secure, he said. The information available is “technical mumbo jumbo to everyone but security engineers” and threats seem “hypothetical and distant,” so “lower price wins,” he said.
But Simington is concerned about the FCC’s proposed voluntary cybersecurity labeling program for smart devices (see 2310100034) since the commission is “under immense pressure from manufacturers to make the cyber-trust mark easy to earn,” he said. “Given how dismal the cybersecurity landscape is right now,” minimal changes to what companies are doing won’t be enough, he said: “We don’t lower the standards for USDA Prime to make sure more cuts of meat qualify.”
We can’t be sure that Chinese equipment, whether network gear or a smartphone, can be trusted “not to contain backdoors,” Simington said: “In fairness, [the Chinese] probably feel the same about American products.” Simington associated himself with Commissioner Brendan Carr's concerns about the threat from China’s TikTok (see 2311030036).
Major conflicts between nations on competition policy are probably inevitable, Simington acknowledged, but he warned of the “fragmentation of internet and technology markets along national borders.” The end of an open internet and technology market “that I fear is coming” isn’t good for the U.S., he said: “We have the best technology companies, and we benefit immensely from their access to world markets.”
Gomez on the WRC
The World Radiocommunication Conference process generally isn’t getting more difficult, aside from tough issues around geopolitics, FCC Commissioner Anna Gomez said Sunday. “Sometimes it’s more complex,” she said. The delegates “all have a desire to get to a common outcome that benefits everyone.”
Many complicated spectrum issues remain, but the administration’s new Interagency Spectrum Advisory Council (see 2402020034) should help, Gomez said. “It’s going to take a lot of work and patience -- it’s not easy doing spectrum issues,” especially at agencies that don’t want to give up frequencies, she said.
One important difference for the current FCC is “we’re sort of homegrown,” with all the commissioners, other than Simington, previously serving on the FCC staff, Gomez noted. Having a shared understanding of the FCC and how to work within the agency “helps us to be a stronger commission.”
Gomez warned that the pending end of the affordable connectivity program (see 2402010075) could result in a loss of trust in the program and the government. People signed up for something that could “go away very suddenly,” and “they’re not going to trust” the program if it gets refunded "after it gets taken away."
NTIA Administrator Alan Davidson said on Sunday the government needs something akin to financial audits as companies deploy AI (see 2401110076). “We know enough to know that it’s time for us to act as a government, and to act more forcefully,” he said.
“We need to think about how do we build transparency, so we understand what’s happening in these systems,” Davidson said: We need standards for how AI systems are assessed and auditors “to come in at the beginning and be able to understand what’s happening.” Getting a better understanding of AI is a “huge project” that will take years, he said.
“AI is going to touch almost every corner of our economy,” Davidson said. NTIA will assess the consequences for companies that are untruthful about how they use AI, he said. NTIA is examining how to make AI models open and widely available. “There’s a lot of concern on the risk side about safety, about security, the implications of making models widely available,” he said. NTIA also understands “we should be concerned about competition” and “a world where a small number of companies really control the most important models and systems out there.”
About 40% of NTIA's staffers are new hires since he became administrator two years ago, Davidson said. “We have grown a ton,” he said: “To do that in government is hard.”