Don’t throw the open source baby out with the bathwater
Opinion The European Union has a commendable love for the safety of its citizens. Armed with the keys to a market of 300 million of the world’s richest consumers, the EU has merely to scent danger to bravely regulate. Food, consumer goods, financial markets and data processing: if it can bite the punter, the EU has a legal muzzle to hand.
This is an imperfect process, as regulations always are. Companies and free market libertarians chafe at not being allowed to poison, crush or electrocute paying customers or passers-by. But it turns out a well-regulated market inspires consumer confidence, doesn’t stop innovation, and adds value to entire sectors. That it annoys libertarians is just a free bonus.
The EU has now turned its attention to cybersecurity and more especially the lack thereof. It’s certainly dangerous enough to merit attention. A proposed Cyber Resilience Act (CRA) making its way through Brussels says that for « products with digital elements » to be allowed on the EU market, manufacturers have to demonstrate they follow best practice in four areas. These are improving the security of a product through the whole life cycle, following a coherent cybersecurity framework to measure compliance, demonstrate transparency about cybersecurity efforts, and lastly to make sure customers can use products securely.
Which sounds fair enough, considering some of the horrors visited upon us in the past – and today. Cheap « smart » electronics running out-of-date Android that nobody’s patched since Noah? Phones studded with « I bring you the best wishes of the People’s Liberation Army » mystery-meat bloatware? Big name, big ticket office software that keeps making headlines for all the wrong reasons? Who could argue with bringing these into line?
There are just two questions that need to be answered: will the proposed regulations do the job they set out to do, and what effect will they have on the market? Here, it’s not so much the devil in the details as the entire population of all seven layers of Dante’s Inferno.
