Legal Metrology Meets the Digital Age

The days when a telephone was just a device to make phone calls are long gone. Nowadays, almost everybody has a smartphone with the capability to use it as a camera, game console, map, casino, and much more. If you need some portable functionality, just download an app. It is no surprise that this trend is also entering the world of legal metrology.

A relevant example involves managing commercial transactions for public use of electric vehicle charging stations, or more specifically known as electric vehicle supply equipment (EVSE) in the weights and measures community. EVSE manufacturers are proposing, through the National Council of Weights and Measures (NCWM) standards development process, to allow customers’ smartphones to be used as the station's indication for the energy measurement instead of a display on the charger. The EU is also amending its Measurement Instrument Directive (MID) to allow this functionality on EVSE and with more general use with other types of metering devices, such as gas meters, electricity meters, and CNG dispensers.

This present-day technology involves not only the consumer’s mobile device but also connections to the service provider's discrete servers. Often, the measuring instrument (everything from the sensor to the indication or print-out) and its functionality are spread out over multiple devices, which are not always accessible for inspection or under the control of the service provider. It is a chain of devices (including virtual devices) that each perform a part of the measurement function.

Legal control of these complex systems should consider not only the measurement functionality but also the implemented security measures and aspects like resource availability. The entire chain from sensor to indication (display or printout) must be evaluated (see the OWM newsletter item on Legal Metrology: Maintaining Our Trust in Measurements). To certify such a measuring instrument for legal metrological applications, it is imperative that we no longer think of measuring instruments as devices with a physical appearance, but as a set of metrologically significant functions. Up until now, a certifying official might state, “The instrument has a display and a printer.” We now might say, “The instrument provides an indication and a printout.” Focusing on the functionality helps us to identify the metrologically relevant parts of the instrument, whether that functionality is provided by hardware (i.e., a physical device) or by software (e.g., an app, cloud service). Then it becomes apparent that it is not the consumer’s smartphone that provides the indication, but the app that is running on the smartphone. The phone itself is metrologically irrelevant.

The complexity of these composed instruments is much higher than that of a single device. This has a major effect on the security of the measuring function and measurement data. Without proper security measures, these complex systems may offer opportunities for fraud. It is vital that manufacturers of these systems take appropriate measures to protect software and data, whether it resides on devices that are under their control or not. Such security measures may, for example, include encryption, audit trails, fault detection, user profiles, and other measures based on state-of-the-art technology, but also regular bug fixing and security updates. NIST has published several publicly available guidelines on cybersecurity that help manufacturers identify risks and find solutions to mitigate these risks.