About a year ago, we changed our home audio setup to “smart” speakers: We wanted to be able to stream directly from Spotify, as well we from our phones. We also wanted to avoid introducing yet another microphone into our living room. (The kitchen is, hands down, the only place where a voice assistant makes real sense to me personally. Your mileage may vary.) Preferably, there should be a line-in as well; I’m old school that way.
During my research I learned that the overlap of circles in this Venn diagram of speakers that are (a) connected (“smart”) for streaming, (b) have good sound and (c) don’t have a microphone is… very thin indeed.
The Sonos range looked best to me; except for those pesky microphones. Our household is largely voice assistant free, minus the phones, where we just deactivated the assistants to whatever degree we could.
In the end, we settled for a set of Bang & Olufsen Beoplay speakers for living room and kitchen: Solid brand, good reputation. High end. Should do just fine — and it better, given the price tag!
This is just for context. I don’t want to turn this into a product review. But let’s just say that we ran into some issues with one of the speakers. These issues appeared to be software related. And while from the outside they looked like they should be easy to fix, it turned out the mechanisms to deliver the fixes were somewhat broken themselves.
Long story short: I’m now trying to return the speakers. Which made me realize that completely different rules apply than I’m used to. In Germany, where we are based, consumer protection laws are reasonably strong, so if something doesn’t work you can usually return it without too much hassle.
But with a set of connected speakers, we have an edge case. Or more accurately, a whole stack of edge cases.
The product still fulfills the basic function, just in a way that is so diminished and awkward to get to work because of a software issue that it’s too much to do on a daily basis, meaning the speakers simply stay off. It kinda works, kinda doesn’t. Certainly doesn’t work as advertised.
If one of these gets returned and I wanted to switch to a different brand, then I’d be stuck with the other speakers in the set, which are now expensive paperweights: Connected products work in families, or so-called platform ecosystems. One without the other just doesn’t make sense. It’s like the chain that breaks as soon as the weakest link breaks. So can I return all of them because there is a software issue with one of them?
This is going to be an interesting process, I’m afraid. Can we return the whole family and switch on over to a different make of speakers? Or are we stuck with an expensive set of speakers that while not quite broken, is very much unusable in our context?
If so, then at least I know never to buy connected speakers again. Rather, then I guess I’d recycle these and instead go back to a high end analog speaker set with some external streaming connector – knowing full well that that connector will be useless in a few years time but that the speakers and amp would be around and working flawlessly for 15-20 years, like my old ones did.
And that is the key insight here for our peers in the industry: If your product in this nascent field fails because of lacking quality management, then you leave scorched earth. Consumers aren’t going to trust your products any more, sure. But they are unlikely to trust anyone else’s, either.
The falling tide lowers all boats.
So let’s get not just the products right: In consumer IoT, all too often we think in families/ecosystems. So we have to consider long-term software updates (and mechanisms to deliver them, and fall-backs to those mechanisms…) as well as return policies in case something goes wrong with one of the products. And while we’re at it, we need to equally upgrade consumer protection regulation to deal with these issues of ecosystems and software updates.
This is the only way to ensure consumer trust. So we can reap the benefits of innovation without suffering all the externalized costs as well as unintended consequences of a job sloppily done.
Update (Oct 2019): Turns out other companies also start recognizing that there’s a demand for mic-free speakers: Sonos just launched a speaker that they market specifically for it being mic-free, and it’s otherwise identical to one of their staples. (It’s called the One SL; I imagine the “SL” stands for “streamlined” or “stop listening” but I might be projecting.)
When we embed connected technologies — sensors, networks, etc. — into the public space*, we create connected public space. In industry parlance, this is called a Smart City. (I prefer “connected city”, but let’s put the terminology discussion on the back burner for now.) And data networks change the way we live.
* Note: Increasingly, the term “public space” has itself come under attack. In many cities, formerly public (as in publicly owned & governed) has been privatized, even if it’s still accessibly by the public, more or less. Think of a shopping mall, or the plazas that are sometimes attached to a shopping mall: You can walk in, but a mall cop might enforce some house rules that were written not by citizens but the corporation that owns the land. I find this not just highly problematic, I also recommend flat out rejecting that logic as a good way forward. Urban space — anything outside closed buildings, really — should, for the most part, be owned by the public, and even where for historical reasons it can’t be owned, it should at least be governed by the public. This means the rules should be the same in a park, a shopping mall-adjacent plaza, and the street; they should be enforced by (publicly employed) police rather than (privately employed) mall cops. Otherwise there’s no meaningful recourse for mistreatment, there’s no ownership, citizens are relegated from stakeholders to props/consumers.
Do we want to allow people to get faster service for a fee (“Skip the line for $5”), or prefer everyone to enjoy the same level of service, independent of their income?
Do we want to increase the efficiency for 90% of the population through highly centralized services even if it means making the life of the other 10% much harder, or do we plan for a more resilient service delivery for all, even if it means the overall service delivery is a tad slower?
Do we want to cut short-term spending through privatization even if it means giving up control over infrastructure, or do we prioritize key infrastructure in our budgeting process so that the government can ensure quality control and service delivery in the long term, even if it costs more in the short term?
These are blunt examples, but I reckon you can tell where I’m going with this: I think democratic life requires public space and urban infrastructure to be available to all citizens and stakeholders, and to work well for all citizens. Pay for play should only apply for added non-essential services.
“Don’t confuse the data you can capture with the things you need to know!”
In order to shape policies in this space meaningfully, we need to think about what the things are that we prioritize. Here, a brief warning is in place: the old management adage “you can’t manage what you don’t measure” is problematic to say the least. All too often we see organizations act on the things they can measure, even if these things are not necessarily meaningful but just easy to measure. Don’t confuse the data you can capture with the things you need to know!
What do we want to prioritize, and maybe even measure?
That said, what are the things we want to prioritize? And might it even be possible to measure them?
Here I don’t have final answers, just some pointers that I hope might lead us into the right direction. These are angles to be explored whenever we consider a new smart city project, at any scale — even, and maybe especially, for pilot projects! Let’s consider them promising starting points:
Has there been meaningful participation in the early feedback, framing, planning, governance processes? If feedback has been very limited and slow, what might the reasons be? Is it really lack of interest, or maybe the barrier to engagement was just too high? Were the documents to long, too full of jargon, to hard to access? (See Bianca Wylie’s thread on Sidewalk Labs’ 1.500+ page development plan.) Were the implications, the pros and cons, not laid out in an accessible way? For example, in Switzerland there’s a system in place that makes sure that in a referendum both sides have to agree on the language that explains pros and cons, so as to make sure both sides’ ideas are represented fairly and accessibly.
Will it solve a real issue, improve the life for citizens?
Is this initiative going to solve a real issue and improve lives meaningfully? This is often going to be tricky to answer, but if there’s no really good reason to believe it’s going to make a meaningful positive impact then it’s probably not a good idea to pursue. The old editors’ mantra might come in handy: If in doubt, cut it out. There are obvious edge cases here: Sometimes, a pilot project is necessary to explore something truly new; in those cases, there must be a plausible, credible, convincing hypothesis in place that can be tested.
Are there safeguards in place to prevent things from getting worse than before if something doesn’t work as planned?
Unintended consequences are unavoidable in complex systems. But there are ways to mitigate risks, and to make sure that the fallback for a failed systems are not worse then the original status. If any project would be better while working perfectly but worse while failing, then that deserves some extra thought. If it works better for some groups but not for others, that’s usually a red flag, too.
When these basic goals are met, and only then, should we move on to more traditional measurements, the type that dominates the discourse today, like:
Will this save taxpayers’ money, and lead to more cost-effective service delivery?
Will this lead to more efficient service delivery?
Will this make urban management easier or more efficient for the administration?
Will this pave the way for future innovation?
These success factors / analytical lenses are not grand, impressive ideas: They are the bare minimum we should secure before engaging in anything more ambitious. Think of them as the plumbing infrastructure of the city: Largely unnoticed while everything works, but if it ever has hiccups, it’s really bad.
We should stick to basic procedural and impact driven questions first. We should incorporate the huge body of research findings from urban planners, sociologists, and political scientists rather than reinvent the wheel. And we should never, ever be just blinded by a shiny new technological solution to a complex social or societal issue.
Taking the publication of Sidewalk Labs’ Master Innovation and Development Plan plan for the smart city development at Toronto’s waterfront (“Toronto Tomorrow”) as an occasion to think out loud about smart cities in general, and smart city governance in particular, I took to Twitter the other day.
If you don’t want to read the whole thing there, here’s the gist: I did a close reading of a tiny (!) section of this giant data dump that is the 4 volume, 1.500+ page Sidewalk Labs plan. The section I picked was the one that John Lorinc highlighted in this excellent article — a couple of tables on page 222 of the last of these 4 volumes, in the section “Supplemental Tables”. This is the section that gets no love from the developers; it’s also the section that deals very explicitly with governance of this proposed development. So it’s pretty interesting. This, by the way, is also roughly my area of research of my Edgeryders fellowship.
On a personal note: It’s fascinating to me how prescient our speakers at Cognitive Cities Conference were back in 2011 – eight years is a long time in this space, and it feels like we invited exactly the right folks back then!
Smart cities & governance: A thorny relationship
In this close reading I focused on exactly that: What does governance mean in a so-called smart city context. What is it that’s being governed and how, and maybe most importantly, by whom?
Rather than re-hash the thread here, just a quick example to illustrate the kind of issues. Where this plan speaks of publicly accessible spaces and decision-making taking into account community input, I argue that we need public spaces and full citizens rights. Defaults matter, and in cities we need the default to be public space and citizens to wield the final decision-making power over their environment. Not even the most benign or innovative company or other non-public entity is an adequate replacement for a democratically elected administration/government, and any but the worst governments — cumbersome as a government might be in some cases — is better than the alternatives.
My arguments didn’t go unnoticed, either. Canadian newspaper The Star picked up my thread on the thorny issue of governance and put it in context of other experts critical of privatizing the urban space; the few others I know from the thread make me think I’m in good company there.
What’s a smart city, anyway?
As a quick, but worthwhile diversion I highly recommend the paper Smart cities as corporate storytelling (Ola Söderström, Till Paasche, Francisco Klauser, published in City vol. 18 (2014) issue 3). In it, the authors trace not just the origin of the term smart cities but also the deliberate framing of the term that serves mostly the vendors of technologies and services in this space, in efficient and highly predictable ways. They base their analysis on IBM’s Smarter City campaign (highlights mine):
”this story is to a large extent propelled by attempts to create an ‘obligatory passage point’ (…) in the transformation of cities into ‘smart’ ones. In other words it is conceived to channel urban development strategies through the technological solutions of IT companies.”
These stories are important and powerful:
“Stories are important because they provide actors involved in planning with an understanding of what the problem they have to solve is (…). More specifically, they play a central role in planning because they “can be powerful agents or aids in the service of change, as shapers of a new imagination of alternatives.” (….) stories are the very stuff of planning, which, fundamentally, is persuasive and constitutive storytelling about the future.” (…)
The underlying logic is that of a purely data-driven, almost mechanical model of urban management that is overly simplistic and neither political, nor does it require expert matters. This logic is inherently faulty. Essentially, it disposes with the messiness that humans and all their pesky complex socio-cultural issues.
“In this approach, cities are no longer made of different – and to a large extent incommensurable – socio-technical worlds (education, business, safety and the like) but as data within systemic processes. (…) As a result, the analysis of these ‘urban themes’ no longer seem to require thematic experts familiar with the specifics of a ‘field’ but only data- mining, data interconnectedness and software-based analysis.
So: Governance poor, underlying logic poor. What could possibly go wrong.
A better way to approach smart city planning
In order to think better, more productively about how to approach smart cities, we need to step back and look at the bigger picture.
If you follow my tweets or my newsletter, you’ll have encountered the Vision for a Shared Digital Europe before. It’s a proposed alternative for anything digital in the EU that would, if adopted, replace the EU’s Digital Single Market (DSM). Where the EU thinks about the internet, it’s through this lens of the DSM — the lens of markets first and foremost. the Vision for a Shared Digital Europe (SDE) however proposes to replace this logic of market first through 4 alternative pillars:
Cultivate the Commons
Empower public institutions
I think these 4 pillars should hold up pretty well in the smart city planning context. Please note just how different this vision is from what Sidewalk Labs (and the many other smart city vendors) propose:
Instead of publicly available spaces we would see true commons, including but not limited to space.
Instead of centralized data collection, we might see decentralization, meaning a broader, deeper ecosystem of offerings and more resilience (as opposed to just more efficiency).
Instead of being solicited for “community input”, citizens would actively shape and decide over their future.
And finally, instead of working around (or with, to a degree) public administrations, a smart city after this school of thought would double down on public institutions and give them a strong mandate, sufficient funding, an in-house capacity to match the industry’s.
It would make for a better, more democratic and more resilient city.
So I just want to put this out there. And if you’d like to explore this further together, please don’t hesitate to ping me.
I’ve been writing a newsletter for a few years now that I just rarely feature here, and usually just mention every now and then. At a recent conference, conversations with Ton Zylstra, Elmine Wijnia, Peter Rukavina and others all reminded me of the value of creating a more permanent archive that you host yourself (to a degree) rather than just relying on something as potentially impermanent as a commercial newsletter provided. (Ton blogged about it, too.) It is in that spirit that I’ll try for a bit to cross-post (most) of my newsletter here.
Please note that (for workflow and time saving reasons) this is a copy & paste of a pre-final draft; the final corrections and edits happen within Tinyletter, the email service. So there might be a few typos here that aren’t in the newsletter itself.
The preferred way to receive this (preferred by the author at least) is most certainly the newsletter, but here’s the archived version for those who prefer a different format. Also, take it as a sample/teaser. And if you think this is for you, why don’t you come along for the ride:
Ambient privacy & participation at the (smart) street level
“Sustainability always looks like underutilization when compared to resource extraction”
— Deb Chachra, Metafoundry
In Berlin, we’re coming off of the tail end of a massive heat wave with somewhere near 40C peak yesterday. A small stretch of forest burned on the city’s edge, a much larger one just south of the city. The latter included a former military training ground; ordnance was involved. There were warnings of strange smells wafting through the city. Stay calm, everyone. This is just the new normal.
Today’s pieces mostly run along the thread of privacy & how to make sure we can all have enough to see democracy thrive: From the macro level through the smart city lens down to the issue of microphones embedded in our kitchens. Enjoy!
Know someone who might enjoy this newsletter or benefit from it? Feel free to forward as you see fit, or send out a shout-out to tinyletter.com/pbihr. If you’d like to support my independent writing directly, the easiest way is to join the Brain Trust membership.
Starting a new fellowship. I mentioned if briefly before, but am happy to announce officially: Edgeryders invited me to be a fellow as part of their Internet of Humans program, exploring some questions around how to make smart cities work for citizens first and foremost (as opposed to vendors or administration first). I’m honored and grateful; this helps me dig deeper into these issues that — as you know well if you’re reading this — have been on the top of my mind for some time.
The network provides. For Zephyr Berlin, our apparel staples side project that we’ve been engaged in since 2016, I reached out to Twitter to see if anyone could hook me up with some recommendations/leads/pointers to learn more about how and where to produce something with merino wool in Europe. And lo and behold, we got so many excellent leads — thank you! (You know who you are.) I’m not sure what might come out of this, if anything, but I know it’s more than just fun to learn more and experiment with new ideas.
One of my favorite writers online — especially about travel and the internet industry — is the ever brilliant Maciej Ceg?owski, founder of Pinboard and Tech Solidarity and an outspoken tech critic from within, so to speak. He just wrote a long-ish piece on what he coins “ambient privacy”, i.e. the idea that our privacy is impacted not just by the things we actively choose to share through, for example, social media; but also by the environments we move through, from other people’s social media use to sensors and GPS and the internet watching us through surveillance ads and all that jazz. It’s essentially an inversion of our traditional perspective of privacy as a default to non-privacy as a default (not a desirable outcome one, to be sure!) — or the shift from individual data rights to a collective data rights in the words of Martine Tisné (linked a few times before).
If you read one thing today, make it this one, I urge you. I loved it so much, I kind of want to quote the whole thing. Instead, a few snippets as teasers more than anything (highlights mine):
“This requires us to talk about a different kind of privacy, one that we haven’t needed to give a name to before. For the purposes of this essay, I’ll call it ‘ambient privacy’—the understanding that there is value in having our everyday interactions with one another remain outside the reach of monitoring, and that the small details of our daily lives should pass by unremembered. What we do at home, work, church, school, or in our leisure time does not belong in a permanent record. Not every conversation needs to be a deposition. (…) Ambient privacy is not a property of people, or of their data, but of the world around us. Just like you can’t drop out of the oil economy by refusing to drive a car, you can’t opt out of the surveillance economy by forswearing technology (and for many people, that choice is not an option). While there may be worthy reasons to take your life off the grid, the infrastructure will go up around you whether you use it or not.”
“In the eyes of regulators, privacy still means what it did in the eighteenth century—protecting specific categories of personal data, or communications between individuals, from unauthorized disclosure. Third parties that are given access to our personal data have a duty to protect it, and to the extent that they discharge this duty, they are respecting our privacy. (…) The question we need to ask is not whether our data is safe, but why there is suddenly so much of it that needs protecting. The problem with the dragon, after all, is not its stockpile stewardship, but its appetite.”
“Because our laws frame privacy as an individual right, we don’t have a mechanism for deciding whether we want to live in a surveillance society.“ (…) “Telling people that they own their data, and should decide what to do with it, is just another way of disempowering them.”
“The large tech companies point to our willing use of their services as proof that people don’t really care about their privacy. But this is like arguing that inmates are happy to be in jail because they use the prison library. Confronted with the reality of a monitored world, people make the rational decision to make the best of it.”
“When all discussion takes place under the eye of software, in a for-profit medium working to shape the participants’ behavior, it may not be possible to create the consensus and shared sense of reality that is a prerequisite for self-government. If that is true, then the move away from ambient privacy will be an irreversible change, because it will remove our ability to function as a democracy.”
And, last but not least:
“Our discourse around privacy needs to expand to address foundational questions about the role of automation: To what extent is living in a surveillance-saturated world compatible with pluralism and democracy? What are the consequences of raising a generation of children whose every action feeds into a corporate database? What does it mean to be manipulated from an early age by machine learning algorithms that adaptively learn to shape our behavior?”
Ok, so I did end up quoting at great length. But really, I think it’s that good and important.
Your blender is listening
There was fun news — for some definition of fun! — coming out of France this week. A group of hackers discovered a connected blender had shipped with a microphone built in and with bad security practices. So this blender could be used to spy on very much unsuspecting buyers.
But let’s start at the beginning (also available on Twitter), because this is exactly the kind of irresponsible stuff that we at ThingsCon try to fight every day. Here’s the blender we’re talking about, on the right side:
[Image not embedded]
See the knobs on the blender? It’s a little hard to tell on the photo but these are virtual buttons, it’s a touch screen. (Insert your own joke about virtual buttons emulating physical buttons.) Also note that it says “Ausverkauft” under the product — sold out.
So what’s the story here? Lidl, the big chain discounter, sold the Monsieur Cuisine Connect. The connected blender is described in some articles as a Thermomix rival/clone, sold at a fraction of the price.
“Designed in Germany and produced in China, it has a seven-inch touch screen that can be connected via wifi to download recipes for free. And like any device connected to the network, it is susceptible to being hacked. That is precisely what two techies have done, who have disemboweled the robot and discovered important security and privacy issues. The device has a small microphone and a speaker and, in addition, is equipped with Android 6.0, a version that is not updated since October 2017.”
The articles quotes Lidl’s ED of marketing in France to say: “The supermarket chain defended itself arguing that they had foreseen that ‘the device could be controlled by voice and eventually by Alexa, we left the micro, but it is totally inactive and it is impossible to activate it remotely’”.
So what we see here is an undisclosed microphone in a blender, and a machine running an outdated, long insecure OS version. On their website, the manufacturer doesn’t even acknowledge the issue, let alone address it meaningfully. Instead they just set the product to “sold out” in their online shop, which seems a dubious claim at best. It’s a really instructive case study for the field of product development for connected products and IoT in general. Should be (and might become!) mandatory reading for students.
When I first tweeted about this, I claimed — somewhat over-excitedly — that it’s shoddy practice to keep too many feature options open for the future, that this was a main attack vector. I think it’s not totally off, but I want to thank Jeff Katz (always helpful & well informed: a rare, excellent mix of characteristics indeed!) for correcting me and keeping me honest when he pointed out that it’s normal, even good practice in hardware products to put in all the enabling technologies if you have the intention to use it, but you need to be transparent: “The fuckup was not disclosing that it was there, at all (…) Being opaque and shipping old software is far more common an attack vector.” Which is a good point, well made ?
As someone who spent a lot of time and too much money on connected speakers specifically so they would be not Alexa-ready (read: we wanted microphone free speakers), I always find it a little traumatizing to learn about all the embedded mics. But I’m not going to lie: this feels like a losing battle at the moment.
Microphones at the street level
Ok, a strained segue if ever there was one, but here you have it. Brain still in heat meltdown mode! The Globe and Mail covers Sidewalk Labs’ new development plan for the Toronto waterfront they’d like to develop. Spoiler alert: This poster child of smart city development has become the lightning rod for all the opponents of smart cities. They’re facing a lot of push back. (For the record: Rightly so, in my opinion.)
The author identifies multiple issues, from the very concrete to the very meta: Apparently the 1.500+ page document doesn’t answer the big picture questions of what Sidewalk Labs wants in Toronto: What do they really offer, what do they ask for in return?
“It’s remarkable that, after 20 months of public presentations, lobbying and “consultations” by the company – a process that gave it access to public officials that other real estate companies never get – I still don’t know, really, what [Sidewalk Labs chief executive] Doctoroff means.”
Also, given that this is an Alphabet company — and I’d like to stress both Alphabet as the lead actor as well as company as the underlying economic model — the question of handling data is front and center:
“Questions of data privacy and of the economic benefits of neighbourhood-scale data are exceptionally difficult to answer here.”
Smart city scholar (and critic) Anthony Townsend takes it a step further in this direction:
“Data governance has been a lightning rod because its new and scary. Early on, Sidewalk put more energy into figuring out how the robot trash chutes would work than how to control data it and others would collect in the proposed district. As part of Alphabet, you’d think this would have been a source of unique added value versus say, a conventional development. Not so? (…)”
Zooming out, he also wonders if the old narrative of attracting big businesses to boost the local economy for all, sustainably, might have run its course:
“The kinds of companies that want to set up shop in cities, today, the flagships of “surveillance capitalism” as Shoshanna Zuboff calls it, no longer operate like the industrial engines of the past. They source talent and services from all over the world, wherever its cheapest. Being near a big population is more useful because it supports a big airport, than because it provides a big pool of workers. (…) Google, Amazon, and their ilk are more like knowledge blackholes. Ideas and talent go in and they don’t come up, at least in a form usable to others. Seen another way?— it is precisely their ability to contain knowledge spillovers that has powered their success.”
And mayors go along with it, for now, because desperation, digging their own holes deeper and deeper:
“Economic development in cities today is a lot like hunting whales. Mayors try to land big deals that promise lots of jobs. They wield extensive tools, explicitly designed to operate outside of local legislative control, to make the needed concessions to outbid other cities. It’s in many ways a race to the bottom. They all hate it, but they do it.”
I have no answers to any of this. All I can offer is a few pointers that might lead to better approaches over time:
Put citizens first, administrations second, and vendors a distant third
Participatory practices and decision making are key here, and not window dressing
Together, they just might allow us to shift perspective enough to strengthen rather than erode democracy in our cities and beyond.
Currently “reading” with minimal progress: How to Do Nothing in the Attention Economy (Jenny Odell), Exhalations (Ted Chiang), Netter is Better (Thomas Hermann)
If you’d like to work with me in the upcoming months, I have very limited availability, so let’s have a chat!
Next week, before heading off on a summer break, will be the season finale for this newsletter, before picking back up after the summer. In the meantime, it’s a week of crunch time to get everything to a place where I can leave and the teams I’m working with have what they need from me. So, heads down, and onward.
Have a lovely end of the week!
Know someone who might enjoy this newsletter or benefit from it? A shout out to tinyletter.com/pbihr or a forward is appreciated!
Throughout 2018, we developed the Trustable Technology Mark, a consumer trustmark for IoT, that our non-profit ThingsCon administers. As the project lead on this Trustmark, I spent countless hours in discussions and meetings, at workshops and conferences, and doing research about other relevant consumer labels, trustmarks and certifications that might offer us some useful paths forward. I thought it might be interesting to share what I’ve learned along the way.
(Please note that this is also the reason this blog post appears first on my website; it’s because if there’s anything problematic here, it’s my fault and doesn’t reflect ThingsCon positions.)
1) The label is the least important thing
Launching a Trustmark is not about the label but about everything else. I’ve encountered probably dozens of cool label concepts, like “nutritional” labels for tech, “fair trade” style privacy labels, and many more. While there were many really neat approaches, the challenges lie elsewhere entirely. Concretely, the main challenges I see are the following:
What goes into the label, i.e. where and how do you source the data? (Sources)
Who analyzes the data and decides? (Governance)
Who benefits from the Trustmark? (Stakeholders and possible conflicts of interest)
How to get to traction? (Reach & relevance)
We’ve solved some of these challenges, but not all. Our data sourcing has been working well. We’re doing well with our stakeholders and possible conflicts of interest (nobody gets paid, we don’t charge for applications/licenses, and it’s all open sourced: In other words, no conflicts of interest and very transparent stakeholders, but this raises sustainability challenges). We don’t yet have robust governance structures, need a bigger pool of experts for reviews, and haven’t built the reach and relevance yet that we’ll need eventually if this is to be a long term success.
2) Sometimes you need to re-invent the wheel
Going into the project, I naively thought there must be existing models we could just adapt. But turns out, new problem spaces don’t always work that way. The nature of Internet of Things (IoT) and connected devices meant we faced a set of fairly new and unique challenges, and nobody had solved this issue. (For example, how to deal with ongoing software updates that could change the nature of a device multiple times without introducing a verification mechanism like reverse engineering that would be too cost intensive to be realistic.)
So we had to go back to the drawing board, and came out with a solution that I would say is far from perfect but better than anything else I’ve seen to date: Our human experts review applications that are based on information provided by the manufacturer/maker of the product, and this information is based on a fairly extensive & holistic questionnaire that includes aspects from feature level to general business practices to guarantees that the company makes on the record by using our Trustmark.
Based on that, our Trustmark offers a carrot; we leave it to others to be the stick.
We tried to collaborate as closely as possible with a number of friendly organizations (shout-out to Better IoT & Consumers International!) but also had to concede that in a project as fast moving and iterative it’s tough to coordinate as closely as we would have liked to have. That’s on us — by which I mean, it’s mostly on me personally, and I’m sorry I didn’t do a better job aligning this even better.
For example, while I did manage to have regular backchannel exchanges with collaborators, more formal partnerships are a whole different beast. I had less than a year to get this out the door, so anything involving formalizing was tricky. I was all the happier that a bunch of the partners in the Network of Centres and some other academic organizations decided to take the leap and set up lightweight partnerships with us. This allows a global footprint with partners in Brazil, United States, United Kingdom, Germany, Poland, Turkey, India and China. Thank you!
4) Take a stand
One of the most important take aways for me, however, was this: You can’t please everyone, or solve every problem.
For every aspect we would include, we’d exclude a dozen others. Every method (assessment, enforcement, etc.) used means another not used. Certification or license? Carrot or stick? Third party verification or rely on provided data? Incorporate life cycle analysis or focus on privacy? Include cloud service providers for IoT, or autonomous vehicles, or drones? These are just a tiny, tiny fraction of the set of questions we needed to decide. In the end, I believe that in order to have a chance at succeeding means cutting out many if not most aspects in order to have as clear a focus as possible.
And it means making a stand: Choose the problem space, and your approach to solving it, so you can be proud of it and stand behind it.
For the Trustable Technology Mark that meant: We prioritized a certain purity of mission over watering down our criteria, while choosing pragmatic processes and mechanisms over those we thought would be more robust but unrealistic. In the words of our slide deck, the Trustmark should hard to earn, but easy to document. That way we figured we could find those gems of products that try out truly novel approaches that are more respectful of consumers rights than the broad majority of the field.
Is this for everyone, or for everything? Certainly not. But that’s ok: We can stand behind it. And should we learn we’re wrong about something then we’ll know we tried our best, and can own those mistakes, too. We’ve planted a flag, a goal post that we hope will shift the conversation by setting a higher goal than most others.
It’s an ongoing project
The Trustable Technology Mark is a project under active development, and we’ll be happy sharing our learnings as things develop. In the meantime, I hope this has been helpful.
April brought a lot of intense input-output style work: Lots to digest, lots of writing.
If you’d like to work with me in the upcoming months, I have limited availability but am always happy to have a chat. I’m currently doing the planning for Q3 and Q4 2019.
Internet Freedom Festival
Earlier this month I got to participate in Valencia’s Internet Freedom Festival (IFF). I’d never been before, and it’s always great to join an event for the first time. Lots of interesting input there, and a great couple of sessions with both other foundation fellows as well as funders – a neat benefit of my Mozilla Fellowship.
Lectured at Hochschule Darmstadt
At the kind invitation of Prof. Andrea Krajewski I got to lecture for a day at Hochschule Darmstadt. With her students we explored responsible tech, ambient connected spaces, trust & tech. As part of the prep for this excellent day, I collected some resources for ethical and responsible tech development (blog post) which might turn out useful.
Focus areas for the next few months
I barely ever take part in tenders and mostly work based on client side requests. However, every now and then interesting stuff happens, and interesting stuff is happening right now, so I found myself participating in several consortia for tenders and project proposals. It’s quite unusual for me and also all around super as I’m excited by both the teams and the topic areas – it’s all around smart cities, ethical tech, AI, privacy, trust. So they’re right up my alley. More soon.
For an upcoming day of teaching I started compiling a list of resources relevant for the ethical, responsible development of tech, especially public interest tech. This list is very much incomplete, a starting point.
(For disclosure’s sake, I should add that I’ve started lists like this before: I’ll try, but cannot promise, to be maintaining this one. Just assume it’s a snapshot, useful primarily in the now and as an archive for future reference.)
I also can take only very partial credit for it since I asked Twitter for input. I love Twitter for this kind of stuff: Ask, and help shall be provided. My Twitter is a highly curated feed of smart, helpful people. (I understand that for many people Twitter feels very, very different. My experience is privileged that way.) A big thank you in particular to Sebastian Deterding, Alexandra Deschamps-Sonsino, Dr. Laura James, Iskander Smit, and to others I won’t name because they replied via DM and this might have been a privacy-related decision. You know who you are – thank you!
Here are a bunch of excellent starting points to dig deeper, ranging from books to academic papers to events to projects to full blown reading lists. This list covers a lot of ground. You can’t really go wrong here, but choose wisely.