The IG BCE’s magazine Kompakt interviewed me about IoT, AI and why simple solutions so often are inappropriate for complex issues: The interview is in German, available as an e-paper. (5 November 2019)
October was busy, heads-down. Also, a number of events I had planned to attend and had to miss on short notice — most notably, Mozfest, which I had attended almost uninterruptedly since its first prototype event, Drumbeat, 10 years ago. I was really bummed to have missed that one, but such is life.
That said, lots happening:
In largely unrelated news, a quick reminder: If you’ve shared sensitive data about you with a startup about you, take a moment to see if you still want that data there? Fitbit just made a splash with the announcement that Alphabet acquired them (and the data along with the company). When I recently, on a whim, checked out 23andMe I realized they had started aggressively integrating partnership offerings (“Explore your ancestry through Airbnb” and other non-sense that could hardly be more absurd). To me this is a big red flag that they’re likely to fold. So I pulled a copy of my data and requested data and account deletion, which feels like the right thing to do once things change in that direction.
In parallel, btw, I continue to write a newsletter pretty actively. Not sure if/how this should be integrated more closely in this blog. For the time being, the newsletter format works pretty well for me (and I need to find out why that is, but here you to). It’s about tech & society, business & culture, plus an eclectic mix of updates on projects. Besides Twitter, that’s also where a lot of my thinking-out-loud happens: Early ideas taking shape, trying on new arguments, that kind of thing. You can sign up to that here.
For the last few months, I had dropped the ball on posting monthnotes. Starting next month, I’m planning/hoping to write more regular #monthnotes again, with a somewhat higher fidelity. Until then, this super lightweight, bullet point version it is.
For the briefest and most incomplete overview, in the mean time:
You might notice that both AI and smart cities have both picked up a lot of steam as threads connecting my work, and there’s been a bit of an organic shift towards policy. This is likely to continue some more.
I’ve been writing a newsletter for a few years now that I just rarely feature here, and usually just mention every now and then. At a recent conference, conversations with Ton Zylstra, Elmine Wijnia, Peter Rukavina and others all reminded me of the value of creating a more permanent archive that you host yourself (to a degree) rather than just relying on something as potentially impermanent as a commercial newsletter provided. (Ton blogged about it, too.) It is in that spirit that I’ll try for a bit to cross-post (most) of my newsletter here.
Please note that (for workflow and time saving reasons) this is a copy & paste of a pre-final draft; the final corrections and edits happen within Tinyletter, the email service. So there might be a few typos here that aren’t in the newsletter itself.
The preferred way to receive this (preferred by the author at least) is most certainly the newsletter, but here’s the archived version for those who prefer a different format. Also, take it as a sample/teaser. And if you think this is for you, why don’t you come along for the ride:
/// snip, here goes ///
“Sustainability always looks like underutilization when compared to resource extraction”
— Deb Chachra, Metafoundry
In Berlin, we’re coming off of the tail end of a massive heat wave with somewhere near 40C peak yesterday. A small stretch of forest burned on the city’s edge, a much larger one just south of the city. The latter included a former military training ground; ordnance was involved. There were warnings of strange smells wafting through the city. Stay calm, everyone. This is just the new normal.
Today’s pieces mostly run along the thread of privacy & how to make sure we can all have enough to see democracy thrive: From the macro level through the smart city lens down to the issue of microphones embedded in our kitchens. Enjoy!
Know someone who might enjoy this newsletter or benefit from it? Feel free to forward as you see fit, or send out a shout-out to tinyletter.com/pbihr. If you’d like to support my independent writing directly, the easiest way is to join the Brain Trust membership.
Starting a new fellowship. I mentioned if briefly before, but am happy to announce officially: Edgeryders invited me to be a fellow as part of their Internet of Humans program, exploring some questions around how to make smart cities work for citizens first and foremost (as opposed to vendors or administration first). I’m honored and grateful; this helps me dig deeper into these issues that — as you know well if you’re reading this — have been on the top of my mind for some time.
The network provides. For Zephyr Berlin, our apparel staples side project that we’ve been engaged in since 2016, I reached out to Twitter to see if anyone could hook me up with some recommendations/leads/pointers to learn more about how and where to produce something with merino wool in Europe. And lo and behold, we got so many excellent leads — thank you! (You know who you are.) I’m not sure what might come out of this, if anything, but I know it’s more than just fun to learn more and experiment with new ideas.
One of my favorite writers online — especially about travel and the internet industry — is the ever brilliant Maciej Ceg?owski, founder of Pinboard and Tech Solidarity and an outspoken tech critic from within, so to speak. He just wrote a long-ish piece on what he coins “ambient privacy”, i.e. the idea that our privacy is impacted not just by the things we actively choose to share through, for example, social media; but also by the environments we move through, from other people’s social media use to sensors and GPS and the internet watching us through surveillance ads and all that jazz. It’s essentially an inversion of our traditional perspective of privacy as a default to non-privacy as a default (not a desirable outcome one, to be sure!) — or the shift from individual data rights to a collective data rights in the words of Martine Tisné (linked a few times before).
If you read one thing today, make it this one, I urge you. I loved it so much, I kind of want to quote the whole thing. Instead, a few snippets as teasers more than anything (highlights mine):
“This requires us to talk about a different kind of privacy, one that we haven’t needed to give a name to before. For the purposes of this essay, I’ll call it ‘ambient privacy’—the understanding that there is value in having our everyday interactions with one another remain outside the reach of monitoring, and that the small details of our daily lives should pass by unremembered. What we do at home, work, church, school, or in our leisure time does not belong in a permanent record. Not every conversation needs to be a deposition. (…) Ambient privacy is not a property of people, or of their data, but of the world around us. Just like you can’t drop out of the oil economy by refusing to drive a car, you can’t opt out of the surveillance economy by forswearing technology (and for many people, that choice is not an option). While there may be worthy reasons to take your life off the grid, the infrastructure will go up around you whether you use it or not.”
“In the eyes of regulators, privacy still means what it did in the eighteenth century—protecting specific categories of personal data, or communications between individuals, from unauthorized disclosure. Third parties that are given access to our personal data have a duty to protect it, and to the extent that they discharge this duty, they are respecting our privacy. (…) The question we need to ask is not whether our data is safe, but why there is suddenly so much of it that needs protecting. The problem with the dragon, after all, is not its stockpile stewardship, but its appetite.”
“Because our laws frame privacy as an individual right, we don’t have a mechanism for deciding whether we want to live in a surveillance society.“ (…) “Telling people that they own their data, and should decide what to do with it, is just another way of disempowering them.”
“The large tech companies point to our willing use of their services as proof that people don’t really care about their privacy. But this is like arguing that inmates are happy to be in jail because they use the prison library. Confronted with the reality of a monitored world, people make the rational decision to make the best of it.”
“When all discussion takes place under the eye of software, in a for-profit medium working to shape the participants’ behavior, it may not be possible to create the consensus and shared sense of reality that is a prerequisite for self-government. If that is true, then the move away from ambient privacy will be an irreversible change, because it will remove our ability to function as a democracy.”
And, last but not least:
“Our discourse around privacy needs to expand to address foundational questions about the role of automation: To what extent is living in a surveillance-saturated world compatible with pluralism and democracy? What are the consequences of raising a generation of children whose every action feeds into a corporate database? What does it mean to be manipulated from an early age by machine learning algorithms that adaptively learn to shape our behavior?”
Ok, so I did end up quoting at great length. But really, I think it’s that good and important.
There was fun news — for some definition of fun! — coming out of France this week. A group of hackers discovered a connected blender had shipped with a microphone built in and with bad security practices. So this blender could be used to spy on very much unsuspecting buyers.
But let’s start at the beginning (also available on Twitter), because this is exactly the kind of irresponsible stuff that we at ThingsCon try to fight every day. Here’s the blender we’re talking about, on the right side:[Image not embedded]
See the knobs on the blender? It’s a little hard to tell on the photo but these are virtual buttons, it’s a touch screen. (Insert your own joke about virtual buttons emulating physical buttons.) Also note that it says “Ausverkauft” under the product — sold out.
So what’s the story here? Lidl, the big chain discounter, sold the Monsieur Cuisine Connect. The connected blender is described in some articles as a Thermomix rival/clone, sold at a fraction of the price.
“Designed in Germany and produced in China, it has a seven-inch touch screen that can be connected via wifi to download recipes for free. And like any device connected to the network, it is susceptible to being hacked. That is precisely what two techies have done, who have disemboweled the robot and discovered important security and privacy issues. The device has a small microphone and a speaker and, in addition, is equipped with Android 6.0, a version that is not updated since October 2017.”
The articles quotes Lidl’s ED of marketing in France to say: “The supermarket chain defended itself arguing that they had foreseen that ‘the device could be controlled by voice and eventually by Alexa, we left the micro, but it is totally inactive and it is impossible to activate it remotely’”.
So what we see here is an undisclosed microphone in a blender, and a machine running an outdated, long insecure OS version. On their website, the manufacturer doesn’t even acknowledge the issue, let alone address it meaningfully. Instead they just set the product to “sold out” in their online shop, which seems a dubious claim at best. It’s a really instructive case study for the field of product development for connected products and IoT in general. Should be (and might become!) mandatory reading for students.
When I first tweeted about this, I claimed — somewhat over-excitedly — that it’s shoddy practice to keep too many feature options open for the future, that this was a main attack vector. I think it’s not totally off, but I want to thank Jeff Katz (always helpful & well informed: a rare, excellent mix of characteristics indeed!) for correcting me and keeping me honest when he pointed out that it’s normal, even good practice in hardware products to put in all the enabling technologies if you have the intention to use it, but you need to be transparent: “The fuckup was not disclosing that it was there, at all (…) Being opaque and shipping old software is far more common an attack vector.” Which is a good point, well made ?
As someone who spent a lot of time and too much money on connected speakers specifically so they would be not Alexa-ready (read: we wanted microphone free speakers), I always find it a little traumatizing to learn about all the embedded mics. But I’m not going to lie: this feels like a losing battle at the moment.
Ok, a strained segue if ever there was one, but here you have it. Brain still in heat meltdown mode! The Globe and Mail covers Sidewalk Labs’ new development plan for the Toronto waterfront they’d like to develop. Spoiler alert: This poster child of smart city development has become the lightning rod for all the opponents of smart cities. They’re facing a lot of push back. (For the record: Rightly so, in my opinion.)
The author identifies multiple issues, from the very concrete to the very meta: Apparently the 1.500+ page document doesn’t answer the big picture questions of what Sidewalk Labs wants in Toronto: What do they really offer, what do they ask for in return?
“It’s remarkable that, after 20 months of public presentations, lobbying and “consultations” by the company – a process that gave it access to public officials that other real estate companies never get – I still don’t know, really, what [Sidewalk Labs chief executive] Doctoroff means.”
Also, given that this is an Alphabet company — and I’d like to stress both Alphabet as the lead actor as well as company as the underlying economic model — the question of handling data is front and center:
“Questions of data privacy and of the economic benefits of neighbourhood-scale data are exceptionally difficult to answer here.”
Smart city scholar (and critic) Anthony Townsend takes it a step further in this direction:
“Data governance has been a lightning rod because its new and scary. Early on, Sidewalk put more energy into figuring out how the robot trash chutes would work than how to control data it and others would collect in the proposed district. As part of Alphabet, you’d think this would have been a source of unique added value versus say, a conventional development. Not so? (…)”
Zooming out, he also wonders if the old narrative of attracting big businesses to boost the local economy for all, sustainably, might have run its course:
“The kinds of companies that want to set up shop in cities, today, the flagships of “surveillance capitalism” as Shoshanna Zuboff calls it, no longer operate like the industrial engines of the past. They source talent and services from all over the world, wherever its cheapest. Being near a big population is more useful because it supports a big airport, than because it provides a big pool of workers. (…) Google, Amazon, and their ilk are more like knowledge blackholes. Ideas and talent go in and they don’t come up, at least in a form usable to others. Seen another way?— it is precisely their ability to contain knowledge spillovers that has powered their success.”
And mayors go along with it, for now, because desperation, digging their own holes deeper and deeper:
“Economic development in cities today is a lot like hunting whales. Mayors try to land big deals that promise lots of jobs. They wield extensive tools, explicitly designed to operate outside of local legislative control, to make the needed concessions to outbid other cities. It’s in many ways a race to the bottom. They all hate it, but they do it.”
I have no answers to any of this. All I can offer is a few pointers that might lead to better approaches over time:
Together, they just might allow us to shift perspective enough to strengthen rather than erode democracy in our cities and beyond.
Currently “reading” with minimal progress: How to Do Nothing in the Attention Economy (Jenny Odell), Exhalations (Ted Chiang), Netter is Better (Thomas Hermann)
If you’d like to work with me in the upcoming months, I have very limited availability, so let’s have a chat!
Next week, before heading off on a summer break, will be the season finale for this newsletter, before picking back up after the summer. In the meantime, it’s a week of crunch time to get everything to a place where I can leave and the teams I’m working with have what they need from me. So, heads down, and onward.
Have a lovely end of the week!
Know someone who might enjoy this newsletter or benefit from it? A shout out to tinyletter.com/pbihr or a forward is appreciated!
Pictures: my own
Throughout 2018, we developed the Trustable Technology Mark, a consumer trustmark for IoT, that our non-profit ThingsCon administers. As the project lead on this Trustmark, I spent countless hours in discussions and meetings, at workshops and conferences, and doing research about other relevant consumer labels, trustmarks and certifications that might offer us some useful paths forward. I thought it might be interesting to share what I’ve learned along the way.
(Please note that this is also the reason this blog post appears first on my website; it’s because if there’s anything problematic here, it’s my fault and doesn’t reflect ThingsCon positions.)
Launching a Trustmark is not about the label but about everything else. I’ve encountered probably dozens of cool label concepts, like “nutritional” labels for tech, “fair trade” style privacy labels, and many more. While there were many really neat approaches, the challenges lie elsewhere entirely. Concretely, the main challenges I see are the following:
We’ve solved some of these challenges, but not all. Our data sourcing has been working well. We’re doing well with our stakeholders and possible conflicts of interest (nobody gets paid, we don’t charge for applications/licenses, and it’s all open sourced: In other words, no conflicts of interest and very transparent stakeholders, but this raises sustainability challenges). We don’t yet have robust governance structures, need a bigger pool of experts for reviews, and haven’t built the reach and relevance yet that we’ll need eventually if this is to be a long term success.
Going into the project, I naively thought there must be existing models we could just adapt. But turns out, new problem spaces don’t always work that way. The nature of Internet of Things (IoT) and connected devices meant we faced a set of fairly new and unique challenges, and nobody had solved this issue. (For example, how to deal with ongoing software updates that could change the nature of a device multiple times without introducing a verification mechanism like reverse engineering that would be too cost intensive to be realistic.)
So we had to go back to the drawing board, and came out with a solution that I would say is far from perfect but better than anything else I’ve seen to date: Our human experts review applications that are based on information provided by the manufacturer/maker of the product, and this information is based on a fairly extensive & holistic questionnaire that includes aspects from feature level to general business practices to guarantees that the company makes on the record by using our Trustmark.
Based on that, our Trustmark offers a carrot; we leave it to others to be the stick.
That said, we did learn a lot from the good folks at the Open Source Hardware Association. (Thanks, OSHWA!)
We tried to collaborate as closely as possible with a number of friendly organizations (shout-out to Better IoT & Consumers International!) but also had to concede that in a project as fast moving and iterative it’s tough to coordinate as closely as we would have liked to have. That’s on us — by which I mean, it’s mostly on me personally, and I’m sorry I didn’t do a better job aligning this even better.
For example, while I did manage to have regular backchannel exchanges with collaborators, more formal partnerships are a whole different beast. I had less than a year to get this out the door, so anything involving formalizing was tricky. I was all the happier that a bunch of the partners in the Network of Centres and some other academic organizations decided to take the leap and set up lightweight partnerships with us. This allows a global footprint with partners in Brazil, United States, United Kingdom, Germany, Poland, Turkey, India and China. Thank you!
One of the most important take aways for me, however, was this: You can’t please everyone, or solve every problem.
For every aspect we would include, we’d exclude a dozen others. Every method (assessment, enforcement, etc.) used means another not used. Certification or license? Carrot or stick? Third party verification or rely on provided data? Incorporate life cycle analysis or focus on privacy? Include cloud service providers for IoT, or autonomous vehicles, or drones? These are just a tiny, tiny fraction of the set of questions we needed to decide. In the end, I believe that in order to have a chance at succeeding means cutting out many if not most aspects in order to have as clear a focus as possible.
And it means making a stand: Choose the problem space, and your approach to solving it, so you can be proud of it and stand behind it.
For the Trustable Technology Mark that meant: We prioritized a certain purity of mission over watering down our criteria, while choosing pragmatic processes and mechanisms over those we thought would be more robust but unrealistic. In the words of our slide deck, the Trustmark should hard to earn, but easy to document. That way we figured we could find those gems of products that try out truly novel approaches that are more respectful of consumers rights than the broad majority of the field.
Is this for everyone, or for everything? Certainly not. But that’s ok: We can stand behind it. And should we learn we’re wrong about something then we’ll know we tried our best, and can own those mistakes, too. We’ve planted a flag, a goal post that we hope will shift the conversation by setting a higher goal than most others.
The Trustable Technology Mark is a project under active development, and we’ll be happy sharing our learnings as things develop. In the meantime, I hope this has been helpful.
If you’ve got anything to share, please send it to me personally (email@example.com) or to firstname.lastname@example.org.
The Trustable Technology Mark was developed under the ThingsCon umbrella with support from the Mozilla Foundation.
April brought a lot of intense input-output style work: Lots to digest, lots of writing.
If you’d like to work with me in the upcoming months, I have limited availability but am always happy to have a chat. I’m currently doing the planning for Q3 and Q4 2019.
Earlier this month I got to participate in Valencia’s Internet Freedom Festival (IFF). I’d never been before, and it’s always great to join an event for the first time. Lots of interesting input there, and a great couple of sessions with both other foundation fellows as well as funders – a neat benefit of my Mozilla Fellowship.
At the kind invitation of Prof. Andrea Krajewski I got to lecture for a day at Hochschule Darmstadt. With her students we explored responsible tech, ambient connected spaces, trust & tech. As part of the prep for this excellent day, I collected some resources for ethical and responsible tech development (blog post) which might turn out useful.
I barely ever take part in tenders and mostly work based on client side requests. However, every now and then interesting stuff happens, and interesting stuff is happening right now, so I found myself participating in several consortia for tenders and project proposals. It’s quite unusual for me and also all around super as I’m excited by both the teams and the topic areas – it’s all around smart cities, ethical tech, AI, privacy, trust. So they’re right up my alley. More soon.
If you’d like to work with me in the upcoming months, I have limited availability but am always happy to have a chat. I’m currently doing the planning for Q3 and Q4 2019.
Have a great Month!