What I learned from launching a consumer trustmark for IoT


Throughout 2018, we developed the Trustable Technology Mark, a consumer trustmark for IoT, that our non-profit ThingsCon administers. As the project lead on this Trustmark, I spent countless hours in discussions and meetings, at workshops and conferences, and doing research about other relevant consumer labels, trustmarks and certifications that might offer us some useful paths forward. I thought it might be interesting to share what I’ve learned along the way.

(Please note that this is also the reason this blog post appears first on my website; it’s because if there’s anything problematic here, it’s my fault and doesn’t reflect ThingsCon positions.)

1) The label is the least important thing

Launching a Trustmark is not about the label but about everything else. I’ve encountered probably dozens of cool label concepts, like “nutritional” labels for tech, “fair trade” style privacy labels, and many more. While there were many really neat approaches, the challenges lie elsewhere entirely. Concretely, the main challenges I see are the following:

  • What goes into the label, i.e. where and how do you source the data? (Sources)
  • Who analyzes the data and decides? (Governance)
  • Who benefits from the Trustmark? (Stakeholders and possible conflicts of interest)
  • How to get to traction? (Reach & relevance)

We’ve solved some of these challenges, but not all. Our data sourcing has been working well. We’re doing well with our stakeholders and possible conflicts of interest (nobody gets paid, we don’t charge for applications/licenses, and it’s all open sourced: In other words, no conflicts of interest and very transparent stakeholders, but this raises sustainability challenges). We don’t yet have robust governance structures, need a bigger pool of experts for reviews, and haven’t built the reach and relevance yet that we’ll need eventually if this is to be a long term success.

2) Sometimes you need to re-invent the wheel

Going into the project, I naively thought there must be existing models we could just adapt. But turns out, new problem spaces don’t always work that way. The nature of Internet of Things (IoT) and connected devices meant we faced a set of fairly new and unique challenges, and nobody had solved this issue. (For example, how to deal with ongoing software updates that could change the nature of a device multiple times without introducing a verification mechanism like reverse engineering that would be too cost intensive to be realistic.)

So we had to go back to the drawing board, and came out with a solution that I would say is far from perfect but better than anything else I’ve seen to date: Our human experts review applications that are based on information provided by the manufacturer/maker of the product, and this information is based on a fairly extensive & holistic questionnaire that includes aspects from feature level to general business practices to guarantees that the company makes on the record by using our Trustmark.

Based on that, our Trustmark offers a carrot; we leave it to others to be the stick.

That said, we did learn a lot from the good folks at the Open Source Hardware Association. (Thanks, OSHWA!)

3) Collaborate where possible

We tried to collaborate as closely as possible with a number of friendly organizations (shout-out to Better IoT & Consumers International!) but also had to concede that in a project as fast moving and iterative it’s tough to coordinate as closely as we would have liked to have. That’s on us — by which I mean, it’s mostly on me personally, and I’m sorry I didn’t do a better job aligning this even better.

For example, while I did manage to have regular backchannel exchanges with collaborators, more formal partnerships are a whole different beast. I had less than a year to get this out the door, so anything involving formalizing was tricky. I was all the happier that a bunch of the partners in the Network of Centres and some other academic organizations decided to take the leap and set up lightweight partnerships with us. This allows a global footprint with partners in Brazil, United States, United Kingdom, Germany, Poland, Turkey, India and China. Thank you!

4) Take a stand

One of the most important take aways for me, however, was this: You can’t please everyone, or solve every problem.

For every aspect we would include, we’d exclude a dozen others. Every method (assessment, enforcement, etc.) used means another not used. Certification or license? Carrot or stick? Third party verification or rely on provided data? Incorporate life cycle analysis or focus on privacy? Include cloud service providers for IoT, or autonomous vehicles, or drones? These are just a tiny, tiny fraction of the set of questions we needed to decide. In the end, I believe that in order to have a chance at succeeding means cutting out many if not most aspects in order to have as clear a focus as possible.

And it means making a stand: Choose the problem space, and your approach to solving it, so you can be proud of it and stand behind it.

For the Trustable Technology Mark that meant: We prioritized a certain purity of mission over watering down our criteria, while choosing pragmatic processes and mechanisms over those we thought would be more robust but unrealistic. In the words of our slide deck, the Trustmark should hard to earn, but easy to document. That way we figured we could find those gems of products that try out truly novel approaches that are more respectful of consumers rights than the broad majority of the field.

Is this for everyone, or for everything? Certainly not. But that’s ok: We can stand behind it. And should we learn we’re wrong about something then we’ll know we tried our best, and can own those mistakes, too. We’ve planted a flag, a goal post that we hope will shift the conversation by setting a higher goal than most others.

It’s an ongoing project

The Trustable Technology Mark is a project under active development, and we’ll be happy sharing our learnings as things develop. In the meantime, I hope this has been helpful.

If you’ve got anything to share, please send it to me personally (peter@thewavingcat.com) or to trustabletech@thingscon.org.

The Trustable Technology Mark was developed under the ThingsCon umbrella with support from the Mozilla Foundation.

Third Wave, 4 weeks in


your report sir

It’s been four weeks since we started our small agency Third Wave — four weeks and a few days, actually — and it’s time to pause for a moment and reflect: Where are we now, after the first month?

Note: There’s also an invitation to our launch party at the end of the post ;)

One, the first few weeks have been very exciting, and I’m as confident about where this whole gig is going as ever. That’s quite a relief: Even though of course I wouldn’t have founded a company with two partners without the confidence that this is going to work out there is always a certain chance to screw things up. (And I guess there always will be.) So far, no screw-ups of any major scale have been noticed ;)

Two, we’ve been incredibly lucky (and glad) in terms of new business. After four weeks we have five fantastic clients from four completely different fields, and a number of new projects lined up. (Once our website is up we’ll list them all there.) It’s this diversity that I find particularly interesting, as it captures to some degree the wide variety of things we like to do. And I wouldn’t have dared to dream that we’d manage to wrap all that up right from the start.

So who do we work for? Two big agencies, Deutsche Welle Global Ideas, my old client Netzpiloten as well as SinnerSchrader’s Next Conference. In other words, there’s “classic” agency work, it’s web strategy for a broadcaster, it’s ongoing work with an online magazine as well as curation work since we’ll be curating an hosting the “social” track at Next Conference 2011.

Where do these clients come from? This is where it gets interesting. Almost all of them approached us based on former work or other relationships, i.e. all of our business so far is based on our networks: word-of-mouth recommendations of the purest sort. This is the biggest compliment we could possibly get, so I’d like to say a big Thank You! to all of you who’ve been recommending us. You rock!

Three, on to learnings: What are the lessons I learned so far? (Apologies for the clichés.)

Communication is key. There’s nothing as important as making sure that everybody is on the same page, to bring up any potential conflicts early on, and to coordinate. We’ve all been traveling a lot, so we’ve been doing a lot of our work remotely, via email, chat, skype, phone. This adds an extra layer of potential pitfalls – make sure to allow for enough face (or at least voice) time.

Define clear roles or responsibilities. We were told about how important it is to make sure everybody has a clear role (or clear roles). Particularly since the three of us have comparatively similar profiles (i.e. we aren’t one coder, one finance guy and one designer, but rather three strategists of some flavor or another) it’s important that someone wears a certain hat. We’ve been trying not to restrict ourselves too strictly here, so we’ve been working with leads: Every project has one lead person to hold things together, every field we identify as relevant has one (accounting; CEO-style paperwork; website; branding etc). These might (and hopefully will) change over time as we learn more, but for the moment this is how we proceed.

Prioritize & experiment. Paperwork and overhead takes longer than you expect. Much longer. And I expected to spend a lot of time on overhead, but there’s always something that needs your attention. Prioritize. Try to find a good balance when it comes to redundancy: You don’t want just one person to know about important things, but you don’t want to waste a lot of time on redundancy either. Experiment. Still, it’ll take quite a while until your paperwork is complete, no matter how well prepared you are.

Four, launch party! We have a launch party at our office this Friday (Facebook event). Feel free to swing by!

Image by Goopymart (some rights reserved)