Like I wrote in the last monthnotes, November to January are blocked out for research and writing. That said, there was a bit of other stuff going on outside heads-down writing, most notably the annual ThingsCon conference.
I also wrapped up my Edgeryders fellowship. I’m grateful for the opportunity to pursue independent research into how we can make smart cities work better for citizens.
I’ve submitted the final pieces of writing for a Brussels-based foundation. The final report should be out soon. This is roughly in the area of European digital agenda & smart city policy.
With a Berlin-based think tank, a research project is in the phase of final write-up of results and conclusions. This will likely take us well into January, then on to collect some more feedback on the final drafts. More updates when I have them. This is in the area of responsible AI development.
A more recent project around impact of smart cities on labor rights has kicked off in December. Lots of research and writing to do there well into January.
October was busy, heads-down. Also, a number of events I had planned to attend and had to miss on short notice — most notably, Mozfest, which I had attended almost uninterruptedly since its first prototype event, Drumbeat, 10 years ago. I was really bummed to have missed that one, but such is life.
That said, lots happening:
A longer project around a progressive digital agenda and especially smart cities / citizens rights with a Brussels foundation is slowly moving into the final round of edits and workshops. The final results should go public soon(ish). Certainly before the end of the year.
Research into the ecosystems supporting the development of ethical/ responsible/ trustworthy AI in Europe together with a think tank is moving along nicely. Here, we still have some work to do. There are workshops to host, writing waiting to happen. So there, the results will probably be published either just before the end of the year, or first thing in the new year.
I had the immense pleasure to speak at the Friedrich-Ebert-Stiftung event Digital Capitalism about smart cities and how to make them work better for citizens rather than vendors. It was an honor and a delight so share this panel with Elvan Korkmaz (member of parliament, SPD), Katharina Meyer (Prototype Fund) and Hans-Martin Neumann (Austrian Institute of Technology).
In largely unrelated news, a quick reminder: If you’ve shared sensitive data about you with a startup about you, take a moment to see if you still want that data there? Fitbit just made a splash with the announcement that Alphabet acquired them (and the data along with the company). When I recently, on a whim, checked out 23andMe I realized they had started aggressively integrating partnership offerings (“Explore your ancestry through Airbnb” and other non-sense that could hardly be more absurd). To me this is a big red flag that they’re likely to fold. So I pulled a copy of my data and requested data and account deletion, which feels like the right thing to do once things change in that direction.
In parallel, btw, I continue to write a newsletter pretty actively. Not sure if/how this should be integrated more closely in this blog. For the time being, the newsletter format works pretty well for me (and I need to find out why that is, but here you to). It’s about tech & society, business & culture, plus an eclectic mix of updates on projects. Besides Twitter, that’s also where a lot of my thinking-out-loud happens: Early ideas taking shape, trying on new arguments, that kind of thing. You can sign up to that here.
I’ve been writing a newsletter for a few years now that I just rarely feature here, and usually just mention every now and then. At a recent conference, conversations with Ton Zylstra, Elmine Wijnia, Peter Rukavina and others all reminded me of the value of creating a more permanent archive that you host yourself (to a degree) rather than just relying on something as potentially impermanent as a commercial newsletter provided. (Ton blogged about it, too.) It is in that spirit that I’ll try for a bit to cross-post (most) of my newsletter here.
Please note that (for workflow and time saving reasons) this is a copy & paste of a pre-final draft; the final corrections and edits happen within Tinyletter, the email service. So there might be a few typos here that aren’t in the newsletter itself.
The preferred way to receive this (preferred by the author at least) is most certainly the newsletter, but here’s the archived version for those who prefer a different format. Also, take it as a sample/teaser. And if you think this is for you, why don’t you come along for the ride:
Ambient privacy & participation at the (smart) street level
“Sustainability always looks like underutilization when compared to resource extraction”
— Deb Chachra, Metafoundry
In Berlin, we’re coming off of the tail end of a massive heat wave with somewhere near 40C peak yesterday. A small stretch of forest burned on the city’s edge, a much larger one just south of the city. The latter included a former military training ground; ordnance was involved. There were warnings of strange smells wafting through the city. Stay calm, everyone. This is just the new normal.
Today’s pieces mostly run along the thread of privacy & how to make sure we can all have enough to see democracy thrive: From the macro level through the smart city lens down to the issue of microphones embedded in our kitchens. Enjoy!
Know someone who might enjoy this newsletter or benefit from it? Feel free to forward as you see fit, or send out a shout-out to tinyletter.com/pbihr. If you’d like to support my independent writing directly, the easiest way is to join the Brain Trust membership.
Starting a new fellowship. I mentioned if briefly before, but am happy to announce officially: Edgeryders invited me to be a fellow as part of their Internet of Humans program, exploring some questions around how to make smart cities work for citizens first and foremost (as opposed to vendors or administration first). I’m honored and grateful; this helps me dig deeper into these issues that — as you know well if you’re reading this — have been on the top of my mind for some time.
The network provides. For Zephyr Berlin, our apparel staples side project that we’ve been engaged in since 2016, I reached out to Twitter to see if anyone could hook me up with some recommendations/leads/pointers to learn more about how and where to produce something with merino wool in Europe. And lo and behold, we got so many excellent leads — thank you! (You know who you are.) I’m not sure what might come out of this, if anything, but I know it’s more than just fun to learn more and experiment with new ideas.
One of my favorite writers online — especially about travel and the internet industry — is the ever brilliant Maciej Ceg?owski, founder of Pinboard and Tech Solidarity and an outspoken tech critic from within, so to speak. He just wrote a long-ish piece on what he coins “ambient privacy”, i.e. the idea that our privacy is impacted not just by the things we actively choose to share through, for example, social media; but also by the environments we move through, from other people’s social media use to sensors and GPS and the internet watching us through surveillance ads and all that jazz. It’s essentially an inversion of our traditional perspective of privacy as a default to non-privacy as a default (not a desirable outcome one, to be sure!) — or the shift from individual data rights to a collective data rights in the words of Martine Tisné (linked a few times before).
If you read one thing today, make it this one, I urge you. I loved it so much, I kind of want to quote the whole thing. Instead, a few snippets as teasers more than anything (highlights mine):
“This requires us to talk about a different kind of privacy, one that we haven’t needed to give a name to before. For the purposes of this essay, I’ll call it ‘ambient privacy’—the understanding that there is value in having our everyday interactions with one another remain outside the reach of monitoring, and that the small details of our daily lives should pass by unremembered. What we do at home, work, church, school, or in our leisure time does not belong in a permanent record. Not every conversation needs to be a deposition. (…) Ambient privacy is not a property of people, or of their data, but of the world around us. Just like you can’t drop out of the oil economy by refusing to drive a car, you can’t opt out of the surveillance economy by forswearing technology (and for many people, that choice is not an option). While there may be worthy reasons to take your life off the grid, the infrastructure will go up around you whether you use it or not.”
“In the eyes of regulators, privacy still means what it did in the eighteenth century—protecting specific categories of personal data, or communications between individuals, from unauthorized disclosure. Third parties that are given access to our personal data have a duty to protect it, and to the extent that they discharge this duty, they are respecting our privacy. (…) The question we need to ask is not whether our data is safe, but why there is suddenly so much of it that needs protecting. The problem with the dragon, after all, is not its stockpile stewardship, but its appetite.”
“Because our laws frame privacy as an individual right, we don’t have a mechanism for deciding whether we want to live in a surveillance society.“ (…) “Telling people that they own their data, and should decide what to do with it, is just another way of disempowering them.”
“The large tech companies point to our willing use of their services as proof that people don’t really care about their privacy. But this is like arguing that inmates are happy to be in jail because they use the prison library. Confronted with the reality of a monitored world, people make the rational decision to make the best of it.”
“When all discussion takes place under the eye of software, in a for-profit medium working to shape the participants’ behavior, it may not be possible to create the consensus and shared sense of reality that is a prerequisite for self-government. If that is true, then the move away from ambient privacy will be an irreversible change, because it will remove our ability to function as a democracy.”
And, last but not least:
“Our discourse around privacy needs to expand to address foundational questions about the role of automation: To what extent is living in a surveillance-saturated world compatible with pluralism and democracy? What are the consequences of raising a generation of children whose every action feeds into a corporate database? What does it mean to be manipulated from an early age by machine learning algorithms that adaptively learn to shape our behavior?”
Ok, so I did end up quoting at great length. But really, I think it’s that good and important.
Your blender is listening
There was fun news — for some definition of fun! — coming out of France this week. A group of hackers discovered a connected blender had shipped with a microphone built in and with bad security practices. So this blender could be used to spy on very much unsuspecting buyers.
But let’s start at the beginning (also available on Twitter), because this is exactly the kind of irresponsible stuff that we at ThingsCon try to fight every day. Here’s the blender we’re talking about, on the right side:
[Image not embedded]
See the knobs on the blender? It’s a little hard to tell on the photo but these are virtual buttons, it’s a touch screen. (Insert your own joke about virtual buttons emulating physical buttons.) Also note that it says “Ausverkauft” under the product — sold out.
So what’s the story here? Lidl, the big chain discounter, sold the Monsieur Cuisine Connect. The connected blender is described in some articles as a Thermomix rival/clone, sold at a fraction of the price.
“Designed in Germany and produced in China, it has a seven-inch touch screen that can be connected via wifi to download recipes for free. And like any device connected to the network, it is susceptible to being hacked. That is precisely what two techies have done, who have disemboweled the robot and discovered important security and privacy issues. The device has a small microphone and a speaker and, in addition, is equipped with Android 6.0, a version that is not updated since October 2017.”
The articles quotes Lidl’s ED of marketing in France to say: “The supermarket chain defended itself arguing that they had foreseen that ‘the device could be controlled by voice and eventually by Alexa, we left the micro, but it is totally inactive and it is impossible to activate it remotely’”.
So what we see here is an undisclosed microphone in a blender, and a machine running an outdated, long insecure OS version. On their website, the manufacturer doesn’t even acknowledge the issue, let alone address it meaningfully. Instead they just set the product to “sold out” in their online shop, which seems a dubious claim at best. It’s a really instructive case study for the field of product development for connected products and IoT in general. Should be (and might become!) mandatory reading for students.
When I first tweeted about this, I claimed — somewhat over-excitedly — that it’s shoddy practice to keep too many feature options open for the future, that this was a main attack vector. I think it’s not totally off, but I want to thank Jeff Katz (always helpful & well informed: a rare, excellent mix of characteristics indeed!) for correcting me and keeping me honest when he pointed out that it’s normal, even good practice in hardware products to put in all the enabling technologies if you have the intention to use it, but you need to be transparent: “The fuckup was not disclosing that it was there, at all (…) Being opaque and shipping old software is far more common an attack vector.” Which is a good point, well made ?
As someone who spent a lot of time and too much money on connected speakers specifically so they would be not Alexa-ready (read: we wanted microphone free speakers), I always find it a little traumatizing to learn about all the embedded mics. But I’m not going to lie: this feels like a losing battle at the moment.
Microphones at the street level
Ok, a strained segue if ever there was one, but here you have it. Brain still in heat meltdown mode! The Globe and Mail covers Sidewalk Labs’ new development plan for the Toronto waterfront they’d like to develop. Spoiler alert: This poster child of smart city development has become the lightning rod for all the opponents of smart cities. They’re facing a lot of push back. (For the record: Rightly so, in my opinion.)
The author identifies multiple issues, from the very concrete to the very meta: Apparently the 1.500+ page document doesn’t answer the big picture questions of what Sidewalk Labs wants in Toronto: What do they really offer, what do they ask for in return?
“It’s remarkable that, after 20 months of public presentations, lobbying and “consultations” by the company – a process that gave it access to public officials that other real estate companies never get – I still don’t know, really, what [Sidewalk Labs chief executive] Doctoroff means.”
Also, given that this is an Alphabet company — and I’d like to stress both Alphabet as the lead actor as well as company as the underlying economic model — the question of handling data is front and center:
“Questions of data privacy and of the economic benefits of neighbourhood-scale data are exceptionally difficult to answer here.”
Smart city scholar (and critic) Anthony Townsend takes it a step further in this direction:
“Data governance has been a lightning rod because its new and scary. Early on, Sidewalk put more energy into figuring out how the robot trash chutes would work than how to control data it and others would collect in the proposed district. As part of Alphabet, you’d think this would have been a source of unique added value versus say, a conventional development. Not so? (…)”
Zooming out, he also wonders if the old narrative of attracting big businesses to boost the local economy for all, sustainably, might have run its course:
“The kinds of companies that want to set up shop in cities, today, the flagships of “surveillance capitalism” as Shoshanna Zuboff calls it, no longer operate like the industrial engines of the past. They source talent and services from all over the world, wherever its cheapest. Being near a big population is more useful because it supports a big airport, than because it provides a big pool of workers. (…) Google, Amazon, and their ilk are more like knowledge blackholes. Ideas and talent go in and they don’t come up, at least in a form usable to others. Seen another way?— it is precisely their ability to contain knowledge spillovers that has powered their success.”
And mayors go along with it, for now, because desperation, digging their own holes deeper and deeper:
“Economic development in cities today is a lot like hunting whales. Mayors try to land big deals that promise lots of jobs. They wield extensive tools, explicitly designed to operate outside of local legislative control, to make the needed concessions to outbid other cities. It’s in many ways a race to the bottom. They all hate it, but they do it.”
I have no answers to any of this. All I can offer is a few pointers that might lead to better approaches over time:
Put citizens first, administrations second, and vendors a distant third
Participatory practices and decision making are key here, and not window dressing
Together, they just might allow us to shift perspective enough to strengthen rather than erode democracy in our cities and beyond.
Currently “reading” with minimal progress: How to Do Nothing in the Attention Economy (Jenny Odell), Exhalations (Ted Chiang), Netter is Better (Thomas Hermann)
If you’d like to work with me in the upcoming months, I have very limited availability, so let’s have a chat!
Next week, before heading off on a summer break, will be the season finale for this newsletter, before picking back up after the summer. In the meantime, it’s a week of crunch time to get everything to a place where I can leave and the teams I’m working with have what they need from me. So, heads down, and onward.
Have a lovely end of the week!
Know someone who might enjoy this newsletter or benefit from it? A shout out to tinyletter.com/pbihr or a forward is appreciated!
This month: Mozfest, a Digital Rights Cities Coalition, Trustable Technology Mark updates, ThingsCon Rotterdam.
If you’d like to work with me in the upcoming months, I have very limited availability but am always happy to have a chat. I’m currently doing the planning for Q2 2019.
Mozfest came and went, and was lovely as always. It was the 9th Mozfest, 8 or so of which I participated in — all the way back to the proto (or prototyping?) Mozfest event called Drumbeat in Barcelona in, what, 2010? But no time for nostalgia, it was bustling as always. The two things that were different for me that one, I participated as a Mozilla Fellow, which means a different quality of engagement and two, M and I brought the little one, so we had a toddler in tow. Which I’m delighted to say worked a charm!
A Digital Rights Cities Coalition
At Mozfest, the smart and ever lovely Meghan McDermott (see her Mozilla Fellows profile here) hosted a small invite-only workshop to formalize a Digital Rights Cities Coalition — a coalition of cities and civil society to protect, foster, promote digital rights in cities. I was both delighted and honored to be part of this space, and we’ll continue working together on related issues. The hope is that my work with ThingsCon and the Trustable Technology Mark can inform and contribute value to that conversation.
Trustable Technology Mark
The Trustable Technology Mark is hurtling towards the official launch at a good clip. After last month’s workshop weekend at Casa Jasmina, I just hosted a Trustmark session at Mozfest. It was a good opportunity to have new folks take a look at the concept with fresh eyes. I’m happy to report that I walked away with some new contacts and leads, some solid feedback, and an overall sense that at least for the obvious points of potential criticism that present themselves at first glance there are solid answers now as to why this way and not that, etc etc.
Courtesy Dietrich, a photo of me just before kicking off the session wearing a neighboring privacy booth’s stick-on mustache.
Also, more policy and academic partners signing on, which is a great sign, and more leads to companies coming in who want to apply for the Trustmark.
Next steps for the coming weeks: Finalize and freeze the assessment form, launch a website, line up more academic and commercial partners, reach out to other initiatives in the space, finalize trademarks (all ongoing), reach out to press, plan launch (starting to prep these two).
The current assessment form asks a total of 48 questions over 5 dimensions, with a total of 29 required YES’s. Here’s the most up-to-date presentation:
Early bird is just about to end (?), and we’re about to finalize the program. It’s going to be an absolute blast. I’ll arrive happily (if probably somewhat bleary eyed after a 4am start that day) in Rotterdam to talk Trustable Technology and ethical tech, we’ll have a Trustmark launch party of some sort, we’ll launch a new website (before or right there and then), and we’ve been lining up a group of speakers so amazing I’m humbled even just listing it:
Alexandra Deschamps-Sonsino, Cennydd Bowles, Eric Bezzem, Laura James, Lorenzo Romanoli, Nathalie Kane, Peter Bihr, Afzal Mangal, Albrecht Kurze, Andrea Krajewski, Anthony Liekens, Chris Adams, Danielle Roberts, Dries De Roeck, Elisa Giaccardi, Ellis Bartholomeus, Gaspard Bos, Gerd Kortuem, Holly Robbins, Isabel Ordonez, Kars Alfrink, Klaas Kuitenbrouwer, Janjoost Jullens, Ko Nakatsu, Leonardo Amico, Maaike Harbers, Maria Luce Lupetti, Martijn de Waal, Martina Huynh, Max Krüger, Nazli Cila, Pieter Diepenmaat, Ron Evans, Sami Niemelä, Simon Höher, Sjef van Gaalen.
Now, 5 years into ThingsCon, the need for responsible technology has entered the mainstream debate. We need ethical technology, but how? With the lines between IoT, AI, machine learning and algorithmic decision-making increasingly blurring it’s time to offer better approaches to the challenges of the 21st century: Don’t complain, suggest what’s better! In this spirit, going forward we will focus on exploring how connected devices can be made better, more responsible and more respectful of fundamental human rights.
At ThingsCon, we gather the finest practitioners; thinkers & tinkerers, thought leaders & researchers, designers & developers to discuss and show how we can make IoT work for everyone rather than a few, and build trustable and responsible connected technology.
In the UK magazine NET I wrote an op-ed about Restoring Trust in Emerging Tech. It’s in the November 2018 issue, out now – alas, I believe, print only.
Trips to Brussels, Rotterdam, NYC to discuss a European digital agenda, launch a Trustmark, co-host ThingsCon, translate Trustmark principles for the smart city context, prep a US-based ThingsCon conference.
If you’d like to work with me in the upcoming months, I have very limited availability but am always happy to have a chat. I’m currently doing the planning for Q2 2019.
Lots of travel and a brief time off means a combined summer-ish edition of month notes for June & July. A lot has happened over the last 8 or so weeks, so let’s dive right in. In no particular order…
Trustable Technology mark
The ThingsCon trustmark for IoT has a name, finally! Meet the Trustable Technology mark, or #trustabletech for short. The URL (trustabletech.com) still forwards to the trustmark page on ThingsCon.com, but will have its own place soon. The most current version of the explainer presentation is up on Slideshare:
What’s more, I’m not alone in this endeavor—far from it! More and more folks from the ThingsCon network have been giving their input, which is priceless. Also, Pete Thomas (University of Dundee) has been taking the design lead and been a great sparring partner on strategy questions, and Jason Schultz (NYU Law) has been thinking about legal and policy implications. A big thank you to Pete & Jason! I’m super excited this is moving along at such a clip.
I got to join a whole bunch of things those last few weeks.
I thoroughly enjoyed both a workshop on IoT security and market surveillance by Stiftung Neue Verantwortung, where we discussed all things certification, incentives and assessment frameworks; and the always fascinating Museum of the Future workshop in Berlin. I’d been to one in Amsterdam before, and even though I’m spoiled by greatly curated events, the group that Noah & team convene in this context is humbling and fascinating and the only thing I wished is that I could have been there full time, which this time alas wasn’t possible.
In between the two I got to go to New York City for meetings and a quick swing-by at Data & Society, as well as Toronto for the Mozilla Foundation’s all-hands where I was kindly invited to participate as a fellow. Speaking of committed & warm & driven groups!
After that, some family time in the Pacific Northwest, and a short vacation, which included a little road trip through the Cascades. What a stunning & wonderful region!
On one hand I’m gearing up the planning for fall. If you’d like to work with me in the upcoming months, I have very limited availability but am always happy to have a chat.
On the other I’m pretty much heads-down to get the trustmark to the next level. This includes the nitty gritty work of both improving the trustmark assessment tool, and of lining up launch partners. It also means planning a little road show to expose this idea to more eyes and ears, including ThingsCon Salon Cologne, Mozfest, ThingsCon Amsterdam, and a few other events in between. We’re also in the middle of copy-editing the upcoming 2018 issue of the ThingsCon report “The State of Responsible IoT” (#RIoT). More on that soon.
And if you read German, I started a column over on Netzpiloten.de with a piece on risks and chances of IoT, and the role a trustmark has to play: Das IoT—Gefahren und Chancen im Internet of Things. (Full disclosure: I was project lead at Netzpiloten from 2007 to 2010, and Dearsouvenir GmbH is a joint venture between The Waving Cat GmbH and Netzpiloten AG.)
And last but not least, my co-fellows Julia Kloiber, Jon Rogers and I are also listed in the Mozilla Fellowship directory—Mozilla supports the development of the trustmark through my fellowship. (Full disclosure: My partner works for Mozilla.)
Also, ThingsCon is part of an EU grant proposal consortium which required a lot of paperwork. (That’s a good sign, right?)
We also had two ThingsCon Salons in Germany and some more action over in the Netherlands, both of which are easier to follow over on ThingsCon.com.
Between these things and lots and lots of research and conversations that will be shaping the development of the trustmark for the next few months, April was pretty packed.
I’ll be heading to Antwerp for a ThingsCon Salon and a workshop with Dries de Roeck tomorrow, and to first NYC then Toronto in June for conferences and meetings.
If you’d like to work with me in the upcoming months, I have very limited availability but happy to have a chat.
And on that note, I’m off for a last round of calls and off to the airport in the morning.
We’re headed for a social media winter. I think we’re arriving in the post-social media era. It’s going to be interesting to see what’s next. My money is on small, private groups (think Whatsapp chats).
Less formal media: For somewhat more off-the-cuff, more personal takes and pointers come join my semi-personal newsletter, Connection Problem.
More formal media: For the first time in a long time, I have some things to advocate for (responsible IoT, trustmarks, etc.) and a story to tell. So I’m looking to improve my media presence beyond the occasional, fairly random interview or article. Still figuring out how to best go about it. Any pointers are welcome!
If you’d like to work with me in the upcoming months, please get in touch.