New report: A Trustmark for IoT


Summary: For Mozilla, we explored the potentials and challenges of a trustmark for the Internet of Things (IoT). That research is now publicly available. You can find more background and all the relevant links at thewavingcat.com/iot-trustmark

If you follow our work both over at ThingsCon and here at The Waving Cat, you know that we see lots of potential for the Internet of Things (IoT) to create value and improve lives, but also some serious challenges. One of the core challenges is that it’s hard for consumers to figure out which IoT products and services are good—which ones are designed responsibly, which ones deserve their trust. After all, too often IoT devices are essentially black boxes that are hard interrogate and that might change with the next over-the-air software update.

So, what to do? One concept I’ve grown increasingly fond of is consumer labeling as we know from food, textiles, and other areas. But for IoT, that’s not simple. The networked, data-driven, and dynamic nature of IoT means that the complexity is high, and even seemingly simple questions can lead to surprisingly complex answers. Still, I think there’s huge potential there to make huge impact.

I was very happy when Mozilla picked up on that idea and commissioned us to explore the potential of consumer labels. Mozilla just made that report publicly available:

Read the report: “A Trustmark for IoT” (PDF, 93 pages)

I’m excited to see where Mozilla might take the IoT trustmark and hope we can continue to explore this topic.

Increasingly, in order to have agency over their lives, users need to be able to make informed decisions about the IoT devices they invite into their lives. A trustmark for IoT can significantly empower users to do just that.

For more background, the executive summary, and all the relevant links, head on over to thewavingcat.com/iot-trustmark.

Also, I’d like to extend a big thank you! to the experts whose insights contributed to this reports through conversations online and offline, public and in private:

Alaisdair Allan (freelance consultant and author), Alexandra Deschamps-Sonsino (Designswarm, IoT London, #iotmark), Ame Elliott (Simply Secure), Boris Adryan (Zu?hlke Engineering), Claire Rowland (UX designer and author), David Ascher, David Li (Shenzhen Open Innovation Lab), Dries de Roeck (Studio Dott), Emma Lilliestam (Security researcher), Geoffrey MacDougall (Consumer Reports), Ge?rald Santucci (European Commission), Holly Robbins (Just Things Foundation), Iskander Smit (info.nl, Just Things Foundation), Jan-Peter Kleinhans (Stiftung Neue Verantwortung), Jason Schultz (NYU), Jeff Katz (Geeny), Jon Rogers (Mozilla Open IoT Studio), Laura James (Doteveryone, Digital Life Collective), Malavika Jayaram (Berkman Klein Center, Digital Asia Hub), Marcel Schouwenaar (Just Things Foundation, The Incredible Machine), Matt Biddulph (Thington), Michelle Thorne (Mozilla Open IoT Studio), Max Kru?ger (ThingsCon), Ronaldo Lemos (ITS Rio), Rosie Burbidge (Fox Williams), Simon Ho?her (ThingsCon), Solana Larsen (Mozilla), Stefan Ferber (Bosch Software Innovation), Thomas Amberg (Yaler), Ugo Vallauri (The Restart Project), Usman Haque (Thingful, #iotmark). Also and especially I’d like to thank the larger ThingsCon and London #iotmark communities for sharing their insights.

Defining an #iotmark for consumers


A long over-due blog post, I wanted to share some thoughts on the recent #iotmark event that Alexandra Deschamps-Sonsino and Usman Haque convened in London as a follow-up to the 2012 Open IoT Assembly (which produced this Open IoT Definition).

Most importantly (spoiler alert!) the #iotmark is a work in progress. You can follow along and/or contribute here.


Consumer trust and the Internet of Things

Why is it important to talk about IoT and a label, certification, or trustmark? Because in IoT, it’s really hard for consumers to make an informed decision on which products and services to trust.

Partially this is because implications of anything are hard to gauge in the context of connected, data-driven systems. Partially it’s because the categories of IoT products aren’t fully matured yet and it’s not always clear what to expect from one thing over the other. But also, there’s a lot more going on under the hood that makes it nearly impossible to tell quality work from crap.

A shiny box could be built with top security processes in place by a trustworthy organization, or it could be slapped together haphazardly by a scammer. How would you know!

As a starting point, inspired by a conversation at the event, I made this 4-quadrant test:

Trust and expectations in IoT by The Waving Cat/Peter Bihr

This group of 40-50 participants went hard at it with lots of intense and super interesting conversations. IoT is a huge space, and the challenges are manifold and real.

The range of challenges (and hence, opportunities to tackle) include digital rights, transparency, data protection & privacy, innovation, security & safety, reparability and maintenance, business models, literacy, policy, and many more.

Different schools of thoughts: Purists versus Pragmatists

An aspect I found particularly interesting was the different schools of thought present—pretty much what Venkatesh Rao refers to as Purists versus Pragmatists.

I’m painting with a very broad brush here, but you could tell two underlying approaches to solving these very real issues:

  • Part of the group aimed for a purist approach: Aim high, and stick with the high goals. In terms of labeling, this would manifest in a desire to see a strongly backed, third party audited, highly trustworthy and credible certification of sorts.
  • The pragmatists on the other hand were guided by not letting the better be the enemy of the good. Their approach tended towards a more bottom-up, decentralized, organic label based on self-declarations that might get more widely adopted because it requires less overhead and hence would have a lower barrier to entry.

When collaboratively editing the first draft of the #iotmark doc, we broke Google Docs.

While I tend to be a little partial here and lean a little more towards the pragmatic side of things, I fully see why both sides have strong points in their favor. In a context like this, where there’s no golden path that’s guaranteed to work, it boils down to a philosophical question.

Will this get traction?

So where will this go? It’s hard to say yet, but we’re motivated to make it happen one way or another. (I’m involved on a voluntary basis by heading the governance working group together with Laura James.)

The interest is certainly there, as is promising precedence as you’ll see below: Stacey Higginbotham just covered the #iotmark on her (excellent!) blog, staceyoniot.com.

And we know that informal, ad-hoc gatherings can have a real impact. Decisions are made by those who show up! Steffen Ferber was a participant in the 2012 Open IoT Assembly, and he shared the story of how he introduced the Open IoT Definition we signed back then at Bosch.

Now, 5 years later, this impacts Bosch’s work in the space. (If the images in the embed below don’t load, just click through to the tweets.)

To me this is a great reminder and gives me a lot of hope: This type of work might not always seem glamorous and sometimes it’s hard to tell if it has an impact. But often that’s just because it unfolds its impact silently, in the background, and only much later the effect becomes visible.

A nice side effect of Bosch using the Open IoT Definition principles we laid out in 2012 is, by the way, that their products are now all pretty much automatically compatible with the GDPR, Europe’s new data protection regulation. Another case that illustrates that good ethics are good business!

I’m looking forward to continuing the very hands-on work on the #iotmark. Hopefully we can move it to a launch-able v1.0 shortly.

In the meantime, I’m also doing more research into the overall landscape and most promising approaches to an IoT trustmark, and how it might be developed and deployed for maximum positive impact.

It’s a good time to put a label on IoT for sure.

Two new reports out now! The State of Responsible IoT & View Source Shenzhen


We’ve had the great opportunity to do a lot of research these last few months, and it’s super nice to be able to share the results: Two new reports are out this month—one in fact went live just today!

The State of Responsible IoT

The ThingsCon report The State of Responsible IoT is a collection of essays by experts from the inter-disciplinary ThingsCon community of IoT practitioners. It explores the challenges, opportunities and questions surrounding the creation of a responsible & human-centric Internet of Things (IoT).

For your convenience you can read it on Medium or download a PDF.

View Source: Shenzhen

We went to Shenzhen to explore opportunities for collaboration between European Internet of Things practitioners and the Shenzhen hardware ecosystem—and how to promote the creation of a responsible Internet of Things.

Download View Source: Shenzhen as a as a PDF (16MB) or read it on Medium.

An index of smart home projects


We’re trying to build a list of smart home/connected home/IoT in the home projects to share publicly, for free.

We’d like to get this as comprehensive as possible, so it should include anything from grassroots, DIY efforts of home automation to big tech company efforts; as well as “meta” level analysis around the topics, ie. relevant books, research projects, and the like.

Thank you for your input!

Smart Cities: The next frontier for IoT


Note: This text was written and planned for publication in September 2015. While it wasn’t published at the time and some bits and pieces seem a little dated by now, I felt there’s still enough relevance here to publish it now. Enjoy!

As the Internet of Things (IoT) expands into more and more parts of our lives, one big focal point for IoT is the smart city. Since the majority of the population lives in cities and we cannot opt out of our urban environments, this makes it the next frontier for IoT, digital rights and innovation.

Understanding the connected city

What makes a smart city? What’s the smartest city in the world? The connected city is a surprisingly hard-to-define construct: There is a very small number of “pure play” smart cities – planned cities built from scratch – that everyone would agree are smart, like Abu Dhabi’s Masdar City. But do they count as real cities if they have no history and hardly a population? There are smart city services, like real-time public transport data: How many of these does it take to make a city officially “smart”? How does the population factor into it?

I believe that the current focus on the city-level might counter-intuively get in the way of our thinking. So let’s step away from the implementation level of a city wide integrated sensor network with a connected city data dashboard. I’m increasingly convinced that the trick is to tackle the understanding of connected cities from two sides:

  1. Zoom in to a more granular level where instead of looking at the city-level we can focus on individual projects, initiatives and programs that work with city data of any sort. This more open approach means we can count and analyze a wider range of projects from real-time public transport to networks of DIY air quality sensors or open source smart meters. Based on this we could rank cities based on their smartness, or maybe smart-readiness. Some not-yet-public research I’ve been involved in shows promising results: Imagine a large catalog of smart city(ish) projects that can be sliced and diced based on region, scale, funding sources, or impact.

  2. Then zoom out to the systemic level that doesn’t just consider the physical manifestation of the city, but it’s governance, administration, and citizenry. A large part of what makes a city smart isn’t its infrastructure (the strong focus on the technology angle is misleading), it’s the social impact of how we make that infrastructure work for its citizens. This means we need to look at how to prepare local governments and administrations, an area where NGOs like Code for America have been doing great work, and it means making sure that citizens know how to participate. After all, the overarching goal of a connected city should be to empower its citizens – so smart citizens are the true key to a smart city.

Smart cities need citizen-centric design

The way we discuss connected cities today is heavily framed through the lens of efficiency based on gathering data. This is no coincidence: The main drivers of the debate today are technology vendors who have been selling solutions for the industrial context like smart factories and connected logistics chain. It is only natural that the same vendors would try to solve urban challenges through large-scale implementations of their sensors, networks and infrastructure: If you have a hammer, everything looks like a nail.

However, for the context of a heavily urbanized society this model might not be the best. Smart cities researcher and critic Adam Greenfield goes even further, calling the efficiency-focused model of the connected city “the least interesting and the most problematic” given that rich urban live depends on serendipity as much as efficient delivery of services. Algorithms should augment, not replace political processes like resource allocation.

Maybe even more importantly, history has shown that complex, massively integrated computational systems are fraught with issues. If we turn a city into a giant centralized computer, we might create infrastructure that is brittle rather than resilient: “Smart cities are almost guaranteed to be chock full of bugs, from smart toilets and faucets that won’t operate to public screens sporting Microsoft’s ominous Blue Screen of Death”, fears smart city advocate Anthony Townsend.

These doomsday scenarios are easily avoided, though, if we focus on how to put humans in the center. The open data/open government and civic tech movements advocate for urban services that are citizen-centric and focus on real-world needs. This allows to build resilient cities. In their academic and policy research, Susan Crawford and Stephen Goldsmith speak of the responsive city: A city that focuses on its citizens needs and molds itself based on changing needs through technology and data. In other words, the city is a platform for its stakeholders – citizens and businesses alike.

Shaping the connected city

As Lawrence Lessig famously stated, code is law. The code we run our smart city on governs urban life. So it’s crucial to ensure that this code isn’t just fit for prime time in the sense of quality control, but also that we make the right choice for how and what kind of code is implemented in the first place. This is less of a technical than a policy question, and governments around the world are thinking hard about it.

Recently I co-authored a report on connected cities my colleague and ethics professor Dr. Christoph Bieber for the German government. The question: How to think smart cities with a strong focus on the citizens’ perspective. We found we have great historic precedence to inform solutions for the challenges ahead: The key to unlocking connected cities are the design principles – the protocols – that helped build the internet in its early days: Openness, decentralized architecture, bottom-up innovation, and Postel’s law (the so-called robustness principle).

In other words, we can build the city as a platform that is decentralized, open source, and hackable; That empowers citizens and enables private enterprises to innovate; And that is especially responsive and resilient through inclusivity, diversity, peer-review, and human-centric design.

Understanding the Connected Home: Etiquette


This blog post is an excerpt from Understanding the Connected Home, an ongoing exploration on the implications of connectivity on our living spaces. The whole collection is available as a (free) ebook: Understanding the Connected Home: Thoughts on living in tomorrow’s connected home

Being a house guest and host in a connected home will of course in many ways be similar to how humans have socialized for centuries.

But there will also be aspects that are new, or that need to be negotiated. What might that look like?


Launching TheConnectedHome.org


Over last few weeks I’ve been publishing a series of posts around connectivity and the home (Understanding the Connected Home).

Cover: Understanding the connected homeToday we’re taking this to the next level. Michelle and I teamed up for a book sprint, and after a full week in the word mines of writing, we’re proud to present…

TheConnectedHome.org: Thoughts on living in tomorrow’s connected home.

It’s a collection of essays – a v0.9 book so to speak – and a research pool for future work. We’ll continue to write it in the open, via Github/Gitbook and licenced under Creative Commons (by-nc), so it’s largely free to remix and re-use. It’s also a work in progress, so be gentle for now.

Feedback’s more than welcome! And if you’d like to get involved, ping one of us. Enjoy!

Click here to jump on over to TheConnectedHome.org!