Tagresearch

Trustmarks, trustmarks, trustmarks

T

This article is part of 20in20, a series of 20 blog posts in 20 days to kick off the blogging year 2020. This is 20in20:08.

A couple of years ago, with ThingsCon and support from Mozilla, we launched a trustmark for IoT: The Trustable Technology Mark.

While launching and growing the Trustable Technology Mark hasn’t been easy and we’re currently reviewing our setup, we learned a lot during the research and implementation phase. So occasionally, others will ping us for some input on their own research journey. And since we learned what we learned, to a large degree, from others who generously shared their insights and time with us while we did our own initial research (Alex, Laura, JP: You’re all my heroes!), we’re happy to share what we’ve learned, too. After all, we all want the same thing: Technology that’s responsibly made and respects our rights.

So I’m delighted to see that one of those inputs we had the opportunity to give led to an excellent report on trustmarks for digital technology published by NGI Forward: Digital Trustmarks (PDF).

It’s summarized well on Nesta’s website, too: A trustmark for the internet?

The report gives a comprehensive look at why a trustmark for digital technology is very much needed, where the challenges and opportunities lie, and it offers pathways worth exploring.

Special thanks to author Hessy Elliott for the generous acknowledgements, too.

Cost-benefit analysis, Data-Driven Infrastructure edition

C

This article is part of 20in20, a series of 20 blog posts in 20 days to kick off the blogging year 2020. This is 20in20:04.

It’s a common approach for making (business, policy…) decision by performing a cost-benefit analysis of some sort. Sometimes this is done via a rigorous process, sometimes it’s ballparked — and depending on the context, that’s OK.

One thing is pretty constant: In a cost-benefit analysis you traditionally work on the basis of reasonably expected costs and reasonably expected benefits. If the benefits outweigh the costs, green light.

Now, I’d argue that for data-driven infrastructure(-ish) projects, we need to set a higher bar.

By data-driven infrastructure I mean infrastructure(ish) things like digital platforms, smart city projects, etc. that collect data, process data, feed into or serve as AI or algorithmic decision-making (ADM) systems, etc. This may increasingly include what’s traditionally included under the umbrella of critical infrastructure but extends well beyond.

For this type of data-driven infrastructure (DDI), we need a different balance. Or, maybe even better, we need a more thorough understanding of what can be reasonably expected.

I argue that for DDI, guaranteed improvement must outweigh the worst case scenario risks.

If the last decade has shown us anything, it’s that data-driven infrastructure will be abused to its full potential.

From criminals to commercial and governmental actors, from legitimate and rogue, if there is valuable data then we’ll see strong interests in this honey pot of data. Hence, we need to assume at least some of those actors will get access to it. So whatever could happen when they do — which would differ dramatically depending on which types or which combination of types of actors does, obviously — is what we have to factor in. Also, the opportunity cost and expertise drain and newly introduced dependencies that come with vendor lock-in.

All of this — that level of failure — should be the new “reasonable” expectation on the cost side.

But in order to make semantic capture of the term “reasonable” a little bit harder, I’m proposing to be very explicit about what we mean by this:

So instead of “Let’s compare what happens if things go kinda-sorta OK on the benefit side and only go kinda-sorta wrong on the cost side”, let’s say “the absolutely guaranteed improvements on the benefit side must significantly outweigh the worst case failure modes on the costs side.”

For DDI, let’s work with aggressive-pessimistic scenarios for the costs/risk side, and conservative scenarios for the benefit side. The more critical the infrastructure, the more thorough we need to be.

That should make for a much more interesting debate, and certainly for more insightful scenario planning.

Edgeryders: My fellowship is a wrap

E

Earlier this year, Nadia E. kindly invited me to join Edgeryders (ER) as a fellow to do independent research as part of their Internet of Humans program. From June to December 2019 I was an ER fellow and had the opportunity to work with the lovely John Coate & Nadia, and the fantastic team and community there at ER.

This fellowship gave me that little extra wriggle room and a mandate to do independent research into smart cities and policy — read: how to approach smart city policy so that it works better for citizens. This allowed me to do a lot of extra reading, writing (for example, about smart city governance and a smart city model founded on restraint) and speaking, and it informed my work with foundations, think tanks, and policy makers during that time, too.

On the ER platform, there’s a very active community of people who’re willing to invest time and energy in debate. It allowed me to gather a bunch of valuable feedback on early ideas and thoughts.

As part of my fellowship, I also had the opportunity to do a number of interviews. John interviewed me to kick things off on the Edgeryders platform, and I interviewed a few smart folks like Jon Rogers, Ester Fritsch, Marcel Schouwenaar and Michelle Thorne (disclosure: my partner), all of whom do interesting and highly relevant work around responsible emerging tech: In many ways, their work helps me frame my own thinking, and the way it’s adjacent to my work helps me find the boundaries of what I focus on. If this list seems like it’s a list of long-time collaborators, that’s no coincidence but by design: Part of how ER works is by integrating existing networks and amplifying them. So fellows are encouraged to bring in their existing networks.

Some of these interviews are online already, as are some reflections on them:

The others will be cleaned up and online soon.

My fellowship technically ended a couple of days ago, but I’m planning to stay part of the ER community. Huge thanks to the whole community there, to the team, and especially to Nadia and John.

New ThingsCon Report: The State of Responsible IoT 2018

N

State of Responsible IoT 2018 header

A quick cross-post from the ThingsCon blog about a report we’ve been working on and that we just pushed online: The State of Responsible IoT 2018

A lot has happened since we published the first ThingsCon State of Responsible IoT report in 2017: Responsibility and ethics in tech have begun to enter mainstream conversations, and these conversations are having an effect. The media, tech companies, and policy makers all are rethinking the effect of technology on society.

The lines between the Internet of Things (IoT), algorithmic decision-making, Artificial Intelligence/Machine Learning (AI/ML), and data-driven services are all ever-more blurry. We can’t discuss one without considering the others. That’s not a bad thing, it just adds complexity. The 21st century one for black and white thinking: It’s messy, complex, quickly evolving, and a time where simple answers won’t do.

It is all the more important to consider the implications, to make sure that all the new data-driven systems we’ll see deployed across our physical and digital environments work well—not just for the users but for all who are impacted.

Things have evolved and matured in big strides since our last State of Responsible IoT. This year’s report reflects that evolution, as well as the enormous breadth and depth of the debate. We couldn’t be happier with the result.

Some background as well as all the relevant links are available at thingscon.com/responsible-iot-report/ or using the short URL bit.ly/riot-report. The publication is available on Medium and as a PDF export.

This text is meant for sharing. The report is published by ThingsCon e.V. and licensed under Creative Commons (attribution/non-commercial/share-alike: CC BY-NC-SA). Images are provided by the author and used with permission. All rights lie with the individual authors. Please reference the author(s) when referencing any part of this report.

IoT & AI in the context of media studies

I

At the invitation of Prof. Sven Engesser at Technical University Dresden, I had the pleasure of presenting to the master students of applied media studies.

The presentation below gives you an idea of the outline of the talk:

It’s great to see that communication science/media studies tackle IoT and human-computer interfaces as a field of research. I was impressed with the level of thinking and questions from the group. The discussion was lively, on point, and there were none of the obvious questions. Instead, the students probed the pretty complex issues surrounding IoT, AI, and algorithmic decision making in the context of communications and communication science.

It’s part of the master program, and of Prof. Engesser’s new role as professor there, to also set up a lab to study how smart home assistants and other voice-enabled connected devices impact the way we communicate at home—both with other people and with machines.

It’ll be interesting to watch the lab’s progress and findings, and I hope we’ll find ways to collaborate on some of these questions.

New report: A Trustmark for IoT

N

Summary: For Mozilla, we explored the potentials and challenges of a trustmark for the Internet of Things (IoT). That research is now publicly available. You can find more background and all the relevant links at thewavingcat.com/iot-trustmark

If you follow our work both over at ThingsCon and here at The Waving Cat, you know that we see lots of potential for the Internet of Things (IoT) to create value and improve lives, but also some serious challenges. One of the core challenges is that it’s hard for consumers to figure out which IoT products and services are good—which ones are designed responsibly, which ones deserve their trust. After all, too often IoT devices are essentially black boxes that are hard interrogate and that might change with the next over-the-air software update.

So, what to do? One concept I’ve grown increasingly fond of is consumer labeling as we know from food, textiles, and other areas. But for IoT, that’s not simple. The networked, data-driven, and dynamic nature of IoT means that the complexity is high, and even seemingly simple questions can lead to surprisingly complex answers. Still, I think there’s huge potential there to make huge impact.

I was very happy when Mozilla picked up on that idea and commissioned us to explore the potential of consumer labels. Mozilla just made that report publicly available:

Read the report: “A Trustmark for IoT” (PDF, 93 pages)

I’m excited to see where Mozilla might take the IoT trustmark and hope we can continue to explore this topic.

Increasingly, in order to have agency over their lives, users need to be able to make informed decisions about the IoT devices they invite into their lives. A trustmark for IoT can significantly empower users to do just that.

For more background, the executive summary, and all the relevant links, head on over to thewavingcat.com/iot-trustmark.

Also, I’d like to extend a big thank you! to the experts whose insights contributed to this reports through conversations online and offline, public and in private:

Alaisdair Allan (freelance consultant and author), Alexandra Deschamps-Sonsino (Designswarm, IoT London, #iotmark), Ame Elliott (Simply Secure), Boris Adryan (Zu?hlke Engineering), Claire Rowland (UX designer and author), David Ascher, David Li (Shenzhen Open Innovation Lab), Dries de Roeck (Studio Dott), Emma Lilliestam (Security researcher), Geoffrey MacDougall (Consumer Reports), Ge?rald Santucci (European Commission), Holly Robbins (Just Things Foundation), Iskander Smit (info.nl, Just Things Foundation), Jan-Peter Kleinhans (Stiftung Neue Verantwortung), Jason Schultz (NYU), Jeff Katz (Geeny), Jon Rogers (Mozilla Open IoT Studio), Laura James (Doteveryone, Digital Life Collective), Malavika Jayaram (Berkman Klein Center, Digital Asia Hub), Marcel Schouwenaar (Just Things Foundation, The Incredible Machine), Matt Biddulph (Thington), Michelle Thorne (Mozilla Open IoT Studio), Max Kru?ger (ThingsCon), Ronaldo Lemos (ITS Rio), Rosie Burbidge (Fox Williams), Simon Ho?her (ThingsCon), Solana Larsen (Mozilla), Stefan Ferber (Bosch Software Innovation), Thomas Amberg (Yaler), Ugo Vallauri (The Restart Project), Usman Haque (Thingful, #iotmark). Also and especially I’d like to thank the larger ThingsCon and London #iotmark communities for sharing their insights.

Defining an #iotmark for consumers

D

A long over-due blog post, I wanted to share some thoughts on the recent #iotmark event that Alexandra Deschamps-Sonsino and Usman Haque convened in London as a follow-up to the 2012 Open IoT Assembly (which produced this Open IoT Definition).

Most importantly (spoiler alert!) the #iotmark is a work in progress. You can follow along and/or contribute here.

///

Consumer trust and the Internet of Things

Why is it important to talk about IoT and a label, certification, or trustmark? Because in IoT, it’s really hard for consumers to make an informed decision on which products and services to trust.

Partially this is because implications of anything are hard to gauge in the context of connected, data-driven systems. Partially it’s because the categories of IoT products aren’t fully matured yet and it’s not always clear what to expect from one thing over the other. But also, there’s a lot more going on under the hood that makes it nearly impossible to tell quality work from crap.

A shiny box could be built with top security processes in place by a trustworthy organization, or it could be slapped together haphazardly by a scammer. How would you know!

As a starting point, inspired by a conversation at the event, I made this 4-quadrant test:


Trust and expectations in IoT by The Waving Cat/Peter Bihr

This group of 40-50 participants went hard at it with lots of intense and super interesting conversations. IoT is a huge space, and the challenges are manifold and real.

The range of challenges (and hence, opportunities to tackle) include digital rights, transparency, data protection & privacy, innovation, security & safety, reparability and maintenance, business models, literacy, policy, and many more.

Different schools of thoughts: Purists versus Pragmatists

An aspect I found particularly interesting was the different schools of thought present—pretty much what Venkatesh Rao refers to as Purists versus Pragmatists.

I’m painting with a very broad brush here, but you could tell two underlying approaches to solving these very real issues:

  • Part of the group aimed for a purist approach: Aim high, and stick with the high goals. In terms of labeling, this would manifest in a desire to see a strongly backed, third party audited, highly trustworthy and credible certification of sorts.
  • The pragmatists on the other hand were guided by not letting the better be the enemy of the good. Their approach tended towards a more bottom-up, decentralized, organic label based on self-declarations that might get more widely adopted because it requires less overhead and hence would have a lower barrier to entry.


When collaboratively editing the first draft of the #iotmark doc, we broke Google Docs.

While I tend to be a little partial here and lean a little more towards the pragmatic side of things, I fully see why both sides have strong points in their favor. In a context like this, where there’s no golden path that’s guaranteed to work, it boils down to a philosophical question.

Will this get traction?

So where will this go? It’s hard to say yet, but we’re motivated to make it happen one way or another. (I’m involved on a voluntary basis by heading the governance working group together with Laura James.)

The interest is certainly there, as is promising precedence as you’ll see below: Stacey Higginbotham just covered the #iotmark on her (excellent!) blog, staceyoniot.com.

And we know that informal, ad-hoc gatherings can have a real impact. Decisions are made by those who show up! Steffen Ferber was a participant in the 2012 Open IoT Assembly, and he shared the story of how he introduced the Open IoT Definition we signed back then at Bosch.

Now, 5 years later, this impacts Bosch’s work in the space. (If the images in the embed below don’t load, just click through to the tweets.)

To me this is a great reminder and gives me a lot of hope: This type of work might not always seem glamorous and sometimes it’s hard to tell if it has an impact. But often that’s just because it unfolds its impact silently, in the background, and only much later the effect becomes visible.

A nice side effect of Bosch using the Open IoT Definition principles we laid out in 2012 is, by the way, that their products are now all pretty much automatically compatible with the GDPR, Europe’s new data protection regulation. Another case that illustrates that good ethics are good business!

I’m looking forward to continuing the very hands-on work on the #iotmark. Hopefully we can move it to a launch-able v1.0 shortly.

In the meantime, I’m also doing more research into the overall landscape and most promising approaches to an IoT trustmark, and how it might be developed and deployed for maximum positive impact.

It’s a good time to put a label on IoT for sure.