Tagtrustmark

Monthnotes for January 2018

M

January isn’t quite over, but since I’ll be traveling starting this weekend, I wanted to drop these #monthnotes now. A lot of time this month went into prepping an upcoming project which is likely to take up the majority of my time in 2018. More on that soon.

×

Capacity planning: This year my work capacity is slightly reduced since I want to make sure to give our new family member the face time he deserves. That said, this year’s capacity is largely accounted for, which is extra nice given it’s just January, and it’s for a thing I’m genuinely excited about. That said, I think it’s important to work on a few things in parallel because there’s always potential that unfolds from cross-pollination; so I’m up for a small number of not-huge projects in addition to what’s already going on, particularly in the first half of the year. Get in touch.

×

On Sunday, I’m off to San Francisco for a work week with the good folks at Mozilla because reasons and a number of meetings in the Bay Area. (Full disclosure: my partner works at Mozilla). Last year I’ve done some work with Mozilla and ThingsCon exploring the idea of a trustmark for IoT (our findings).

Image: commons (SDASM Archives)

Should you be in SF next week, ping me and we can see if we can manage a coffee.

×

IoT, trust & voice: More and more, I’m coming around to the idea that voice is the most important—or at least most imminent—manifestation of IoT regarding user data. Voice, and how it relates to trust, is what I’ll be focusing on a lot of my work in 2018.

×

User profiling in smart homes: Given my focus on voice & trust in IoT this year, I was very happy that Berlin tech & policy think tank Stiftung Neue Verantwortung invited me to a workshop on user profiling in smart homes. It was all Chatham House rules and I don’t want to dive into specifics at this point, but smart homes and voice assistants are worth a deep dive when it comes to trust—and trustworthiness—in IoT.

Connected homes and smart cities

Not least because (as I’ve been hammering home for a long time) the connected home and the smart city are two areas that most clearly manifest a lot of the underlying tensions and issues around IoT at scale: Connected homes, because traditionally the home was considered a private space (that is, if you look at the last 100 years in the West), and embedded microphones in smart homes means it’s not anymore. And smart cities, because in public space there is no opt-out: Whatever data is collected, processed, and acted on in public space impacts all citizens, if they want it or not. These are fundamental changes with far reaching consequences for policy, governance, and democracy.

×

Worth your time: A few pointers to articles and presentations I found worthwhile:

  • Kate Crawford’s talk on bias in AI training data is ace: The Trouble with Bias [Youtube].
  • TechCrunch has a bit of a top-level explainer of GDPR, Europe’s General Data Protection Regulation that goes into effect in May this year. It’s being widely lauded in Europe (except by the usual suspects, like ad-land), and been unsurprisingly criticized in Silicon Valley as disruptive regulation. (See what I did there?) So it came as a pleasant surprise to me that TechCrunch of all places finds GDPR to be a net positive. Worth 10 minutes of your time! [TechCrunch: WTF is GDPR?]
  • noyb.eu—My Privacy is none of your Business: Max Schrems, who became well-known in European privacy circles after winning privacy-related legal battles including one against Facebook and one that brought down the US/EU Safe Harbor Agreement, is launching a non-profit: They aim to enforce European privacy protection through collective enforcement, which is now an option because of GDPR. They’re fundraising for the org. The website looks crappy as hell very basic, but I’d say it’s a legit endeavor and certainly an interesting one.

×

Writing & thinking:

  • In How to build a responsible Internet of Things I lay out a few basic, top-level principles distilled from years of analyzing the IoT space—again with an eye on consumer trust.
  • On Business Models & Incentives: Some thoughts on how picking the wrong business model—and hence creating harmful incentives for an organization to potentially act against its own customers—is dangerous and can be avoided.
  • I’ve been really enjoying putting together my weekly newsletter together. It’s a little more personal and interest-driven than this blog, but tackles similar issues of the interplay between tech & society. It’s called Connection Problem. You can sign up here.

I was also very happy that Kai Brach, founder of the excellent Offscreen magazine kindly invited me to contribute to the next issue (out in April). The current one is also highly recommended!

×

Again, if you’d like to work with me in the upcoming months, please get in touch quickly so we can figure out how best to work together.

×

That’s it for January. See you in Feb!

New report: A Trustmark for IoT

N

Summary: For Mozilla, we explored the potentials and challenges of a trustmark for the Internet of Things (IoT). That research is now publicly available. You can find more background and all the relevant links at thewavingcat.com/iot-trustmark

If you follow our work both over at ThingsCon and here at The Waving Cat, you know that we see lots of potential for the Internet of Things (IoT) to create value and improve lives, but also some serious challenges. One of the core challenges is that it’s hard for consumers to figure out which IoT products and services are good—which ones are designed responsibly, which ones deserve their trust. After all, too often IoT devices are essentially black boxes that are hard interrogate and that might change with the next over-the-air software update.

So, what to do? One concept I’ve grown increasingly fond of is consumer labeling as we know from food, textiles, and other areas. But for IoT, that’s not simple. The networked, data-driven, and dynamic nature of IoT means that the complexity is high, and even seemingly simple questions can lead to surprisingly complex answers. Still, I think there’s huge potential there to make huge impact.

I was very happy when Mozilla picked up on that idea and commissioned us to explore the potential of consumer labels. Mozilla just made that report publicly available:

Read the report: “A Trustmark for IoT” (PDF, 93 pages)

I’m excited to see where Mozilla might take the IoT trustmark and hope we can continue to explore this topic.

Increasingly, in order to have agency over their lives, users need to be able to make informed decisions about the IoT devices they invite into their lives. A trustmark for IoT can significantly empower users to do just that.

For more background, the executive summary, and all the relevant links, head on over to thewavingcat.com/iot-trustmark.

Also, I’d like to extend a big thank you! to the experts whose insights contributed to this reports through conversations online and offline, public and in private:

Alaisdair Allan (freelance consultant and author), Alexandra Deschamps-Sonsino (Designswarm, IoT London, #iotmark), Ame Elliott (Simply Secure), Boris Adryan (Zu?hlke Engineering), Claire Rowland (UX designer and author), David Ascher, David Li (Shenzhen Open Innovation Lab), Dries de Roeck (Studio Dott), Emma Lilliestam (Security researcher), Geoffrey MacDougall (Consumer Reports), Ge?rald Santucci (European Commission), Holly Robbins (Just Things Foundation), Iskander Smit (info.nl, Just Things Foundation), Jan-Peter Kleinhans (Stiftung Neue Verantwortung), Jason Schultz (NYU), Jeff Katz (Geeny), Jon Rogers (Mozilla Open IoT Studio), Laura James (Doteveryone, Digital Life Collective), Malavika Jayaram (Berkman Klein Center, Digital Asia Hub), Marcel Schouwenaar (Just Things Foundation, The Incredible Machine), Matt Biddulph (Thington), Michelle Thorne (Mozilla Open IoT Studio), Max Kru?ger (ThingsCon), Ronaldo Lemos (ITS Rio), Rosie Burbidge (Fox Williams), Simon Ho?her (ThingsCon), Solana Larsen (Mozilla), Stefan Ferber (Bosch Software Innovation), Thomas Amberg (Yaler), Ugo Vallauri (The Restart Project), Usman Haque (Thingful, #iotmark). Also and especially I’d like to thank the larger ThingsCon and London #iotmark communities for sharing their insights.

Netzpolitik13: Das Internet der Dinge: Rechte, Regulierung & Spannungsfelder

N

My slides from Das ist Netzpolitik (Berlin, 1. September 2017). Title: “Das Internet der Dinge: Rechte, Regulierung & Spannungsfelder“.

Vom Hobby-Basteln bis hin zur Smart City: Das Internet of Things (#IoT) hat zunehmend Berührungspunkte mit allen Bereichen unseres Lebens. Aber wer bestimmt was erlaubt ist, was mit unseren Daten passiert, und ob es OK ist, unter die Haube zu gucken? IoT sitzt an der Schnittstelle vieler Technologie-, Governance- und Regulierungsbereiche—und schafft dadurch gleich eine ganze Reihe von Spannungsfeldern.

Due to technical issues with the video projection, my slides weren’t shown for the first few minutes. Apologies. On the plus side, the organizers had kindly put a waving cat on the podium for me. ?

It’s a rare talk in that I gave it in German, something I’m hardly used to these days.

In it, I argue that IoT poses a number of particular challenges that we need to address (incl. the level of complexity and blurred lines across disciplines and expertise; power dynamics; and transparency). I outline inherent tensions and propose a few approaches on how to tackle them, especially around increasing transparency and legibility of IoT products.

I conclude with a call for Europe to actively take a global leadership role in the area of consumer and data protection, analog to Silicon Valley’s (claimed/perceived) leadership in disruptive innovation as well as funding/scaling of digital products, and to Shenzhen’s hardware manufacturing leadership.

Netzpolitik has an extensive write-up in German.

Update: Netzpolitik also recorded an interview with me: Regulierung und Datenschutz im Internet der Dinge.

Defining an #iotmark for consumers

D

A long over-due blog post, I wanted to share some thoughts on the recent #iotmark event that Alexandra Deschamps-Sonsino and Usman Haque convened in London as a follow-up to the 2012 Open IoT Assembly (which produced this Open IoT Definition).

Most importantly (spoiler alert!) the #iotmark is a work in progress. You can follow along and/or contribute here.

///

Consumer trust and the Internet of Things

Why is it important to talk about IoT and a label, certification, or trustmark? Because in IoT, it’s really hard for consumers to make an informed decision on which products and services to trust.

Partially this is because implications of anything are hard to gauge in the context of connected, data-driven systems. Partially it’s because the categories of IoT products aren’t fully matured yet and it’s not always clear what to expect from one thing over the other. But also, there’s a lot more going on under the hood that makes it nearly impossible to tell quality work from crap.

A shiny box could be built with top security processes in place by a trustworthy organization, or it could be slapped together haphazardly by a scammer. How would you know!

As a starting point, inspired by a conversation at the event, I made this 4-quadrant test:


Trust and expectations in IoT by The Waving Cat/Peter Bihr

This group of 40-50 participants went hard at it with lots of intense and super interesting conversations. IoT is a huge space, and the challenges are manifold and real.

The range of challenges (and hence, opportunities to tackle) include digital rights, transparency, data protection & privacy, innovation, security & safety, reparability and maintenance, business models, literacy, policy, and many more.

Different schools of thoughts: Purists versus Pragmatists

An aspect I found particularly interesting was the different schools of thought present—pretty much what Venkatesh Rao refers to as Purists versus Pragmatists.

I’m painting with a very broad brush here, but you could tell two underlying approaches to solving these very real issues:

  • Part of the group aimed for a purist approach: Aim high, and stick with the high goals. In terms of labeling, this would manifest in a desire to see a strongly backed, third party audited, highly trustworthy and credible certification of sorts.
  • The pragmatists on the other hand were guided by not letting the better be the enemy of the good. Their approach tended towards a more bottom-up, decentralized, organic label based on self-declarations that might get more widely adopted because it requires less overhead and hence would have a lower barrier to entry.


When collaboratively editing the first draft of the #iotmark doc, we broke Google Docs.

While I tend to be a little partial here and lean a little more towards the pragmatic side of things, I fully see why both sides have strong points in their favor. In a context like this, where there’s no golden path that’s guaranteed to work, it boils down to a philosophical question.

Will this get traction?

So where will this go? It’s hard to say yet, but we’re motivated to make it happen one way or another. (I’m involved on a voluntary basis by heading the governance working group together with Laura James.)

The interest is certainly there, as is promising precedence as you’ll see below: Stacey Higginbotham just covered the #iotmark on her (excellent!) blog, staceyoniot.com.

And we know that informal, ad-hoc gatherings can have a real impact. Decisions are made by those who show up! Steffen Ferber was a participant in the 2012 Open IoT Assembly, and he shared the story of how he introduced the Open IoT Definition we signed back then at Bosch.

Now, 5 years later, this impacts Bosch’s work in the space. (If the images in the embed below don’t load, just click through to the tweets.)

To me this is a great reminder and gives me a lot of hope: This type of work might not always seem glamorous and sometimes it’s hard to tell if it has an impact. But often that’s just because it unfolds its impact silently, in the background, and only much later the effect becomes visible.

A nice side effect of Bosch using the Open IoT Definition principles we laid out in 2012 is, by the way, that their products are now all pretty much automatically compatible with the GDPR, Europe’s new data protection regulation. Another case that illustrates that good ethics are good business!

I’m looking forward to continuing the very hands-on work on the #iotmark. Hopefully we can move it to a launch-able v1.0 shortly.

In the meantime, I’m also doing more research into the overall landscape and most promising approaches to an IoT trustmark, and how it might be developed and deployed for maximum positive impact.

It’s a good time to put a label on IoT for sure.