Tech, Trust, Transparency: The Trustable Tech Mark
By Peter Bihr
The ThingsCon report The State of Responsible IoT is an annual collection of essays by experts from the ThingsCon community. With the Riot Report 2018 we want to investigate the current state of responsible IoT. In this report we explore observations, questions, concerns and hopes from practitioners and researchers alike. The authors share the challenges and opportunities they perceive right now for the development of an IoT that serves us all, based on their experiences in the field. The report presents a variety of differing opinions and experiences across the technological, regional, social, philosophical domains the IoT touches upon. You can read all essays as a Medium publication and learn more at thingscon.com.
Tech has a trust issue. It’s the year 2018. We live in a world post-Snowden, post-Cambridge Analytica, post-scandal after scandal of security and data and privacy breaches. The overly optimistic, gung-ho, maybe even naive tech optimism that reigned supreme until the mid-2000s has served its time for now. This is particularly palpable in the space of IoT: Adding microphones, cameras and an internet connection to everyday objects has a way of making people think just that little bit harder about their privacy. I like to think this isn’t necessarily a bad thing but a great opportunity.
“Let’s be clear: none of our instincts will guide us in our approach to the next normal.” — Adam Greenfield, Radical Technologies
In his book Radical Technologies, Adam Greenfield points out that networked technology changes the way we interact with our world, and that it does so in ways that are often pervasive, invisible, unintuitive. If our instincts cannot guide us, that makes it all the more important that connected devices are designed and built responsibly: They need to ship and function with respect for users, and their rights, privacy, and everyday context. They need to be better and more responsibly than most connected products are today.
Within the ThingsCon community, we’ve been advocating for better design and data practices since day one. If ever there was a time to put our thinking into action, it is now.
Enter the Trustable Technology mark.
The Trustable Technology Mark
The Trustable Technology mark is our attempt to establish a consumer trustmark for the Internet of Things (IoT). It’s one of ThingsCon’s core initiatives this year (and hopefully for some years to come), and made possible with support from the Mozilla Foundation, who invited me to join as a Mozilla Fellow for the year.
Consumers don’t currently have the tools to find out which connected products are trustworthy. What’s more, there are companies out there who go out of their way to build responsible products that respect their users’s privacy and rights, but they don’t have an effective way of communicating their commitment. Here’s huge potential for a trustmark for IoT.
After doing extensive research, we’re convinced that a trustmark can address these issues meaningfully.
We believe that trust is holistic, systemic in nature: An insular focus on exclusively security or only privacy won’t do. However, because of the hybrid nature of IoT products — hardware, software (on-device) and service (often server or cloud based) there are some tricky aspects to external audits that we haven’t seen solved anywhere yet. So we went a different route.
Trust is always earned, never given. — Proverb
We’re designing an self-assessment tool that allows companies to evaluate where their product meets or doesn’t meet our trust requirements. This tool can also serve as a guideline for designing better and more trustworthy products in the future. It’s all openly licensed and free to use, forever.
The self-assessment tool — which also doubles as the application form — guides the company through a series of questions. The company ultimately decides if they are confident to clear the bar, and if they do, they submit their assessment as an application. Our experts review the answers and check for obvious gaps, or follow up for clarification. Once both the company and our reviewers give their go, the self-assessment is published in full: It’s a public commitment that their practices match these answers. It’s part of the certification requirements that the full assessment is published under an open license for everyone to peruse.
What does the self-assessment look like? Concretely, imagine a questionnaire that consists of simple but tough YES/NO questions. A YES counts towards the success, a NO counts against. A NOT APPLICABLE (N/A) won’t be scored. For every answer we highly encourage an explainer paragraph what this means in this specific context. This sounds more complicated than it is; it is a really simple, straightforward process.
Our initial testing shows that those companies who already put in the effort find it easy and quick to answer these questions, and the ones who don’t tend to struggle. So we’re confident it works fairly robustly.
What are we looking at?
We identified 5 dimensions that we believe are relevant to anyone inviting a connected device into their lives:
- Security
- Privacy & Data Practices
- Openness
- Transparency
- Stability
The first four are largely self-explanatory, the fifth requires a bit of context. Think of stability as an indicator of robustness and longevity: Will the product still work if the company goes belly-up or switches off their servers? Is there an exit strategy to keep the products working after an acquisition? Does the company commit to software and security updates to make sure the device can be safely used for a few years after the initial sale?
Our initial research has shown that this approach can be quite powerful: While the questions are simple, they do cut deep. Answering them requires a level of commitment to openness and transparency that comes easy only to those companies who do the right thing anyway, and will be nearly impossible who those who don’t.
Consider this example from the security section of the self-assessment tool:
- What is the core functionality of this product? Please explain the core functionality of your product.
- Are there any other features or functionalities outside the core functionality? Please explain why the choice was made to include this feature or functionality.
- Which non-core (non-essential) features could be enabled in the future? Please explain why the choice was made to potentially enable this feature or functionality in the future.
This series of three question aims to determine the risk to security through feature creep, because any non-essential feature might open new security holes. These questions all need to be considered during the design process; we’ve heard multiple times that product owners and designers might in fact find it useful to be forced to be explicit about these decisions internally. The questions are also simple enough to answer, but also incredibly hard. Not only do you have to be clear on the one thing your product tries to do well, but also give a clear glimpse into your decision making. Finally, the question about the product development roadmap exists to ensure transparency about the potential for features (and security risks) that could be enabled through the next software update: If there’s a microphone in the device that isn’t required as part of the core feature set, this is the time to disclose it.
The beginnings of an ecosystem
The trustmark can stand by itself, and it would provide significant value. However, we hope that there will be more to it. We envision a whole ecosystem to grow around the trustmark. We’re building the self-assessment and the trustmark that derives from it. When designing them we did so with third party services in mind.
It’s all build on open licenses so that the published documentation (the results of the self-assessments) can be aggregated, analyzed, made accessible or sliced and diced in any kind of way we can’t even think of now. How about an app? A shopping guide? A ranking of the most privacy-respecting toys?
We also think there’s potentially a whole small but healthy opportunity for advisors to get companies “trustmark ready”. This could happen commercially or through volunteers. The fantastic network that our friends of the UK-based OpenIoTMark (whose excellent design principles we’ve also integrated into the Trustable Technology mark) has been building for that purpose seems like an obvious great fit. If you’re a startup in need of security advice, this is where you can find an expert who’s willing to engage.
Open questions & what’s next?
In an issue as complex as IoT certification, the devil is in the details. So we’re in the nitty-gritty of testing and further prototyping the self-assessment tool. We do that by talking to companies who help us test the trustmark process, and by hosting workshops with experts in the field. We’re figuring out the best way to make the trustmark legally binding, and of figuring out questions around governance. We’re lining up commercial and academic partners so that we have a strong alliance once we’re ready to launch.
We’ve started to speaking about the trustmark more publicly at meetups and conferences to expose the idea to more eyes, ears, and minds: The quality of feedback has been astounding, and the level of interest shows just how needed (and timely!) this initiative is.
I’m convinced that we can make a significant contribution towards a more trustworthy Internet of Things. One trustmark and product at a time.
You can learn more about ThingsCon on thingscon.com and about the Trustable Technology mark at trustabletech.com.
If you or your organization would like to be involved in the trustmark initiative in some way, please get in touch.
I’d like to thank the ThingsCon community for all the input. Mozilla Foundation for all of their support through my fellowship. And I’d particularly like to thank Pete Thomas and Jason Schultz. Pete (of University of Dundee) has taken the lead in the branding and design of the mark, and been an excellent sparring partner in strategic questions. Jason (of NYU Law) has been exploring legal and policy implications of the Trustable Tech mark.
Peter Bihr co-founded ThingsCon, a global community & event platform that fosters the creation of a responsible Internet of Things. In 2018, Peter is a Mozilla Fellow. He also is the founder and managing director of The Waving Cat, a boutique digital strategy, research & foresight company. We explore the impact of emerging technologies — like Internet of Things (IoT) and artificial intelligence — and how your organization can harness them effectively. Interested in working together? Let’s have a chat.
ThingsCon is a global community & event platform for IoT practitioners. Our mission is to foster the creation of a human-centric & responsible Internet of Things (IoT). With our events, research, publications and other initiatives — like the Trustable Tech mark for IoT — we aim to provide practitioners with an open environment for reflection & collaborative action. Learn more at thingscon.com
This text is licensed under Creative Commons (attribution/non-commercial/share-alike: CC BY-NC-SA). Images are provided by the author and used with permission. Please reference the author’s or the authors’ name(s).
Full disclosure: Peter’s partner works for the Mozilla Foundation.
