SlideShare a Scribd company logo

Towards a Trustmark for IoT (April 2018)

Peter Bihr
Peter Bihr

Peter Bihr is developing a trustmark for IoT devices as a Mozilla IoT Fellow. The trustmark aims to increase transparency and empower consumers to make informed decisions about connected products. It will evaluate IoT devices on 5 dimensions - privacy & data practices, transparency, security, openness, and sustainability. Compliance is determined by companies publicly documenting how their products meet standards in each dimension. The trustmark is pledge-based and decentralized, with the goal of raising industry standards for responsible and human-centric IoT development. The first prototype will focus on voice-enabled IoT devices.

Related slideshows

Understanding Emerging Technology - Blockchain
Understanding Emerging Technology - BlockchainUnderstanding Emerging Technology - Blockchain
Understanding Emerging Technology - Blockchain
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
 
8 reasons you need a strategy for managing information...before it's too late
8 reasons you need a strategy for managing information...before it's too late8 reasons you need a strategy for managing information...before it's too late
8 reasons you need a strategy for managing information...before it's too late
 
1 of 36
Download to read offline
Fostering the creation of a responsible & human-centric Internet of Things Towards a Trustmark for IoT This work is created as part of a Mozilla’s IoT Fellowship
First things first: Who’s behind this?
Peter Bihr The Waving Cat: Managing Director Research, strategy, foresight for commercial, governmental & non-profit organizations. ThingsCon: Co-founder, Chairman A global community of IoT practitioners with the mission to foster the creation of a responsible & human-centric IoT. Mozilla: Fellow As a Mozilla IoT Fellow, I’ll be developing a trustmark for IoT. The prototype will focus on voice-enabled IoT. Contact Email: peter@thewavingcat.com Twitter: @peterbihr Web: thingscon.com Web: thewavingcat.com Web: peterbihr.com
A Trustmark for IoT I co-founded the ThingsCon network to explore how to create IoT products responsibly. This, and the research that led to our research report for Mozilla (“A Trustmark for IoT”), led me to pursue this project—within the ThingsCon network and with support from Mozilla through a Mozilla IoT Fellowship. Please note: This project is supported by but independent from Mozilla—I do not speak for Mozilla. Read the report at thingscon.com/iot-trustmark
For a human-centric & responsible Internet of Things A global community & event platform by and for IoT practitioners thingscon.com
Our theory of change: Change is made through better day-to-day decisions
IoT - an overview & why we need a trustmark TL;DR: The Internet of Things increasingly touches all aspects of our lives, but mostly it consists of black boxes. We need to make sure that we can trust them. Note: The next few slides will elaborate on this. If you’re familiar with IoT, feel free to skip to the next section.
Source: The Waving Cat The term Internet of Things (IoT) covers a wide field of applications
The term Internet of Things (IoT) covers a wide field of applications
Images: Stephen die Donato, Andrew Welch Connected Home Smart
 City Two areas which manifest underlying issues of IoT Challenges our traditional notions of privacy* * In the West, in the last 150 years or so In public space, there is no opt-out (of data collection, urban analytics, etc.)
IoT lacks transparency The Internet of Things with its dizzying array of connected products and services is hard to navigate. Consumers have little insight into what any one connected product does, what it even might be capable of, or if the company employs good, responsible data practices. This is not an oversight on the consumers' side: We lack the tools to find out.
Quelle: The Waving Cat A simple litmus test: 4 questions that we should be able to answer for every connected device. But for connected products, these are very hard questions to answer.
Photo: Peter Bi hr We need to model less for efficiency and more for resilience. One part of that is increasing transparency of connected systems.
A Trustmark for IoT Concept draft. Feedback welcome!
Methodological notes This trustmark concept is based on three main pillars: The values we believe in and promote within ThingsCon, namely the creation of a responsible IoT, respect for users and their privacy and other rights, inclusivity and diversity, and openness. The research we published with the 2017 report “A Trustmark for IoT” of existing approaches to consumer protection labels, trustmarks, and certifications. Conversations within the ThingsCon community of IoT practitioners, as well as throughout the industry in my other role as managing director of a research & strategy firm.
Goals The trustmark we’re proposing is aspirational and aims to raise the bar at the top of the pyramid: This is modeled not just to filter out crap but to raise the overall bar of the conversation, and to show that IoT can be done respectfully & responsibly. Let me be clear: This is a work driven by values, not pragmatism—because I believe this needs to exist in order to get to a better IoT, and a better society. We believe that good ethics are good for business. This is also the angle we’ll take when pitching the trustmark to potential industry partners. Read my first thoughts on the trustmark on medium.com
thingscon.com/iot-trustmark Early feedback & successes Our 2017 trustmark research has received great feedback and reach. Among other things it was quoted extensively in Brazil’s National IoT Plan. Now we want to put our research into action.
Why? To recap, we need a trustmark for IoT… • to empower consumers to make informed decisions. • to allow for responsible organizations to clearly communicate their commitment to a higher standard.
What We’re proposing a trustmark for IoT that increases transparency and empowers consumers to make better decisions. This trustmark… • evaluates 5 key dimensions • is pledge-based • builds on verification through publicly available documentation • (mostly) decentralized The prototype phase will focus on voice-enabled IoT (smart speakers, etc.) Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
Dimensions The trustmark evaluates compliance with 5 dimensions that we identified in our initial research* as most crucial for consumers: • Privacy & Data Practices • Transparency • Security • Openness • Sustainability Icon: Lock by Ralf Schmitzer from the Noun Project (CC) *See A Trustmark for IoT (2017), p. 56
Pledge-based The trustmark is based on voluntary commitment: it’s pledge-based. Why? • As a rule of thumb, (more costly) certification based on third-party audits tend to provide higher credibility. But we believe that our approach of transparency through documentation offers both carrot (USP) and stick (public shaming). • Certification requires a level of centralization we aim to avoid. (Exception: We might need a governing body of sorts at a later stage.) • Lightweight and easy to adopt beats hard verification for our purposes. The notable exception is security, where we rely heavily on external certification as indicators (the trustmark as an indicator of indicators). Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
Verification through documentation The trustmark should convey at a glance the level of trustworthiness and allow to get more detailed information to back this up. The approach of "self-assessed but verifiable" opens up trustmark-carrying products to public scrutiny in a similar way that open source software can be peer reviewed. Compliance with the trustmark is proven by providing publicly available documentation to answer (in a structured way) the questions that determine a product's compliance. A company is required to make this information available and easily accessible/findable on their website (/iot-trustmark or comparable, details TBD). Why? • While we cannot enforce that all information provided this way is accurate, the stick (scrutiny and risk of public shaming/campaigning) outweighs the advantages of faking compliance. • In the meantime it's significantly easier, cheaper, and quicker to provide this kind of documentation over an external audit. Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
Decentralized The documentation and pledge based approach also means the trustmark is largely decentralized: Application to and of this trustmark is done by each company independently from a centralized authority. (We are looking into options to make this legally binding through a licensing model.) Applying the trustmark will always be free of charge. Eventually we’ll need a governance system. For the purposes of prototyping, I’ll be making final decisions based on input from research, workshops, and the ThingsCon network in particular. Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
The foundations of an ecosystem The knowledge encoded in this trustmark—through documentation, etc.—serves as the foundation of what we hope to be a larger ecosystem. The trustmark documentation shall be provided in a standardized form to allow for third parties to offer services on top of this foundation, like editorials, ratings & reviews. Note: This is our goal; year 1 serves to learn and prototype, and to develop the concept to a stage of maturity that gets this launch-ready. Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
How We plan the trustmark to evaluate a product’s compliance through a scorecard or checklist of questions to be answered and documents to be provided. Each of them feeds into one of the five dimensions: 5 dimensions x 5 compliance points for a possible total of 25 points. Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
Inputs, processes, outputs The trustmark will evaluate a mix of • Inputs: What goes into making a product? 
 In the textile world, Bluesign is a trustmark that demonstrates that an apparel manufacturer uses sustainable, eco-friendly materials • Processes: How is a product made?
 Fairtrade with their strong focus on sustainable farming practices and good labor conditions • Outputs: What is the product like when it’s finished?
 CE certification confirms that the final product fulfills certain EU quality and safety requirements
How: Example questions We’re drafting the checklist of questions to answer, and documents to provide to pass the trustmark. We expect a mix of types of input: • Third-party certifications and standards can serve as an indicator of quality. For example, if a company open-sources their hardware according to OSHWA’s guidelines, this might count into the openness score. If a product is GDPR compatible (and hence guarantees data portability as well as privacy by design) this might count into the privacy score. We expect third-party certifications to be especially relevant for the security score. • First-party indicators, i.e. questions answered directly by the company. For example, “Do you follow Security by Design best practices? Please elaborate.” or “Do you have a business model in place that carries you beyond investments? Please elaborate.” Some of this will be fuzzy. We’ll be prototyping how to allow for that. Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
Scoring The passing requirements are to fulfill two conditions: • No complete FAIL (0 points) in any dimension • At least 20/25 points total Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
Example This examples FAILS the test: • It does not score 20/25 points. Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
Example This examples FAILS the test: • A complete failure (0 points) in one dimension (Security). Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
Example This examples PASSES the test: • It scores 20/25 points total. • No dimension fails (0 points) Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
Example This examples PASSES the test: • It scores >20/25 points total. • No dimension fails (0 points) Note: It’s still up for debate if the requirement is • “≥20/25” or • “minimum 4/5 per dimension” Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
Open questions & next steps • What aspects need to be evaluated through the checklist/ questionnaire (template for documentation)? • Is there a way to make a pledge legally binding, and if so: What does it take to make it so? • Should using the trustmark be tied to “hard stick” conditions, ie. fines, and if so how could they be enforced? • Gather feedback, run prototyping sessions, and fine-tune the concept.
Mood board What could the trustmark look like, and how can it communicate levels of trustworthiness effectively? Some examples from other projects we liked in our research: FCC Broadband Labels Creative Commons licensing Bihr/Thorne: Privacy Icons Beyond IO: Washing instructions for IoT Adryan: Data Labels
Pathways to partnerships & participation This is a project in an early stage. We’re looking in a number of areas. Particularly we’re looking for… • academic partners to accompany the development of this trustmark • bold commercial partners to help us prototype our requirements list against their existing or upcoming products • non-profit and media partners who can help us understand what they need in order to build third-party offerings on top of a trustmark Please get in touch if you’d like to get involved.
Thank you. The Waving Cat GmbH Twitter @thewavingcat Web thewavingcat.com Peter Bihr Twitter @peterbihr Email peter@thewavingcat.com Contact ThingsCon Twitter @thingscon Web thingscon.com

More Related Content

Towards a Trustmark for IoT (April 2018)

  • 1. Fostering the creation of a responsible & human-centric Internet of Things Towards a Trustmark for IoT This work is created as part of a Mozilla’s IoT Fellowship
  • 3. Peter Bihr The Waving Cat: Managing Director Research, strategy, foresight for commercial, governmental & non-profit organizations. ThingsCon: Co-founder, Chairman A global community of IoT practitioners with the mission to foster the creation of a responsible & human-centric IoT. Mozilla: Fellow As a Mozilla IoT Fellow, I’ll be developing a trustmark for IoT. The prototype will focus on voice-enabled IoT. Contact Email: peter@thewavingcat.com Twitter: @peterbihr Web: thingscon.com Web: thewavingcat.com Web: peterbihr.com
  • 4. A Trustmark for IoT I co-founded the ThingsCon network to explore how to create IoT products responsibly. This, and the research that led to our research report for Mozilla (“A Trustmark for IoT”), led me to pursue this project—within the ThingsCon network and with support from Mozilla through a Mozilla IoT Fellowship. Please note: This project is supported by but independent from Mozilla—I do not speak for Mozilla. Read the report at thingscon.com/iot-trustmark
  • 5. For a human-centric & responsible Internet of Things A global community & event platform by and for IoT practitioners thingscon.com
  • 6. Our theory of change: Change is made through better day-to-day decisions
  • 7. IoT - an overview & why we need a trustmark TL;DR: The Internet of Things increasingly touches all aspects of our lives, but mostly it consists of black boxes. We need to make sure that we can trust them. Note: The next few slides will elaborate on this. If you’re familiar with IoT, feel free to skip to the next section.
  • 8. Source: The Waving Cat The term Internet of Things (IoT) covers a wide field of applications
  • 9. The term Internet of Things (IoT) covers a wide field of applications
  • 10. Images: Stephen die Donato, Andrew Welch Connected Home Smart
 City Two areas which manifest underlying issues of IoT Challenges our traditional notions of privacy* * In the West, in the last 150 years or so In public space, there is no opt-out (of data collection, urban analytics, etc.)
  • 11. IoT lacks transparency The Internet of Things with its dizzying array of connected products and services is hard to navigate. Consumers have little insight into what any one connected product does, what it even might be capable of, or if the company employs good, responsible data practices. This is not an oversight on the consumers' side: We lack the tools to find out.
  • 12. Quelle: The Waving Cat A simple litmus test: 4 questions that we should be able to answer for every connected device. But for connected products, these are very hard questions to answer.
  • 13. Photo: Peter Bi hr We need to model less for efficiency and more for resilience. One part of that is increasing transparency of connected systems.
  • 14. A Trustmark for IoT Concept draft. Feedback welcome!
  • 15. Methodological notes This trustmark concept is based on three main pillars: The values we believe in and promote within ThingsCon, namely the creation of a responsible IoT, respect for users and their privacy and other rights, inclusivity and diversity, and openness. The research we published with the 2017 report “A Trustmark for IoT” of existing approaches to consumer protection labels, trustmarks, and certifications. Conversations within the ThingsCon community of IoT practitioners, as well as throughout the industry in my other role as managing director of a research & strategy firm.
  • 16. Goals The trustmark we’re proposing is aspirational and aims to raise the bar at the top of the pyramid: This is modeled not just to filter out crap but to raise the overall bar of the conversation, and to show that IoT can be done respectfully & responsibly. Let me be clear: This is a work driven by values, not pragmatism—because I believe this needs to exist in order to get to a better IoT, and a better society. We believe that good ethics are good for business. This is also the angle we’ll take when pitching the trustmark to potential industry partners. Read my first thoughts on the trustmark on medium.com
  • 17. thingscon.com/iot-trustmark Early feedback & successes Our 2017 trustmark research has received great feedback and reach. Among other things it was quoted extensively in Brazil’s National IoT Plan. Now we want to put our research into action.
  • 18. Why? To recap, we need a trustmark for IoT… • to empower consumers to make informed decisions. • to allow for responsible organizations to clearly communicate their commitment to a higher standard.
  • 19. What We’re proposing a trustmark for IoT that increases transparency and empowers consumers to make better decisions. This trustmark… • evaluates 5 key dimensions • is pledge-based • builds on verification through publicly available documentation • (mostly) decentralized The prototype phase will focus on voice-enabled IoT (smart speakers, etc.) Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
  • 20. Dimensions The trustmark evaluates compliance with 5 dimensions that we identified in our initial research* as most crucial for consumers: • Privacy & Data Practices • Transparency • Security • Openness • Sustainability Icon: Lock by Ralf Schmitzer from the Noun Project (CC) *See A Trustmark for IoT (2017), p. 56
  • 21. Pledge-based The trustmark is based on voluntary commitment: it’s pledge-based. Why? • As a rule of thumb, (more costly) certification based on third-party audits tend to provide higher credibility. But we believe that our approach of transparency through documentation offers both carrot (USP) and stick (public shaming). • Certification requires a level of centralization we aim to avoid. (Exception: We might need a governing body of sorts at a later stage.) • Lightweight and easy to adopt beats hard verification for our purposes. The notable exception is security, where we rely heavily on external certification as indicators (the trustmark as an indicator of indicators). Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
  • 22. Verification through documentation The trustmark should convey at a glance the level of trustworthiness and allow to get more detailed information to back this up. The approach of "self-assessed but verifiable" opens up trustmark-carrying products to public scrutiny in a similar way that open source software can be peer reviewed. Compliance with the trustmark is proven by providing publicly available documentation to answer (in a structured way) the questions that determine a product's compliance. A company is required to make this information available and easily accessible/findable on their website (/iot-trustmark or comparable, details TBD). Why? • While we cannot enforce that all information provided this way is accurate, the stick (scrutiny and risk of public shaming/campaigning) outweighs the advantages of faking compliance. • In the meantime it's significantly easier, cheaper, and quicker to provide this kind of documentation over an external audit. Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
  • 23. Decentralized The documentation and pledge based approach also means the trustmark is largely decentralized: Application to and of this trustmark is done by each company independently from a centralized authority. (We are looking into options to make this legally binding through a licensing model.) Applying the trustmark will always be free of charge. Eventually we’ll need a governance system. For the purposes of prototyping, I’ll be making final decisions based on input from research, workshops, and the ThingsCon network in particular. Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
  • 24. The foundations of an ecosystem The knowledge encoded in this trustmark—through documentation, etc.—serves as the foundation of what we hope to be a larger ecosystem. The trustmark documentation shall be provided in a standardized form to allow for third parties to offer services on top of this foundation, like editorials, ratings & reviews. Note: This is our goal; year 1 serves to learn and prototype, and to develop the concept to a stage of maturity that gets this launch-ready. Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
  • 25. How We plan the trustmark to evaluate a product’s compliance through a scorecard or checklist of questions to be answered and documents to be provided. Each of them feeds into one of the five dimensions: 5 dimensions x 5 compliance points for a possible total of 25 points. Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
  • 26. Inputs, processes, outputs The trustmark will evaluate a mix of • Inputs: What goes into making a product? 
 In the textile world, Bluesign is a trustmark that demonstrates that an apparel manufacturer uses sustainable, eco-friendly materials • Processes: How is a product made?
 Fairtrade with their strong focus on sustainable farming practices and good labor conditions • Outputs: What is the product like when it’s finished?
 CE certification confirms that the final product fulfills certain EU quality and safety requirements
  • 27. How: Example questions We’re drafting the checklist of questions to answer, and documents to provide to pass the trustmark. We expect a mix of types of input: • Third-party certifications and standards can serve as an indicator of quality. For example, if a company open-sources their hardware according to OSHWA’s guidelines, this might count into the openness score. If a product is GDPR compatible (and hence guarantees data portability as well as privacy by design) this might count into the privacy score. We expect third-party certifications to be especially relevant for the security score. • First-party indicators, i.e. questions answered directly by the company. For example, “Do you follow Security by Design best practices? Please elaborate.” or “Do you have a business model in place that carries you beyond investments? Please elaborate.” Some of this will be fuzzy. We’ll be prototyping how to allow for that. Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
  • 28. Scoring The passing requirements are to fulfill two conditions: • No complete FAIL (0 points) in any dimension • At least 20/25 points total Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
  • 29. Example This examples FAILS the test: • It does not score 20/25 points. Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
  • 30. Example This examples FAILS the test: • A complete failure (0 points) in one dimension (Security). Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
  • 31. Example This examples PASSES the test: • It scores 20/25 points total. • No dimension fails (0 points) Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
  • 32. Example This examples PASSES the test: • It scores >20/25 points total. • No dimension fails (0 points) Note: It’s still up for debate if the requirement is • “≥20/25” or • “minimum 4/5 per dimension” Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
  • 33. Open questions & next steps • What aspects need to be evaluated through the checklist/ questionnaire (template for documentation)? • Is there a way to make a pledge legally binding, and if so: What does it take to make it so? • Should using the trustmark be tied to “hard stick” conditions, ie. fines, and if so how could they be enforced? • Gather feedback, run prototyping sessions, and fine-tune the concept.
  • 34. Mood board What could the trustmark look like, and how can it communicate levels of trustworthiness effectively? Some examples from other projects we liked in our research: FCC Broadband Labels Creative Commons licensing Bihr/Thorne: Privacy Icons Beyond IO: Washing instructions for IoT Adryan: Data Labels
  • 35. Pathways to partnerships & participation This is a project in an early stage. We’re looking in a number of areas. Particularly we’re looking for… • academic partners to accompany the development of this trustmark • bold commercial partners to help us prototype our requirements list against their existing or upcoming products • non-profit and media partners who can help us understand what they need in order to build third-party offerings on top of a trustmark Please get in touch if you’d like to get involved.
  • 36. Thank you. The Waving Cat GmbH Twitter @thewavingcat Web thewavingcat.com Peter Bihr Twitter @peterbihr Email peter@thewavingcat.com Contact ThingsCon Twitter @thingscon Web thingscon.com