08448380779 Call Girls In Friends Colony Women Seeking Men
Towards a Trustmark for IoT (30 May 2018)
1. Fostering the creation of a responsible &
human-centric Internet of Things
Towards a Trustmark for IoT
2. A Trustmark for IoT
- Draſt, May 2018 -
Peter Bihr / ThingsCon
This work is created as part of a Mozilla Fellowship.
Unless otherwise noted, Creative Commons BY-SA 4.0.
Please note that this is early stage concept draſt and a
work in progress.
4. Peter Bihr
The Waving Cat: Managing Director
Research, strategy, foresight for commercial, governmental
& non-profit organizations.
ThingsCon: Co-founder, Chairman
A global community of IoT practitioners with the mission to
foster the creation of a responsible & human-centric IoT.
Mozilla: Fellow
As a Mozilla IoT Fellow, I’ll be developing a trustmark for IoT.
The prototype will focus on voice-enabled IoT.
Contact
Email: peter@thewavingcat.com
Twitter: @peterbihr
Web: thingscon.com
Web: thewavingcat.com
Web: peterbihr.com
5. A Trustmark for IoT
I co-founded the ThingsCon network to explore how
to create IoT products responsibly.
This, and the research that led to our research report
for Mozilla (“A Trustmark for IoT”), led me to pursue
this project—within the ThingsCon network and with
support from Mozilla through a Mozilla IoT Fellowship.
Please note: This project is supported by but
independent from Mozilla—I do not speak for Mozilla.
Read the report at
thingscon.com/iot-trustmark
6. For a human-centric & responsible
Internet of Things
A global community & event platform by and for IoT practitioners
thingscon.com
7. Our theory of change:
Change is made through better
day-to-day decisions
8. IoT - an overview & why we need a trustmark
TL;DR: The Internet of Things increasingly touches all
aspects of our lives, but mostly it consists of black
boxes. We need to make sure that we can trust them.
Note: The next few slides will elaborate on this. If you’re
familiar with IoT, feel free to skip to the next section.
9. Source: Flickr / The Waving Cat (CC BY)
The term Internet of Things (IoT) covers a wide
field of applications
10. Images: Stephen di Donato (Unsplash), Andrew Welch (Unsplash)
Connected
Home
Smart
City
Two areas that manifest underlying issues of IoT
Challenges our traditional
notions of privacy*
* In the West, in the last 150 years or so
In public space, there is no
opt-out (of data collection,
urban analytics, etc.)
11. IoT lacks transparency
The Internet of Things with its dizzying array of connected products
and services is hard to navigate.
Consumers have little insight into how any one connected
product works, what it even might be capable of, or if the
company employs good, responsible data practices.
This is not an oversight on the consumers' side: We lack the tools
to find out.
12. Quelle: The Waving Cat (CC BY)
A simple litmus test: 4 questions
that we should be able to answer
for every connected device.
But for connected products, these
are very hard questions to answer.
13. We need to model
less for efficiency
and more for
resilience.
One part of that is
increasing
transparency of
connected
systems.
Photo: Peter Bi hr (CC BY-NC-SA)
15. Methodological notes
This trustmark concept is based on three main pillars:
The values we believe in and promote within ThingsCon, namely the creation
of a responsible IoT, respect for users and their privacy and other rights,
inclusivity and diversity, and openness.
The research we published with the 2017 report “A Trustmark for IoT” of
existing approaches to consumer protection labels, trustmarks, and certifications.
Conversations within the ThingsCon community of IoT practitioners, as well as
throughout the industry in my other role as managing director of a research &
strategy firm.
16. Goals
The trustmark we’re proposing is aspirational and aims to raise
the bar at the top of the pyramid: This is modeled not just to
filter out crap but to raise the overall bar of the conversation, and
to show that IoT can be done respectfully & responsibly.
Let me be clear: This is a work driven by values, not
pragmatism—because I believe this needs to exist in order to get
to a better IoT, and a better society.
We believe that good ethics are good for business. This is
also the angle we’ll take when pitching the trustmark to potential
industry partners.
Read my first thoughts on the
trustmark on medium.com
17. Characteristics
The trustmark should be
• meaningful: No astroturfing. If a product carries the
trustmark, it needs to be trustworthy.
• hard to earn: Only the best, most trustworthy
products and organizations should be able to carry
it.
• easy to apply: The documentation for the trustmark
should be easy, lightweight, and free. Also, it should
be aligned with the product development process.
18. thingscon.com/iot-trustmark
Early feedback & successes
Our 2017 trustmark research has received great
feedback and reach.
Among other things it was quoted extensively in Brazil’s
National IoT Plan.
Now we want to put our research into action.
19. (A note on how to read this document)
In some slides you’ll find a lock item in the corner.
The closed lock means this part is locked in (within reason).
The open lock means this part is still under discussion.
Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
20. Why?
To recap, we need a trustmark for IoT…
• to empower consumers to make informed decisions.
• to allow for responsible organizations to clearly communicate
their commitment to a higher standard.
21. Why should we sign up?
As an company that makes connected products, why should we adopt the
trustmark?
• This trustmark aims to highlight the work of the most responsible companies
and to clearly communicate their commitment to a higher standard.
• The trustmark increases consumer trust. It is for a highly selective group of
companies that go the extra mile to earn their customers’ trust is committed to
exemplary levels of transparency, openness and responsibility.
• As a secondary effect, the trustmark will attract talent: We believe that only
the best companies attract the best talent, and strong vision & values are a key
aspect.
22. What
We’re proposing a trustmark for IoT that increases transparency and empowers
consumers to make better decisions. This trustmark…
• evaluates 5 key dimensions
• is pledge-based
• builds on verification through publicly available documentation
• (mostly) decentralized
It takes a holistic approach that goes beyond just the device and includes
procedural and organizational aspects. The prototype phase will focus on voice-
enabled IoT (smart speakers, etc.)
Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
23. Dimensions
The trustmark evaluates compliance with 5 dimensions that we
identified in our initial research* as most crucial for consumers:
• Privacy & Data Practices
• Transparency
• Security
• Openness
• Stability
Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
*See A Trustmark for IoT (2017), p. 56
24. Pledge-based
The trustmark is pledge-based, i.e. based on voluntary commitment & self-
reported information. It is a type of self-certification.
Why?
• To gain critical mass, lightweight and easy-to-adopt beats hard verification.
• As a rule of thumb, (more costly) certification based on third-party audits tend
to provide higher credibility, but we believe that our approach of transparency
through documentation offers both carrot (USP) and stick (public shaming).
• Certification requires a level of centralization we aim to avoid. (Exception: We
might need a governing body of sorts at a later stage.)
Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
25. Verification through documentation
The trustmark should convey at a glance the level of trustworthiness and allow to get more
detailed information to back this up. The approach of "self-assessed but verifiable" opens up
trustmark-carrying products to public scrutiny in a similar way that open source software can be
peer reviewed.
Compliance with the trustmark is proven by providing publicly available documentation to answer (in
a structured way) the questions that determine a product's compliance. A company is required to make
this information available and easily accessible/findable on their website (/iot-trustmark or
comparable, details TBD).
Why?
• While we cannot enforce that all information provided this way is accurate, the stick (scrutiny and risk
of public shaming/campaigning) outweighs the advantages of faking compliance.
• In the meantime it's significantly easier, cheaper, and quicker to provide this kind of documentation
over an external audit.
Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
26. Decentralized
The documentation and pledge based approach also means the
trustmark is largely decentralized: Application to and of this trustmark
is done by each company independently from a centralized
authority. (We are looking into options to make this legally binding
through a licensing model.)
Applying the trustmark will always be free of charge.
Eventually we’ll need a governance system. For the purposes of
prototyping, I’ll be making final decisions based on input from
research, workshops, and the ThingsCon network in particular.
Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
27. The foundations of an ecosystem
The knowledge encoded in this trustmark—through documentation,
etc.—serves as the foundation of what we hope to be a larger
ecosystem.
The trustmark documentation shall be provided in a standardized form
to allow for third parties to offer services on top of this foundation,
like editorials, ratings & reviews.
Note: This is our goal; year 1 serves to learn and prototype, and to
develop the concept to a stage of maturity that gets this launch-ready.
Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
28. Elements of a Trustmark Ecosystem
Icons from The Noun Project (CC BY): Lock by Ralf Schmitzer, Checklist by Arafat Uddin,
Checkmark by Beth Bolton, Conversation by Chameleon Design, API by Emily van den Heever
Self-evaluation tool
• Business-facing
• In-depth
Trustmark readiness
• Advisory services
to get companies
compliance-ready
• B2B
Trustmark
• Consumer-facing
• Top-level
Out of scope (3rd parties) In scope (project core)
3rd party services
• Consumer or
business facing
• Enabled by open
licensing &
standardized
format
Out of scope (3rd parties)
29. Elements of a Trustmark Ecosystem
Self-evaluation toolTrustmark readiness Trustmark
• Doubles to assess readiness
and to verify compliance
• Internal use only until passed
• Once passed, the trustmark
can be used and the
evaluation is published
• 3rd party advisory
services like security
consultancy
• Non-public / between
companies and their
advisors
• Consumer-facing trustmark
is glanceable
• Underlying assessment
(results of self-evaluation
tool) is available online
Icons from The Noun Project (CC BY): Lock by Ralf Schmitzer, Checklist by Arafat Uddin,
Checkmark by Beth Bolton, Conversation by Chameleon Design, API by Emily van den Heever
3rd party services
• Open licensing of the self-
assessments enable 3rd
party services (analysis,
rankings, etc.)
Out of scope (3rd parties) In scope (project core) Out of scope (3rd parties)
30. How
We plan the trustmark to evaluate a
product’s compliance through a
scorecard or checklist of questions to
be answered and documents to be
provided.
Each of them feeds into one of the five
dimensions: 5 dimensions x 5
compliance points for a possible total
of 25 points.
Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
31. Inputs, processes, outputs
The trustmark will evaluate a mix of
• Inputs: What goes into making a product?
In the textile world, Bluesign is a trustmark that demonstrates that an
apparel manufacturer uses sustainable, eco-friendly materials
• Processes: How is a product made?
Fairtrade with their strong focus on sustainable farming practices and
good labor conditions
• Outputs: What is the product like when it’s finished?
CE certification confirms that the final product fulfills certain EU quality
and safety requirements
32. Format & Examples
We’re drafting the checklist of questions to answer, and documents to provide to pass
the trustmark. We expect a mix of types of input:
• First-party indicators, i.e. questions answered directly by the company. For example,
“Do you follow Security by Design best practices? Please elaborate.” or “Do you have
a business model in place that carries you beyond investments? Please elaborate.”
• Third-party certifications and standards can serve as an indicator of quality. For
example, if a company open-sources their hardware according to OSHWA’s
guidelines, this might count into the openness score. If a product is GDPR compatible
(and hence guarantees data portability as well as privacy by design) this might count
into the privacy score..
Some of this will be fuzzy. We’ll be prototyping how to allow for that.
Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
33. Format & Examples
The format for the checklist is standardized as checkbox [Yes/No/Not
Applicable) plus a text field to elaborate. If the answer is Yes or Not Applicable
then the text field must be filled in. (No always means 0 points.)
Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
The evolving checklist is available for review and input (via comments) here.
Some example questions. This checklist partially builds on the “Open #iotmark principles” (iotmark.org, CC BY-SA 4.0).
34. Format & Examples
This is a deep dive into the product and how its made, and it
requires a high willingness to open up and be transparent.
But all questions inquire into aspects the product team needs to
consider anyway, and this isa good opportunity to be explicit about the
decisions that go into making the product.
While undergoing the trustmark process means some extra work, it is
work that is very closely aligned with the product development process.
Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
35. Scoring
The passing requirements are to
fulfill two conditions:
• No complete FAIL (0 points) in any
dimension
• At least 20/25 points total
Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
36. Example
This examples FAILS the test:
• It does not score 20/25 points.
Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
37. Example
This examples FAILS the test:
• A complete failure (0 points) in one
dimension (Security).
Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
38. Example
This examples PASSES the test:
• It scores 20/25 points total.
• No dimension fails (0 points)
Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
39. Example
This examples PASSES the test:
• It scores >20/25 points total.
• No dimension fails (0 points)
Note: It’s still up for debate if the requirement is
• “≥20/25” or
• “minimum 4/5 per dimension”
Icon: Lock by Ralf Schmitzer from the Noun Project (CC)
40. Open questions & next steps
• What aspects need to be evaluated through the checklist/
questionnaire (template for documentation)?
• How can we make a pledge legally binding?
• Gather feedback, run prototyping sessions, and fine-tune the
concept.
41. Mood Board
What could the trustmark look like, and how can it communicate
levels of trustworthiness effectively? Some examples from other
projects we liked in our research:
FCC: Broadband
(all rights reserved)
Creative Commons licensing
Bihr/Thorne: Privacy Icons
(CC BY-NC)
Beyond IO: Washing instructions for IoT
(all rights reserved) Adryan: Data Labels
(all rights reserved)
42. Pathways to partnerships & participation
This is a project in an early stage. We’re looking in a number of areas.
Particularly we’re looking for…
• academic partners to accompany the development of this trustmark
• bold commercial partners to help us prototype our requirements list
against their existing or upcoming products
• non-profit and media partners who can help us understand what
they need in order to build third-party offerings on top of a trustmark
Please get in touch if you’d like to get involved.
43. Thank you.
The Waving Cat GmbH
Twitter @thewavingcat
Web thewavingcat.com
Peter Bihr
Twitter @peterbihr
Email peter@thewavingcat.com
Contact ThingsCon
Twitter @thingscon
Web thingscon.com
44. FAQ
Some questions that have been coming up frequently:
• Why isn’t sustainability and manufacturing conditions a larger part of this?
Sustainability is out of scope because it’s not our core area of expertise. We
believe others can tackle this issue more effectively.
• Is this trustmark Mozilla endorsed? Mozilla supports the independent
development of the trustmark under the ThingsCon umbrella by inviting Peter
Bihr to be a Mozilla Fellow.
• How is this different from certification or trustmark initiative XYZ and how do you
position your efforts in relation to it? We believe in diverse voices, and are open
for collaborations. That said, we don’t believe any organization (including
ourselves) has solved this yet.