Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Trustable Tech Mark / Magic Monday at Casa Jasmina Torino

165 views

Published on

Presenting the ThingsCon Trustable Tech Mark at Casa Jasmina's Magic Monday. Torino, 24 September 2018.

Learn more about the ThingsCon Trustable Tech mark at https://thingscon.com/iot-trustmark

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Trustable Tech Mark / Magic Monday at Casa Jasmina Torino

  1. 1. ThingsCon. For a human-centric & responsible Internet of Things. The State of ThingsCon 2018 Magic Monday Torino Torino 24 Sep 2018 Peter Bihr @peterbihr ThingsCon thingscon.com @thingscon
  2. 2. ThingsCon fosters the creation of a human-centric & responsible IoT
  3. 3. Our mission, responsible tech, has entered the mainstream debate.
  4. 4. Events Publications Research Advocacy ACTIVITIES
  5. 5. 5 years of ThingsCon
  6. 6. bit.ly/riot-report trustabletech.org thingscon.com/eventsEVENTS
  7. 7. EVENTS thingscon.com/events
  8. 8. EVENTS What’s planned? thingscon.com/events
  9. 9. bit.ly/riot-report
  10. 10. Christian Villum David Li Dries de Roeck Eduardo Magrani Elisa Giaccardi Ester Fritsch Gaia Scagnetti Holly Robbins Iohanna Nicenboim Irina Shklovski Iskander Smit James Pierce Laura James Luca van der Heide Maya Indira Ganesh Peter Bihr Rachel Douglas-Jones Ronaldo Lemos Seyram Avle Silvia Lindtner Simon Höher State of Responsible IoT bit.ly/riot-report
  11. 11. trustabletech.org
  12. 12. We asked ourselves: What potential is there for a trustmark for IoT? Early wins:
 - Referenced in Brazil’s national IoT strategy - Mozilla support: Fellowship, logistics, media
  13. 13. The Trustable Technology mark empowers consumers to make informed decisions & 
 enables companies to prove their connected products are trustworthy.
  14. 14. Peter Bihr ThingsCon Mozilla Fellow Project lead thingscon.com
 thewavingcat.com
 @peterbihr Jason Schultz NYU Law Mozilla Fellow Legal theendofownership.com
 its.law.nyu.edu
 @lawgeek Peter Thomas University of Dundee Design tompigeon.com
 dundee.ac.uk/djcad
  15. 15. 4 questions that we should be able to answer for every connected device. But for connected products, these are very hard questions to answer. A simple litmus test Source: The Waving Cat (CC BY) Does it do anything I wouldn’t expect? Is the organization trustworthy? Is it made using trustworthy processes? Does it do what I expect it to do?
  16. 16. The trustmark is aspirational and aims to raise the bar at the top of the pyramid. This work is driven by values, not pragmatism. This needs to exist in order to get to a better IoT, and a better society. We believe that good ethics are good for business. Our Goal A trustmark to aim higher. - find out more on medium.com Trustmark Baseline certification Great Good Bad
  17. 17. Those companies who already build trustworthy products have already done the “hard” work. For them, documenting their work is easy and quick. However, if a company just isn’t there yet, they need to go back and put in more effort. Characteristics Peter Bihr (CC-BY-SA) Hard to earn Valuable/Meaningful Easy to apply The trustmark should be
  18. 18. The trustmark evaluates compliance with 5 dimensions that we identified in our initial research* as most crucial for consumers Dimensions *See A Trustmark for IoT (2017), p. 56 Privacy & Data Practices
 How respectful of privacy? Is it designed using best data practices? Transparency
 Is it obvious to users what the device does and how data might be used? Security
 Is it designed and built using best security practices and safeguards? Stability
 How robust? How long a lifecycle to expect? Openness
 How open are device and manufacturer? Is open data used or generated?
  19. 19. Self-assessment tool Trustmark readiness Trustmark • Doubles to assess readiness and to verify compliance • Our experts review applications and follow up for clarification if necessary • 3rd party advisory services like security consultancy • Non-public / between companies and their advisors • Once passed, the trustmark can be used and the evaluation is published • Underlying assessment (results of self-evaluation tool) is available online 3rd party services • Open licensing of the self-assessments enable 3rd party services (analysis, rankings, etc.) Out of scope (3rd parties) In scope (project core) Out of scope (3rd parties) Elements of a trustmark system
  20. 20. How does it work? Self- assessment Company fills in the self- assessment tool, an online application form that consists mostly of yes/no questions plus explanations. Should the company find it hard to answer questions, they have identified a weakness. Application review Trustmark issued If the application passes, the results are fully published online. If contested questions cannot be resolved, the trustmark is not issued and the results will not be published. The step by step explainer. The company itself is the final judge if they fulfill or do not yet fulfill the trustmark criteria. The stick is in the public accountability once the company decides to use the trustmark and the self- assessment results are published in full. 1 2 3 There’s always a human in the loop. Our experts review the application. If necessary, they follow up for clarification.
  21. 21. Format & examples This is what a sample extract of the published documentation would look like. Privacy & Data Practices ☑ Do you employ Privacy-by-Design best practices? We strictly follow privacy-by-design practices. We also prioritize privacy at every step of the process and in all our decision-making: We strictly minimize the data we collect from users, and never keep non-essential data. For example, during the device setup users are by default opted out of every non-essential data collection option, even if this comes at the expense of personalization options. We further have offer a privacy- navigator feature that helps users better understand what happens with their voice and location data should they decide to opt in. Furthermore, we have a strict policy that makes sure that in case of bankruptcy or an acquisition, user data is not part of the companies assets that might be transferred to new ownership but deleted unless users specifically opt- in to having their data transferred. This policy is available here: product.com/datapolicy. ☑ Can users easily export their data? A full data export of all user data, including all inferred data and explanations, is available prominently from the user account page (product.com/useraccount). The data can be exported in JSON or XML, or a simple HTML dump. Should new industry standards for this kind of data emerge and gain traction, we guarantee to make them an export option as well within two months.
  22. 22. Next steps: - Test & finalize assessment (ongoing) - Gather launch partners (ongoing) - Launch at ThingsCon Rotterdam - Model for sustainable structure
  23. 23. bit.ly/riot-report trustabletech.org thingscon.com/eventsEVENTS
  24. 24. How can we help as a community? Do you work on a connected device that you’d like to certify with the Trustable Tech mark? Get in touch. Thank you. ThingsCon @thingscon thingscon.com Peter Bihr @peterbihr peter@thewavingcat.com

×