Why do we need a trustmark for the Internet of Things (IoT)?
Most connected products (IoT for short) are essentially black boxes: As consumers we don’t really know what’s going on inside. This is a problem: If we invite internet-connected devices into our homes — devices that might collect sensitive data, and might even have embedded microphones or even cameras — we need to be sure that they are trustworthy. We also should know what our rights are as users, this is a consumer rights issue.
What did we try to do with the Trustable Technology Mark?
We tried to offer a trustmark that gives external validation to the companies that build the best-in-class products: The ones that demonstrate outstanding respect for user rights, privacy & data protection, security and transparency. To determine who deserves a Trustable Technology Mark, we ask companies lots of questions to get a holistic view of how they make and run their products, from the feature level to business models, from processes to the organizational level:
- What does the design process look like? Is this designed using security-by-design and privacy-by-design standards?
- Are the features designed in a way that gives users control over their data?
- Is there a business model, and are there safeguards in place in case something happens to the company (like bankruptcy or an acquisition)?
- Are there legal and organizational safeguards against abuse both internal and external, for example does the company restrict employees from accessing user data, and guarantee not to sue security researchers who discover security issues?
Our independent experts then review the answers, and might follow up with the company. If the results looks satisfactory, ThingsCon e.V. issues the trustmark (legally speaking, a license to use the trustmark logo and name in a certain context), and the company can include it in their communications. We also publish the answers in full (except some personal contact information of the submitting person) so the company’s statement is part of the public record, accessible to researchers, users, and everyone else.
What worked, and what hasn’t?
About 3 quarters of a year in, here are some of the key learnings:
The timing is good.
There is a lot of interest in the topic of trustable/responsible technology. The interest is, however, not so much on the company side. Rather, we see a lot of interest from consumers/consumer groups, as well as policy makers. This might be because of the way we designed the trustmark, or because of our networks, and insufficient outreach. The strongest pull we have been getting was around smart cities: Which underlying aspects of our trust criteria might be applicable for the context of smart cities?
Our outreach is too limited.
We haven’t done a good enough job with our outreach to companies. Too many (read: most of them) aren’t aware the Trustable Technology Mark exists, so our feedback has been limited.
The bar we set might be too high.
It’s unclear if this holds up or not, but the bar we set is pretty high. We also noted that some companies didn’t know how to internally answer our questions, i.e. which team might be able to provide an answer. This was flagged even during the design phase. At this point, we maintain that if there isn’t someone to provide an answer, this raises a red flag. That said, it’s an aspect we will keep monitoring closely.
We haven’t solved funding.
We talk a lot about sustainability and business models in our trustmark. Yet (ironically, I know) the trustmark does not have a business model. This is by design, we wanted it to be as open source as well as free as possible. In order to keep it operational we need to figure out some funding source, though, or otherwise build a robust pool of volunteer experts.
We need a governance structure.
As the project lead, I had a lot of freedom developing this concept. I based it largely on input I collected, but in the end, I had final decision-making power. Simple decision-making structures are a good way to make some leeway early on, but from a governance and sustainability as well as a trust perspective, this is problematic. So we need to establish governance structures that can guarantee the project could live on without me, and the ability to safeguard against any bad decisions I might make (conflicts of interest, etc.)
So what’s next?
All of this leaves us at an interesting point, with lots of new insights as well as the commitment to take this to the next level. Here’s what we are exploring right now:
A new governance structure
We’re working on a more resilient and robust governance structure. I’ve asked the ever-helpful and extremely well versed Jan-Peter Kleinhans to join the project, and to help me with the transition to the next phase. I hope and expect he’ll play a crucial role in whatever governance structure we’ll establish together. We’ll also tie the trustmark project more closely into the existing ThingsCon structures, namely ThingsCon e.V. in Germany as well as Stichting ThingsCon Amsterdam in the Netherlands. What exact shape this will take isn’t decided yet, but we’re working on it.
Growing our pool of reviewers
We’ll be expanding our pool of volunteer expert reviewers to be able to deal with more applications in a swift manner.
More efficient review workflows
Currently our review workflows are essentially based on the first prototype, a simple web form that feeds into a spreadsheet. This was totally ok for a prototype, but it doesn’t scale well, especially for collaborative reviews. We’re looking into what it would take to build/adapt a tool to make collaborative reviews easier on the backend. Preferably we’d like this to be open source, either as something we can adapt to our needs, or something we create and share for others to use and adapt.
While I don’t need to be paid to be involved in this, I would prefer to be able to reimburse reviewers for their work. Also, the project creates some overhead that needs to be offset in order to be sustainable. I’d like to stay away from pay-to-play, i.e. a licensing fee, as much as possible. Options that I’d prefer include direct funding for the project (for example, from a public or philanthropic source), or to raise funding for ThingsCon and allocate a good chunk of it to the trustmark. That said, we’re in no position to take any option off the table.
Update and adjust the trustmark
The trustmark is also a living, breathing project. We’ll keep revising the trustmark criteria based on input we’ll keep collecting, with an open eye on a potential Trustable Technology Mark version 2.0.
These are all things we’re discussing in various constellations. Since this is a volunteer project, it’s slow going at times. But we’re making constant progress, and I’m expecting that once we manage to make good progress on either one of these aspects, then others will follow and fall in place quickly.