Presenting the ThingsCon Trustable Tech Mark at Casa Jasmina's Magic Monday. Torino, 24 September 2018.
Learn more about the ThingsCon Trustable Tech mark at https://thingscon.com/iot-trustmark
[2024]Digital Global Overview Report 2024 Meltwater.pdf
Trustable Tech Mark / Magic Monday at Casa Jasmina Torino
1. ThingsCon. For a human-centric & responsible Internet of Things.
The State of ThingsCon 2018
Magic Monday Torino
Torino 24 Sep 2018
Peter Bihr
@peterbihr
ThingsCon
thingscon.com
@thingscon
10. Christian Villum
David Li
Dries de Roeck
Eduardo Magrani
Elisa Giaccardi
Ester Fritsch
Gaia Scagnetti
Holly Robbins
Iohanna Nicenboim
Irina Shklovski
Iskander Smit
James Pierce
Laura James
Luca van der Heide
Maya Indira Ganesh
Peter Bihr
Rachel Douglas-Jones
Ronaldo Lemos
Seyram Avle
Silvia Lindtner
Simon Höher
State of Responsible IoT
bit.ly/riot-report
12. We asked ourselves: What potential is
there for a trustmark for IoT?
Early wins:
- Referenced in Brazil’s national IoT strategy
- Mozilla support: Fellowship, logistics, media
13. The Trustable Technology mark
empowers consumers to make
informed decisions &
enables companies to prove their
connected products are trustworthy.
14. Peter Bihr
ThingsCon
Mozilla Fellow
Project lead
thingscon.com
thewavingcat.com
@peterbihr
Jason Schultz
NYU Law
Mozilla Fellow
Legal
theendofownership.com
its.law.nyu.edu
@lawgeek
Peter Thomas
University of Dundee
Design
tompigeon.com
dundee.ac.uk/djcad
15. 4 questions that we should be able to answer
for every connected device.
But for connected products, these are very
hard questions to answer.
A simple
litmus test
Source: The Waving Cat (CC BY)
Does it do anything I
wouldn’t expect?
Is the organization
trustworthy?
Is it made using
trustworthy processes?
Does it do what I expect
it to do?
16. The trustmark is aspirational and aims to
raise the bar at the top of the pyramid.
This work is driven by values, not
pragmatism. This needs to exist in order to
get to a better IoT, and a better society.
We believe that good ethics are good for
business.
Our Goal
A trustmark to aim higher. -
find out more on medium.com
Trustmark
Baseline certification
Great
Good
Bad
17. Those companies who already build
trustworthy products have already done the
“hard” work. For them, documenting their
work is easy and quick.
However, if a company just isn’t there yet,
they need to go back and put in more effort.
Characteristics
Peter Bihr (CC-BY-SA) Hard to earn
Valuable/Meaningful
Easy to apply
The trustmark
should be
18. The trustmark evaluates compliance with 5
dimensions that we identified in our initial
research* as most crucial for consumers
Dimensions
*See A Trustmark for IoT (2017), p. 56
Privacy & Data Practices
How respectful of privacy? Is it designed using best data practices?
Transparency
Is it obvious to users what the device does and how data might be used?
Security
Is it designed and built using best security practices and safeguards?
Stability
How robust? How long a lifecycle to expect?
Openness
How open are device and manufacturer? Is open data used or generated?
19. Self-assessment
tool
Trustmark
readiness
Trustmark
• Doubles to assess
readiness and to verify
compliance
• Our experts review
applications and follow
up for clarification if
necessary
• 3rd party advisory
services like security
consultancy
• Non-public / between
companies and their
advisors
• Once passed, the
trustmark can be used
and the evaluation is
published
• Underlying
assessment (results of
self-evaluation tool) is
available online
3rd party
services
• Open licensing of the
self-assessments
enable 3rd party
services (analysis,
rankings, etc.)
Out of scope
(3rd parties)
In scope
(project core)
Out of scope
(3rd parties)
Elements of a
trustmark system
20. How does it
work?
Self-
assessment
Company fills in the self-
assessment tool, an online
application form that
consists mostly of yes/no
questions plus explanations.
Should the company find it
hard to answer questions,
they have identified a
weakness.
Application
review
Trustmark
issued
If the application passes, the
results are fully published
online.
If contested questions
cannot be resolved, the
trustmark is not issued and
the results will not be
published.
The step by step explainer.
The company itself is the
final judge if they fulfill or
do not yet fulfill the
trustmark criteria.
The stick is in the public
accountability once the
company decides to use
the trustmark and the self-
assessment results are
published in full.
1 2 3
There’s always a human in
the loop.
Our experts review the
application. If necessary,
they follow up for
clarification.
21. Format &
examples
This is what a sample extract of the published
documentation would look like.
Privacy & Data Practices
☑ Do you employ Privacy-by-Design best practices?
We strictly follow privacy-by-design practices. We also prioritize privacy
at every step of the process and in all our decision-making: We strictly
minimize the data we collect from users, and never keep non-essential
data. For example, during the device setup users are by default opted
out of every non-essential data collection option, even if this comes at
the expense of personalization options. We further have offer a privacy-
navigator feature that helps users better understand what happens with
their voice and location data should they decide to opt in. Furthermore,
we have a strict policy that makes sure that in case of bankruptcy or an
acquisition, user data is not part of the companies assets that might be
transferred to new ownership but deleted unless users specifically opt-
in to having their data transferred. This policy is available here:
product.com/datapolicy.
☑ Can users easily export their data?
A full data export of all user data, including all inferred data and
explanations, is available prominently from the user account page
(product.com/useraccount). The data can be exported in JSON or
XML, or a simple HTML dump. Should new industry standards for this
kind of data emerge and gain traction, we guarantee to make them an
export option as well within two months.
22. Next steps:
- Test & finalize assessment (ongoing)
- Gather launch partners (ongoing)
- Launch at ThingsCon Rotterdam
- Model for sustainable structure
24. How can we help as a community?
Do you work on a connected device that you’d like to certify with
the Trustable Tech mark? Get in touch.
Thank you.
ThingsCon
@thingscon
thingscon.com
Peter Bihr
@peterbihr
peter@thewavingcat.com