What if open #iotmark was open?

Seems non-sensical as a title but this is the conclusion that months of work have led to. What appeared a year ago like a novel idea to work on a trustmark for #iot looks more like one of a multitude of players in the space. So far we have found trustmark-like efforts everywhere. This includes:

Statements of intent, blog posts & manifestos

Registered trustmarks or standards

Policy making

See the whole list of what we’ve found so far. This is a bit daunting. We are an organic group of people, limited in resources but wanting to make a difference. So on June 13th at our next face to face meeting, we’ll discuss the future of the project. This is my take:

  • Open #iotmark needs to be financially accessible if not free. We know most of the players in #iot are micro SMEs with little resources. Why don’t we make our principles and assessment criteria free to use and cheap to implement. That will beat certification processes which cost tens of thousands and often act as trade barriers. We want companies to do the right thing and design connected products well, why don’t we act as the one place you can plan your product for free.
  • Open #iotmark should connect startups with security professionals. Much of the cybersecurity problems in #iot happen because micro SMEs don’t work with large expensive security vendors. 10 years ago you could barely find freelance electronics engineers and the #iot market created a new market for electronics graduates. Open #iotmark should kickstart this in cyber and hardware security. We should help connect freelance security experts with young #iot startups who want to implement our principles.
  • Open #iotmark should champion those who implement the principles. A nice list, nothing too formal. If someone can share with us the output of our assessment criteria, we should champion them internationally, no matter who they are and where they are.

If we really want to be a useful tool for others, accessibility is key and I can’t see that happen with a formal process of certification where we have to battle it out with much more formal and expensive process. On a good day, a company that implements our principles, as they grow, will find it no trouble at all to get the other certificates, but at least we’ll be there when they have no money and no resources which is when all the design work tends to happen.

Please join us in London on June 13th to share your take on what we’re trying to do!

Tools for conversation

Two weeks ago 7 of us met in Berlin to clean up the principles. When we saw cleanup that included:

  • Reducing redundancies (they’re not gone yet).
  • Growing the Lifecycle section
  • Improving up the uniformity of the ‘zoom level’ of each principle (also not completely done). This is about making sure we’re using the same level of granularity with each principle.

This was a great use of a small group’s time but we were missing a number of voices. We’re looking to organise another London event in June and would love to see more people come to the table. We’re planning which day to meet, so please fill in our survey and join us! It’ll be a year since our first event last June so it’ll be a time for reflexion on the work we’ve done over the last year.

Today I’m in Zurich, after spending a few days with Thomas Amberg, founder of Yaler, who had me over at the meetup in Zurich last night. Today, I’m speaking at a Google UX event called PAIR and on Thursday I’m going to be speaking in Manchester’s Future Sessions. I’ll be sharing with attendees the work of the last 24h which is a set of tools and visualisations to talk through our principles.

Firstly we’ve been thinking a lot about models of engagement for the principles. How hard is it for companies to implement? How hard is it for a startup vs a large organisation? How easy should it be, or how desirable is it regardless of effort?

In order to start to have those conversation we tiered the principles according to ‘Must have’, ‘Nice to have’ and ‘Best scenario’ which is about putting down what we think would constitute a baseline and a minimal viable mark. We’ve also made an empty poster that you can fill in to workshop these ‘levels’ as well as downloadable and printable cards which you can print on an A4 printer (Letter coming soon), one page for each category (Privacy, Interoperability, Openness, Data governance, Permissions, Transparency, Security, Lifecycle).

We’re sharing these tools (Dropbox here! and Github here!) and hoping to help organisations big and small that are planning to make or support a connected product workshop the mark. Please get in touch with us if you’re up for a little workshop, a number of us can help you out in the UK, Europe and US.



#ThingsConAMS workshop

In a short workshop at #ThingsConAMS, a design-focused IoT conference, we (@iotwatch and @tamberg) asked participants to prioritise the IoTMark principles. Given a 1.5 hour time limit, we used the “Mozfest 2017 edition” with 13 principles. Each of the five teams chose a product and took the perspective of both, a manufacturer and a consumer. After discussing priorities for about thirty minutes, the teams presented their rankings and talked about their motivations. Besides resulting in a colorful table, the process provided some insight into how the participants understood the principles.

Jolijn and Robin, who picked the thermostat example, discussed data ownership and interoperability when moving from one smart home to the next. It should be possible to detach and move your data history and profiles from an old home, as well as take your products and connect them to a new home’s infrastructure.

Jacky and Hans said that “the customer must always feel in control”. Taking the perspective of a camera manufacturer, they asked themselves if they should rather create a cheap or a safe product. They pointed out that the term (connected) “product” should include the device and the service or platform attached to it.

Jochem and Harm took the view of a smart lock company that in any case should not be evil. From a consumer perspective they found it least attractive to ask for an open API, as many customers would not know what an API is. They and others also found there is a distinction between expert and non-technical users.

Scott and Jeff concluded that “all points are important”. For a consumer the main question is “if I buy this, can I use it for 10 years?”. They highlighted the conflict of interest between product manufacturers and consumers when it comes to offline-capability. Also, startups might find principles to be outside of their core mission.

Ester, Hanna, Aapo, Ashlee and Casper picked the blood sugar sensor example. They found the provenance of a product to be important for luxury goods, but less so for an everyday item “that you have to use anyway”. As a workshop feedback, they proposed to use a less fine-grained range of priorities (e.g. high, medium, low).

Using a collaboratively edited spreadsheet turned out to be a reasonably accessible way to gather and share results. In a future iteration of the workshop, we would limit priority options as suggested, and maybe add an example to reduce ambiguities. Considering the limited time frame and broad topic, we are super happy about the outcome and insight from this fabulous group of participants. Thank you all!

CC BY-SA 4.0, iotmark.org