Image Image Image Image Image Image Image Image Image


05 Jul


Defining an #iotmark for consumers

July 5, 2017 | By |

A long over-due blog post, I wanted to share some thoughts on the recent #iotmark event that Alexandra Deschamps-Sonsino and Usman Haque convened in London as a follow-up to the 2012 Open IoT Assembly (which produced this Open IoT Definition).

Most importantly (spoiler alert!) the #iotmark is a work in progress. You can follow along and/or contribute here.


Consumer trust and the Internet of Things

Why is it important to talk about IoT and a label, certification, or trustmark? Because in IoT, it’s really hard for consumers to make an informed decision on which products and services to trust.

Partially this is because implications of anything are hard to gauge in the context of connected, data-driven systems. Partially it’s because the categories of IoT products aren’t fully matured yet and it’s not always clear what to expect from one thing over the other. But also, there’s a lot more going on under the hood that makes it nearly impossible to tell quality work from crap.

A shiny box could be built with top security processes in place by a trustworthy organization, or it could be slapped together haphazardly by a scammer. How would you know!

As a starting point, inspired by a conversation at the event, I made this 4-quadrant test:

Trust and expectations in IoT by The Waving Cat/Peter Bihr

This group of 40-50 participants went hard at it with lots of intense and super interesting conversations. IoT is a huge space, and the challenges are manifold and real.

The range of challenges (and hence, opportunities to tackle) include digital rights, transparency, data protection & privacy, innovation, security & safety, reparability and maintenance, business models, literacy, policy, and many more.

Different schools of thoughts: Purists versus Pragmatists

An aspect I found particularly interesting was the different schools of thought present—pretty much what Venkatesh Rao refers to as Purists versus Pragmatists.

I’m painting with a very broad brush here, but you could tell two underlying approaches to solving these very real issues:

  • Part of the group aimed for a purist approach: Aim high, and stick with the high goals. In terms of labeling, this would manifest in a desire to see a strongly backed, third party audited, highly trustworthy and credible certification of sorts.
  • The pragmatists on the other hand were guided by not letting the better be the enemy of the good. Their approach tended towards a more bottom-up, decentralized, organic label based on self-declarations that might get more widely adopted because it requires less overhead and hence would have a lower barrier to entry.

When collaboratively editing the first draft of the #iotmark doc, we broke Google Docs.

While I tend to be a little partial here and lean a little more towards the pragmatic side of things, I fully see why both sides have strong points in their favor. In a context like this, where there’s no golden path that’s guaranteed to work, it boils down to a philosophical question.

Will this get traction?

So where will this go? It’s hard to say yet, but we’re motivated to make it happen one way or another. (I’m involved on a voluntary basis by heading the governance working group together with Laura James.)

The interest is certainly there, as is promising precedence as you’ll see below: Stacey Higginbotham just covered the #iotmark on her (excellent!) blog,

And we know that informal, ad-hoc gatherings can have a real impact. Decisions are made by those who show up! Steffen Ferber was a participant in the 2012 Open IoT Assembly, and he shared the story of how he introduced the Open IoT Definition we signed back then at Bosch.

Now, 5 years later, this impacts Bosch’s work in the space. (If the images in the embed below don’t load, just click through to the tweets.)

To me this is a great reminder and gives me a lot of hope: This type of work might not always seem glamorous and sometimes it’s hard to tell if it has an impact. But often that’s just because it unfolds its impact silently, in the background, and only much later the effect becomes visible.

A nice side effect of Bosch using the Open IoT Definition principles we laid out in 2012 is, by the way, that their products are now all pretty much automatically compatible with the GDPR, Europe’s new data protection regulation. Another case that illustrates that good ethics are good business!

I’m looking forward to continuing the very hands-on work on the #iotmark. Hopefully we can move it to a launch-able v1.0 shortly.

In the meantime, I’m also doing more research into the overall landscape and most promising approaches to an IoT trustmark, and how it might be developed and deployed for maximum positive impact.

It’s a good time to put a label on IoT for sure.

29 Jun


Monthnotes for June 2017

June 29, 2017 | By |

One day you plant the seeds, and later you harvest. An old freelance friend used to say this to remind herself and me at the time of the cyclical nature of work. First you put in the work, then later it pays off. June is such a month of harvest: We published not one but two full-scale reports.

For this and much, much more: Keep reading.

If it seemed a bit quiet here last month it’s because it was the proverbial quiet before the storm, aka launch month.

View Source: Shenzhen

We went to Shenzhen to explore opportunities for collaboration between European Internet of Things practitioners and the Shenzhen hardware ecosystem—and how to promote the creation of a responsible Internet of Things. You can read the result here: View Source: Shenzhen

ThingsCon Report: The State of Responsible IoT

The ThingsCon report The State of Responsible IoT is a collection of essays by experts from the inter-disciplinary ThingsCon community of IoT practitioners. It explores the challenges, opportunities and questions surrounding the creation of a responsible & human-centric Internet of Things (IoT). You can read the result here: ThingsCon Report: The State of Responsible IoT

Trustmarks for the Internet of Things

My research into IoT labels to increase (and justify!) user trust in connected products continues.

As part of this research went to the Open IoT Definition (5 years later) hosted in London by Alexandra Deschamps-Sonsino and Usman Haque. Just like the first convening of this loose group, it was excellent and intense—and we started a process to try and develop an #iotmark ( It’s currently a v0.1 document open for input.

While I’ve been doing expert interviews for a broad range of input, we’ve also just launched a small online survey. If you work in IoT or adjacent fields, I’d love to hear from you!

I’m also planning to host a brief workshop on this attached to the ThingsCon Salon Berlin on 13 July. Please ping me if you’d like to participate (likely 15:30 to 17:00 or so).

Updated website

Perhaps a little less concrete but also relevant I think, I’ve reworked the company website to better reflect the types of work I’ve been doing these last few months and aim to continue doing. There were some seriously outdated things there.

The two core areas I’d sum up as strategy and research.

As a boutique strategy, research & foresight company we help guide our clients’ strategies regarding business, product, and research.

This top-level description now explicitly includes research and foresight, for reasons.

Maybe more notably I’ve introduced a dedicated research section because it’s something I’ve been doing with collaborators in almost all recent projects, but that basically wasn’t reflected at all on our website. Needless to say, I favor qualitative over quantitative.

To lead and advance the field, you need to look ahead and understand what’s on the horizon—and what’s possible. In future-facing areas like emerging tech, quantitative data doesn’t cut it: We provide—and help you apply—foresight & qualitative research so you stay ahead of the curve. This includes a wide range of methods and types of input and output. Because we are tapped into the backchannels of a large network of leading experts and collaborators, we have a powerful and fine-tuned radar for the near future.

You can find most of it on

I’m curious to hear what you think!


We launched ThingsCon report on the state of responsible IoT (see above), and are preparing a whole wave of ThingsCon Salons for July: Amsterdam, Berlin, Cologne & Darmstadt are all ready to roll.

The salons are also a great occasion to catch a screening of the View Source: Shenzhen video documentation that The Incredible Machine has been producing throughout our two Shenzhen trips!

The impact of a community also grows with its footprint. In that sense we’d like to get more ThingsCon chapters online: More cities, more local communities, all working together.

This map shows where ThingsCon events happened in the past or are currently planned.

Over on the ThingsCon blog we wrote:

ThingsCon is a complete community effort, driven largely by volunteer work. And that’s a feature, not a bug! This community has a seat at the table because lots of us show up when important decisions are made, and when the future of this industry is discussed.


We’re hoping that by the end of 2017, we’ll see 15 new chapters, including 5 in the global South! Combined with the existing chapters, this could easily make for a total of 50 more events just this year.

It’s easy to get involved. Let’s go!

Zephyr Berlin

Holiday season is coming up. We still have a (small & shrinking) stack of ultimate travel pants. Get yours now!

While we’re looking into (potentially! no promises!) running one more small batch, we’re super curious to learn how people have modded, hacked or repaired their Zephyrs. If you have, send us a pic, will ya?

Writing, talks, media

At DevOpsCon, I had the pleasure to talk Shenzhen with Stephanie Koch. Our session was called Shenzhen: IoT going rogue and we had a full house:

Photo by Markus Andrezak (Thank you, Markus!)

I also had a blast of a time discussing the challenges and opportunities of IoT and security at the Transatlantic Digital Debates with a group of smart fellows from both sides of the Atlantic.

Speaking of smart fellows: Together with Meike Laaff I ran a 3 day weekend workshop with stipendiaries of Heinrich-Böll-Foundation on the future of work and how digital, AI, IoT and adjacent technologies impact how we work, and how we think about work.

As for writing, in addition to the two reports listed at the top of this post I wrote:

What’s on the horizon?

Some writing, lots of research to be published later this year. I’ll also be speaking at ThingsCon Salon Berlin (about our Shenzhen trip), and at Das ist Netzpolitik! Also, we have 4 ThingsCon Salons coming up in July alone! Right after, in mid-July, I’ll be off on a vacation for a few weeks. If you’d like to talk about projects for after, ping me!

28 Jun


Trust and expectations in IoT

June 28, 2017 | By |

One of the key challenges for Internet of Things (IoT) in the consumer space boils down to expectation management: For consumers it’s unreasonably hard to know what to expect from any given IoT product/service.

This is also why we’ve been investigating potentials and challenges of IoT labels and are currently running a qualitative online survey—please share your thoughts! The resulting report will be published later this year.

I think the quadrant of questions anyone should be able to answer to a certain degree looks somewhat like this (still in draft stage):

“Trust and expectations in IoT by The Waving Cat / Peter Bihr (image available under CC by)”

Let’s go through the quadrants, counter clockwise starting at the top left:

Does it do what I expect it do do?
This should pretty straightforward for most products: Does the fitness tracker track my fitness? Does the connected fridge refrigerate? Etc.

Is the organization trustworthy?
This question is always a tough one, but it comes down to building, earning, and keeping the trust of your consumers and clients. This is traditionally the essence of brands.

Are the processes trustworthy?
The most tricky question, because usually internal processes are really hard, if not impossible, to interrogate. Companies could differentiate themselves in a positive way by being as transparent as possible.

Does it do anything I wouldn’t expect?
I believe this question is essential. Connected products often have features that may be unexpected to the layperson, sometimes because they are a technical requirement, sometimes because they are added later through a software update. Whatever the reason, an IoT device should never do anything that their users don’t have a reason to expect them to. As an extra toxic example, it seems unreasonable to expect that a smart TV would be always listening and sharing data with a cloud-service.

If these four bases are covered, I think that’s a good place to start.

28 Jun


Challenges for governance in the Internet of Things

June 28, 2017 | By |

Image by Paula Vermeulen via Unsplash

I’d like to share 3 short stories that demonstrate just a few of the challenges of governance for IoT.

1) In the fall of 2016 Facebook, Twitter, Netflix and other popular consumer websites were temporarily shut down in a so-called Distributed Denial of Service (DDoS) attack. This isn’t unusual in itself—it happens all the time in smaller scale. What WAS unusual was the attack vector: For the first time, a large-scale DDoS attack was driven by IoT products, mainly cheap, unsecured, internet-connected CCTV cameras. Who suffers the consequences? Who’s responsible? Who’s liable?

2) As part of the European Digital Single Market, the EU just passed the The General Data Protection Regulation, or GDPR for short. It’s is designed to enable individuals to better control their personal data. However, experts around the globe are scrambling to figure out how this applied to the IoT: Almost certainly, a lot of the type of data collection and personalization that’s part of consumer IoT products falls squarely under the GDPR. What will IoT-related services look like 5 years from now? Is it going to be different services depending on where you are? Based on where your provider is? Based on where your residency is? Or will it just stay the same?

3) In 2015, Mount Sinai Hospital in New York launched an interesting research project called Deep Patient. They applied artificial intelligence (AI) techniques—concretely machine learning algorithms—to analyze their patient records for patterns. It turned out that these algorithms were extremely good at predicting certain medical conditions; much better than human doctors. But it wasn’t clear how they got to these predictions. Is it responsible to act on medical predictions if the doctors don’t know what they’re based on? Is it responsible not to? How do we deal with intelligence and data that we don’t understand? What if our fridges, cars, or smartphones knew better what’s good for us than we do?

These 3 short stories demonstrate how wide the range of questions is that we face in IoT. The width and depth of this range makes questions of governance more than just a little tricky.

Image: Paula Vermeulen, Unsplash

22 Jun


First and foremost, get the basics right

June 22, 2017 | By |

In my work, and in an endless stream of conversations, I notice how organizations focus on perfect delivery over getting the basics right. This is a recipe for disaster! Today I’ll make the case for focusing on the basics first, even though this might not seem as rewarding in the short term.

For example, if you build a table with four solid legs, even if it might look crappy it’ll fulfill its primary purpose. It’s a table. It’s table-ness, manifested. However, it you focus on perfect delivery and apply the most beautiful polish to a table without first getting the basics right, you’ll end up with an object that might look beautiful but is too wobbly to use. It’s not a table, but a simulacrum of a table.

This principle holds for all walks of life and organizational output. For something a little less cliché than a table, consider a developer event. Even the most polished developer event with fantastic catering and a great video documentary is bound to fail if there isn’t a powerful API and the documentation to go with it: If the company culture isn’t yet at the point to be open for external developers, no amount of polish at the event will help.

First and foremost, we need to get the basics right.

I could go on listing examples, but the principle is clear: Basics first. Once the basics are in place, the rest can follow, but the opposite is not true.

The issue is, of course, that often the basics don’t offer much chance to increase one’s standing or profile internally or externally, at least not in the short term. It’s essentially plumbing work like all infrastructure: Incredibly important, but not generally lauded.

The same holds true for solid strategy and future-proofing work: In order to successfully future-proof an organization, it’s usually necessary to touch on all parts of the organization. Org charts, business models, culture, strategy, tactics, processes, product, marketing and all the rest needs to be on the table. Like security, you can’t just tack it on after.

Before you can run, you need to learn how to walk. Only once a reliable foundation—the basics!—is in place, you can move on to greatness.

22 Jun


We can move past the outdated cult of the genius founder

June 22, 2017 | By |

Following the recent news about Uber and its leadership issues, I can’t help but think of the structural issues at play here. Personally I think of Uber as a near-perfect manifestation of what’s wrong with the tech industry, but the underlying issues go way beyond this company.

The outdated cult of the genius founder

In the saga around Uber founder being ousted by investors as CEO, there’s been lots of talk about changing the company’s culture, about making changes, about reigning in bad behavior. First of all, if this happens after being slapped on the wrist it doesn’t come from a place of credibility: Uber’s behavior in all of their scandals has been pretty clearly just window-dressing. When there was enough public pressure, course-correct just enough. Never has there been any credible sign of truly wanting to change. These are just my 2 cents, and I’m obviously not an Uber fan.

This whole culture, as has been documented very well in lots of places, is an expression of the founder’s personality and mode of operation. A culture doesn’t just exist, and change when you tell it to: Culture is the accumulation of decisions, reinforced by success.

In Silicon Valley, the myth of the genius founder is strong. And how couldn’t it be. It’s such a strong narrative! But like all narratives, it’s a fiction.

This wouldn’t be dangerous if there weren’t such a broad range of VCs who went for this myth of the genius founder, and for the alpha male bravado that comes with it. (And make no mistake, this cannot be discussed without talking about gender.)

Whenever I think about Uber and its culture the thing that strikes me most is how outdated Uber seems. Despite the technology, the angle of disruption and innovation and what have you, it feels like a company more like 1980s movie Wall Street rather than a 21st century enterprise.

This reminded me a lot of former ISS commander Chris Hadfield’s explanations of how the requirements for becoming an astronaut have changed since the 1950s, which turned into this little Twitter rant (some typos removed):

In his (excellent!) book Astronaut’s Guide to Life on Earth, Chris Hadfield explains how requirements for astronauts have changed over time.
In the early days of space exploration, it was all about technical skills and bravery: You would have to be ok being strapped onto a rocket. In modern space exploration, it’s all about good leadership and being a team player, having broad skillsets, and handle stress well.
When I see Uber news, the company feels so outdated it makes me realize: Maybe the startup & tech scene moves in the same direction. Rather than the brilliant, visionary—but potentially ruthless—genius preferred in the past, we’re moving into a new world:
Imagine a tech & startup world of great, level-headed team players and leaders with broad interdisciplinary skills and diverse teams.

Turns out, this might be huge also under inclusion and diversity aspects.

The Atlantic’s brilliant and painful article Why Is Silicon Valley So Awful To Women? refers to a study published 2015 in Science and how the cult of the “genius founder” is highly problematic, especially—but not only—regarding diversity (highlights mine):

The researchers found that telling participants that their company valued merit-based decisions only increased the likelihood of their giving higher bonuses to the men.
Such bias may be particularly rife in Silicon Valley because of another of its foundational beliefs: that success in tech depends almost entirely on innate genius. Nobody thinks that of lawyers or accountants or even brain surgeons; while some people clearly have more aptitude than others, it’s accepted that law school is where you learn law and that preparing for and passing the CPA exam is how you become a certified accountant. Surgeons are trained, not born. In contrast, a 2015 study published in Science confirmed that computer science and certain other fields, including physics, math, and philosophy, fetishize “brilliance,” cultivating the idea that potential is inborn. The report concluded that these fields tend to be problematic for women, owing to a stubborn assumption that genius is a male trait.
“The more a field valued giftedness, the fewer the female PhDs,” the study found, pointing out that the same pattern held for African Americans. Because both groups still tend to be “stereotyped as lacking innate intellectual talent,” the study concluded, “the extent to which practitioners of a discipline believe that success depends on sheer brilliance is a strong predictor of women’s and African Americans’ representation.”

Just imagine that: What if VCs and consumers alike gave their support not to alpha male-led “genius founder” personalities, and carte blanche to break things first and ask forgiveness later? What if instead they guided them to build more sustainable businesses and cultures?

To be fair, some VCs and other investors do. Most notably, or at least most “purely”, Bryce RobertsIndie VC, which is fantastic.

What about non-tech skills?

There’s another angle to this that’s relevant if only somewhat related: A broader intake of talent.

Traditionally, there’s a bit of a two class society in tech: Technical skills and non-technical skills, the former being at the core, the other playing support roles.

There are of course founders from other backgrounds, and increasingly some non-tech disciplines like design are starting to have a seat at the table. But it’s nowhere near diverse enough.

So let’s talk about how we value skills.

Recently Berlin announced that to fight a shortage of teachers, primary school teachers are soon going to make €5.100 a month. For a city with traditionally very low wages (for a big European city), that’s a solid salary. For comparison, it’s roughly in the ballpark, but actually above, what developers earn in Berlin. Gasp! That’s right, teachers could earn more than software developers. First I thought whaaaat, how can that be, but then it actually made some sense to me given the societal contribution of teachers. But I digress!

As someone working in tech but not in the tech skills section of tech, I believe there’s lots to be gained by getting to a better mix of disciplines and skills in tech.

My training was in the methods of social sciences and humanities: I hold two masters degrees; one in communications science with a minor in political science, and one in media practice. While people in tech have looked at me funny more than once in my career, I’ve always found this broad background, methodology training, and big picture perspective extremely helpful in my line of work. For example, this is what allows me to do research and distill the insights into writing (and of course strategy advisory).

When I think about a model for a successful, sustainable, desirable 21st century company, I imagine a team of humble experts with broad skillsets and diverse backgrounds, both in terms of origin and professional training.

That, and only that, allows a company to develop the flexibility, resilience, and broad perspective—to ability to ask the right questions!—to thrive in an environment shaped by uncertainty, ambiguity, and rapid change.

15 Jun


Two new reports out now! The State of Responsible IoT & View Source Shenzhen

June 15, 2017 | By |

We’ve had the great opportunity to do a lot of research these last few months, and it’s super nice to be able to share the results: Two new reports are out this month—one in fact went live just today!

The State of Responsible IoT

The ThingsCon report The State of Responsible IoT is a collection of essays by experts from the inter-disciplinary ThingsCon community of IoT practitioners. It explores the challenges, opportunities and questions surrounding the creation of a responsible & human-centric Internet of Things (IoT).

For your convenience you can read it on Medium or download a PDF.

View Source: Shenzhen

We went to Shenzhen to explore opportunities for collaboration between European Internet of Things practitioners and the Shenzhen hardware ecosystem—and how to promote the creation of a responsible Internet of Things.

Download View Source: Shenzhen as a as a PDF (16MB) or read it on Medium.