Can a community build a better IoT framework?

If you want to see how far industry experts have come in defining the internet of things and thinking about how it should work, visit the Open IoT Mark web pages. A group of mostly (European) designers and makers last week gathered together to update documents to create an Open IoT certification mark.

The 2017 document is an update to a document created five years ago that attempted to define what it means to build an open internet of things. Reading the two back-to-back is like coming across your fifth-grade pictures where you can see the shape of your current face, but it’s hidden in youth and less refined.

The 2012 document is much shorter. It covers licensing, accessibility of data, timeliness of data, preservation of privacy, and transparency on how and where data is collected. Five years later, as European rules known as General Data Protection Regulation (GDPR) are set to go into effect, some of these concerns have been addressed by the forthcoming law. The law governs data privacy for European citizens.

But there’s a lot more to becoming an open internet of things product now that we have a better understanding of how the market is evolving. For instance, in the 2017 effort, there’s an entire section on business models and how companies should protect their data and ensure consumer use in case of a business failure.

I also really like the emphasis on transparency around how a consumer pays for a product or service. The document says an IoT vendor must tell consumers if they are paying in money or in data. Additionally, there is a lot of transparency around what data is shared and language that lets the consumer withdraw their permission to share her data.

On the security front, things have become far more robust. The document calls for companies using the planned mark to provide a bill of materials used in a product (it doesn’t need to be public) for reference in case of compromised hardware. Another security requirement is providing a minimum guarantee at purchase for security and service updates. This is similar to my request for an expiration date for IoT products.

The best part of this process is that anyone can view the work in progress and send comments. There’s a list of issues where the participants didn’t agree and background information on why they went a certain way on issues. Will this mark ever become something in demand from consumers? Maybe not, but the process of creating it is worth following and many of the ideas offered are worth using.