Making good design 
actionable.

Better IoT (formerly known as #iotmark , a continuation of the 2012 Open Internet of Things Assembly) was a community-led effort to make a free, accessible, open assessment tool aimed at startups and SMEs to help them design better connected products (internet of things).

We developed the tool based on principles that we think address some of the most pressing issues in the early stages of development: privacy, openness, interoperability, lifecycle, permissions, transparence, data governance and security. 

These sound technical but they have an impact on business models, customer support, end of life care, customer experience and more and are are important to consider in the early stages of a business.

Who is this for?

This free tool is ideal for any internet of things startup or product owner who has not built their product yet.  Some questions relate to the way your product is built, others to the way the product is supported and lastly your business model. So this isn’t just for your CTO!

How long will it take me? 

This should take about 15-30 minutes depending on who inside your organisation uses it.

Why did we work on this?

Badly designed connected products have a negative impact on consumers, at different levels:

• Bad design leads to security flaws at a technical level.
• Bad business practices lead to aggressive, hidden, data-driven business models that can block access to a product over time.
• Consumers are given limited choices in buying connected products as most will suffer from:
  • short-lived production runs
  • limited duration of service
  • high rate of failure of products
  • limited long term customer service
  • limited repairability and as a consequence an increase in e-waste.

We believe these problems are not insurmountable and by sharing openly what we think is good practice we can encourage not only large organisations to do better, but also more crucially smaller startups  and SMEs who are the lifeblood of the internet of things industry.

Principles for Better IoT

This is a set of principles that we think any connected product manufacturer, team or founder would use to make a responsible, secure, well designed connected product.

Please note we use particular definitions – the details are on Github.

These are the principles of the Open Internet of Things Mark as of June 13th 2018. This work by iotmark.org is licensed under Creative Commons BY-SA 4.0.

Privacy

MUST HAVE

• Allow users to access their collected data, free of charge.
• Make clear to users how the collected data is used.
• Allow users to delete their collected data.
• Allow users to migrate their collected data to another backend.
• Allow users to easily opt out of direct marketing based on their collected data
• Allow users to restrict the use of their collected data.
• Allow users to update their collected data.
• Allow users to stop automated decisions being made, if there are personal legal or significant consequences.

Ownership

MUST HAVE

• Allow users to transfer ownership of the device.
• Ensure new users do not have access to previous user’s data after transferring ownership.

NICE TO HAVE

• Allow users to turn off the connection from the device to the backend.

Transparency

MUST HAVE

• Make explicit the legal implications of substantially changing device usage.
• Make explicit the expected duration of the terms of service.
• Ask permission from users before changing the terms of service.
• Inform users about substantial firmware upgrades.

Security

MUST HAVE

• Implement security in your business processes.
• Implement security by design for the connected product.
• Assess the risk of well known IoT threats on the connected product.

NICE TO HAVE

• Implement security by default for the connected product.

Lifecycle

MUST HAVE

• Allow users to factory reset the device.
• Be clear about the expected service lifetime of the connected product.
• Be clear about the levels of user support provided during the lifetime of the connected product.

NICE TO HAVE

• Do not degrade or change the core functionality of the connected product over its lifetime.
• Document any parts that a user can repair using common tools and skills.
• Supply spare parts on request during the lifecycle of the product.

Interoperability

NICE TO HAVE

• Allow third parties to connect clients to your backend.
• Grant third party clients the same functional scope on the backend as your own clients.
• Allow third parties to communicate directly with your devices, without going through the backend.

BEST CASE

• Allow third parties to connect devices to your backend.

Openness

BEST CASE

• Publish the device firmware source code under an open source license.
• Publish the device hardware designs under an open hardware license.
• Publish the backend source code under an open source license.
• Publish client source code under an open source license.
  

Project History

Five years after the 2012 Open Internet of Things Definition event, we invited the London Internet of Things community to work together on framing a more actionnable set of tools around good design in connected products.

On June 16th 2017 over 60 participants from across the UK & Europe were invited to start writing a certification mark. We worked over a day, hosted by Alasdair Davies of the London Zoo and collaboratively edited a document (archive) which we considered a first draft. IT IP lawyers Rosie Burbidge and Josey Bright were on site that day to help with the language of the document.

Participants that day included:

• Chris Adams (Germany)
• Boris Adryan (Germany)
• Alasdair Allan (UK)
• Thomas Amberg (Switzerland)
• Alessandro Bassi (Italy)
• Eszter Bircsak (UK)
• Peter Bihr (Germany)
• Rosie Burbidge (UK)
• Lina Castaneda
• Mark Carney (UK)
• Rick Chandler (UK)
• Andrew Chetty (UK)
• Alasdair Davies (UK)
• Alexandra Deschamps-Sonsino (UK)
• Dries de Roeck (Belgium)
• Martin Dittus (Germany)
• Stefan Ferber (Germany)
• Andrea Gaglione (UK)
• Alex Gluhak (UK)
• Janet Gunter (UK)
• Usman Haque (UK)
• Chris Holgate (UK)
• Laura James (UK)
• Nuno Job (UK)
• Gerd Kortuem (Netherlands)
• Max Kruger (Germany)
• Albrecht Kurze (Germany)
• Matthew Macdonald-Wallace (UK)
• Graham Markall (UK)
• Selena Nemorin (UK)
• John Nussey (UK)
• Jen Persson (UK)
• Safia Qureshi (UK)
• Peter Robinson (UK)
• Gérald Santucci (Belgium)
• Mark Simpkins (UK)
• Iskander Smit (Netherlands)
• Andy Stanford-Clark (UK)
• Gavin Starks (UK)
• Ling Tan (UK)
• Rob Van Kranenburg (Belgium)
• Bon ven Luijt (Netherlands)
• Gill Wildman (UK)

After the event, we ran a series of digital and public events in London, the Netherlands, Switzerland and Germany to invite as much feedback as possible. In April 2018, after a year of gathering feedback, we decided against a certification mark and moved towards a free assessment tool which was published in the spring of 2019.

Contributors:

Chris Adams (@mrchrisadams), Boris Adryan (@borisadryan), Alasdair Allan (@aallan), Thomas Amberg (@tamberg), Pilgrim Beart (@pilgrimbeart), Cédric Lévy-Bencheton (@clevybencheton), Chackshu Saharan (@Ignius_IoT), Mark Carney (@LargeCardinal), Dries De Roeck (@driesderoeck), Alexandra Deschamps-Sonsino (@iotwatch), Martin Dittus (@dekstop), Louise Hugen (@louisehugen), Laura James (@LaurieJ), Konrad Komorowski,  Jan-Peter Kleinhans (@JPKleinhans), Albrecht Kurze (@AlbrechtKurze), Dominique Guinard (@domguinard), Geusseppe Gonzalez (@GeuseppeGC), Matthew Macdonald-Wallace (@mbconsultinguk), Graham Markall (@gmarkall), Adrian McEwen (@amcewen), Joanna Montgomery (@joannasaurusrex), Anthony James Munns (@bitshiftmask), Selena Nemorin (@digiteracy), Victor Petersson (@vpetersson), Alison Powell (@a_b_powell), Peter Robinson (@nullr0ute),  Mark Setrem (@ukmoose), Mark Simpkins (@marksimpkins), Andy Stanford-Clark (@andysc), Gavin Starks (@agentGav), Funda Ustek-Splida (@fundaustek), Bob van Luijt (@bobvanluijt), Duncan Wilson (@djdunc).