An Ethical IoT?
In October 2016, Jake Davis, known as @DoubleJake on Twitter, quoted a question he’d heard a few times. “Why would hackers even want to target my toaster?” In the same tweet, he replied: Because your toaster has no security and is directly connected to your private network. By the time this tweet was retweeted by anthropologist Gabriella Coleman, it had already received 470 retweets and 424 likes. Jake’s question pointed out two things – that a huge number of ordinary household items are joining the ‘Internet of Things’, and that a lot of questions are starting to be asked about why knowing more about these new participants in our social lives is such a big deal.
"Why would hackers even want to target my toaster?"
Because your toaster has no security and is directly connected to your private network.
— Jake Davis (@DoubleJake) 22 ottobre 2016
A Research Project with Developers and Designers
With the VIRT-EU project we explore the ethical implications of newly connected devices, like the toaster in Jake’s tweet, focusing on how and where ethical questions arise.
The project's full name is Values and Ethics in Innovation for Responsible Technology in Europe and it aims to address concerns around emerging data practices, responsible research and innovation (RRI), data ethics and privacy at the point of design.
Over the next three years we will be researching and intervening upon the development cultures and ethics of the next generation IoT innovators.
Through this project we ask questions about the decisions made during the design process that result in excessively complex security settings, or data collection that could reveal too much intimate information about the household.
"How do European IoT innovators and developers make ethically consequential decisions – about code, hardware and data – for new connective devices?"
"What assumptions about human behavior, privacy and freedom underpin European cultures of IoT innovation?"
These questions are relevant because a lot of the default settings and design choices for current IoT devices seem to be misaligned not only with basic expectations of privacy or autonomy but also with the practical realities of daily life. Occasionally, these misalignments will become obvious: for example Amazon Echo’s default settings enabled voice activated purchasing, which meant that not only was a six-year-old in Texas able to order a dollhouse by talking to the AI “Alexa”, but a number of other American households also nearly bought one when the story of the six year old’s purchase was covered on a local TV network, repeating the phrase “Alexa, buy a dollhouse” in TV watchers’ Echo-enabled homes.
Our project recognizes that devices such as Echo contain and embed the values of their designers and imaginaries of how these devices will come to be a part of life in practice. Although we are seeing more and more coverage of these (often humorous) stories that raise ethical concerns, journalistic coverage of this kind is not enough: it does not address the design or engineering at the root. Research is needed to understand how decisions are made before devices ever get put to use. IoT devices promise efficiency and seamless integration of technology into even the most mundane daily practices. What is often overlooked is that such mundane practices of making toast in the morning or listening to music in the shower are also incredibly intimate.
"As data-intensive sensor-based technologies enter these most intimate of spaces, what kinds of effects might these have even if we didn’t have to worry about security settings?"
How our devices behave reflects not only the technical prowess but also the moral reasoning of their creators – deliberate or not. Small companies and especially start ups rarely have the resources to help with ethical guidance and moral reasoning at the same time as they work to ensure that their devices are secure and handle personal data in compliance with the law. They cannot outsource to consultancies or hire lawyers to check their compliance, meaning that security and privacy concerns are often addressed ad hoc, at the end of product development.
We believe that ethical reasoning as well as discussions of security and privacy compliance must happen at the point of design and development decisions. Our ambition is to create tools and frameworks that can help make ethical reasoning a part and parcel of IoT design and development in practice, supporting developers and their projects.
What do we mean by ethics?
Ethics has come to have many meanings. In general terms, ethics concerns the frameworks and principles that define our ability to have a good life and to clearly conceptualize our rights and responsibilities. In many fields of ethics, these frameworks and principles are either considered in terms of outcome, as in consequential ethics, or in terms of rules, as in deontological ethics.
VIRT-EU uses virtue ethics as a framework for our investigation by focusing instead on how people interpret rules and frameworks – the kinds of things that are valued as professional ideals of character and behaviour. Acting virtuously might mean resisting the expected actions or frameworks that we encounter as part of our social lives, and it is embedded in the setting where people are making decisions that are situated in social experiences that vary across the world and even across Europe.
By approaching IoT design through a lens of virtue ethics, our researchers connect with the experiences of designers, engineers and developers while they work, exploring the negotiations and tacit norms that go in to making connected devices. After all, when designers of technologies talk to each other, debate and disagree about what tools to use and how to manage and respond to data, they are also enacting ethics. This means that it is really important to be able to describe and analyse social processes of ethical thinking and acting, the social relationships that underpin how our technologies are made.
Using a virtue ethics approach will help us understand how, when and where designers and developers make decisions about the technologies they create and to identify potential areas for intervention. We want to see ethics as more than something that can be bolted on to the end, and more than a set of outcomes against which actions should be measured. To accomplish this, the interventions of reflection and assessment that we design through VIRT-EU will need to make sense to designers and developers as part of the technological development process.
Why does IoT need ethics?
When considering the potential impact of IoT-related innovation, there is no playbook, no rules of conduct. Even so, from technology developers and designers at large companies to entrepreneurs working to disrupt and innovate in maker and hacker spaces there is a lot of pressure to get it “right”. The EU’s GDPR, which has set out a number of guidelines, comes on top of each member state’s existing web of laws and policies on data collection and privacy.
But legislation often does not address the difficult decisions that need to be taken during technological development, during the time values are being built in to the technologies that will go on to be used. Whose values get built in is an ethical question, urgently in need of discussion. Yet our preliminary research has shown that moral reasoning and ethical conduct are rarely topics for discussion online or offline in communities of IoT developers and innovators. Few people ask: how do we figure this out? As one developer told us in a conversation: “Ethics is like this big elephant in the room whenever IoT is discussed.”
Informed moral reasoning includes recognizing that there are ethical implications baked into both assumptions and decisions about product or service design. For example, with so much categorization happening through data gathered via IoT devices, who is asking how these categories are made and what the benefits or consequences of the categorization will be for those put in them?
Connected devices and services are increasingly designed as part of mundane infrastructure, effectively rendering them invisible. This means that developers need to be able to see how decisions about tradeoffs during design have ethical consequences: Sure, the use of that cheaper component would help the bottom line but is that a security tradeoff? Sure, the decision to design the device interface requiring all data to be routed via cloud is easier (limiting worry about the diversity of local devices) but what does this requirement mean for an end-user wanting to protect the meager amounts of privacy they have left?
The goal of VIRT-EU’s research into this space is to support those involved in the design, engineering and development process in thinking more broadly about needs and benefits, and generate awareness that communities of practice which support early-stage reflection can have a powerful impact on how devices develop. When we look towards an ethical IoT in our project, we don’t focus on the user experience.
Our approach starts well before products hit the market. Through ethnographic research with IoT communities, we will explore opportunities where developers already do, and potentially could more deeply, consider the ethical and moral choices they have to make as they design services and devices. Instead of checking the ethics at the end of the design and development process, our project will design tools for critical reflection and ethical intervention as IoT devices are being made. Focusing on how designers see the world for which they design will tell us a lot about what kind of future is on the horizon and we would like to make sure it is the kind of future all of us would like to live in.
VIRT-EU is a H2020 project coordinated by the IT University of Copenhagen, in collaboration with researchers at the London School of Economics, Uppsala University, Politecnico di Torino, the Copenhagen Institute of Interaction Design and the Open Rights Group. To read more about the project see here https://virteuproject.eu/project_description
If you are involved in designing, developing or engineering IoT devices, what guides your current decision making? We’re currently running a study of IoT manifestoes – check it out here https://virteuproject.eu/call_iot