//

Why we haven’t made a trustmark for technology

Laura James

Doteveryone is often asked why we didn’t go ahead with an early idea to create a ‘trustmark’ for technology. The short answer is that digital products and services aren’t like bananas. 

Digital products are complicated, change over time (with software updates, new technologies, new data, etc) – and our attitudes towards them change too. It’s hard to set useful common standards, and evaluate these, in this sort of setting. 

Doteveryone looked into what trustmarks for tech would look like, and after research and prototyping, we found a trustmark wasn’t the most useful thing we could do to create change. Instead, we developed TechTransformed, practical resources and tools to help organisations be more responsible day-to-day. 

A summary of the reasons we didn’t do a trustmark: 

  • Developing a full ‘trustmark’ system is a multi-year investment. It includes building a trustable brand with consumers, setting standards and creating a sustainable way to audit and check them (and probably a big, weighty organisation too).
  • It’s difficult to imagine a specific checklist of requirements that would make sense for this variety of products, services and systems. And technology changes fast. Even if we had a standard we could hold today’s digital products to, it probably wouldn’t apply to new things entering the market tomorrow.
  • We’re not yet at the tipping point where consumer concern around tech trustworthiness and ethics translates to action. Purchasing pressure is a very limited lever for change at present. 
  • We also had doubts as to whether consumers would actually benefit from a mark. Choices are already difficult when you are picking apps and devices, and product offerings are complex, and time (and money) often scarce. It felt more important to work on helping more businesses improve their practices in a lightweight and feasible way.  
  • Many label projects (especially around privacy) have failed or had little to no impact. 

Here, Doteveryone Associate, Dr Laura James, takes a look back at why we didn’t develop a trustmark and how we got to where we are today.

In early 2017, we looked at many different ways we could get the tech industry to be more responsible and accountable. We wanted to find some way to shift things that went beyond interventions targeting specific technologies or products. There were already great initiatives looking at aspects of security, accessibility, usability. Our focus was on how we could create something more cross-cutting, which would change tech company behaviour regardless of product sector or team skills. (We’ve always been interested in addressing the varied ways in which tech needs greater responsibility – it’s more than just ethics in AI, or privacy, or platforms.)

We started out by surveying what other people were doing in this space. Doteveryone has always seen its work as part of a wider network and we wanted to avoid duplicating other activities but learn from them. Our directory of ethical tech products is still freely available online and has been updated and enhanced since.

Could we have a trustmark for technology? 

Trustmarks are common tools to demonstrate business responsibility, whether it’s GasSafe for heating technicians, or FairTrade on food and other products.  In 2017, with growing concerns about big tech, algorithms and more, and calls for greater responsibility, a lot of people mentioned trustmarks for digital technology and it made sense to consider taking an idea common in other sectors into this new one. 

After some research, we were able to describe the specific challenges of making a trustmark work for digital technologies.  We recognised that compulsory marks for a sector are a very long, slow journey to develop – and technology is still working out product categories too, so it’s hard to figure out exactly what products and services would be included. 

Some trustmarks use a checklist system. If we were envisaging a mark for a specific product type, such as a wrist-worn fitness tracker, it might be possible to come up with a checklist of what responsible fitness trackers would look like. But we’d need an awful lot of checklists to cover all the digital products and services we’d like to have good design, development and operational practices!  

Moving towards a values-based approach

So instead we focussed on a values-based approach, and the business and product choices at a higher level. Values are often how people describe their concerns about technologies, and are a better frame than details of accessibility of colour schemes, or data encryption technologies. 

As we wrote at the time: 

Traditionally trustmarks — like the well-known BSI kitemark, or the organic certification — are based on standards which are rigorous, detailed and technical. These kind of standards can be good at defining and enforcing criteria for specific types of product, with specific aspects of concern such as safety, interoperability, or security. These things are important, but they don’t necessarily embody the values which trustworthy or responsible technology would deliver.  Read more here. 

We conceived the ‘trustworthy tech’ mark – a trustmark, built on values, to help customers identify the products and services which reflected their priorities and concerns. Through research and discussion with other organisations such as the Coop, and through building prototypes, such as Check Your Tech, we evolved it into something which was more digital friendly and would address the challenges with a mark system for online services. 

A more modern trustmark?

The idea was for this to be a more modern trustmark concept, where the mark on a product or service would be backed by an online resource of live information which justified the mark’s use.  

So as technology changes – such as with software updates – these developments can be accommodated and the evidence for trustworthy behaviour always up to date. It would also make it possible to have lightweight accountability and enforcement without the cost and scale of a full standards body or certification authority. This would be key as in order to create something like that Doteveryone would need to work with major partners, over a number of years. We also wanted something simpler that we could test out and validate. If a simple online evidence repository could help demonstrate the value of a trustworthy tech mark system, then it could migrate over time to a formal system later. 

Avoiding consumers doing all the hard work

Doteveryone takes a systems approach to change. In order for responsible technology to become the new normal, it needs to become standard practice for business, baked into policymaking and expected by society. 

Equipping people and communities with the power to demand responsible technology  is a key part of how Doteveryone wants to make change. But it also should not be their sole responsibility. Another advantage of an open evidence repository is that it means consumers don’t need to do all the research into a product themselves. 

The repository would be online, publicly available, and all information in it would be shared as open data (so that it could be reused and shared, for instance, by consumer advocacy groups). The information could also be used by organisations to create new services, such as a ranking of companies based on their employment conditions, or an app which enabled easier access to key parts of the information. Read more here. 

Testing the trustworthy tech mark

Having come up with this trustworthy tech mark concept, adapting the conventional model of a trustmark for the special case of complex, fast-moving digital technologies, we tested it with a range of organisations in our Trustworthy Tech Partner Programme.  

This was a very lightweight prototyping process that took place over two months and, focussed on a few key questions:

  1. How ethical and trustworthy was the technology development? (and how could we help the organisations improve?)
  2. What evidence could help demonstrate their trustworthiness, reliability, honesty and competence? How useful is this evidence to someone outside the organisation who is trying to evaluate them?
  3. How much effort does it take to produce the evidence?

We were particularly interested in the tough trade-offs organisations often have to make, and how they could explain these to show their practices and intent to those who care. For example, how do you balance the need to meet regulations stipulating users are shown legal conditions, with a usable and accessible experience for mobile users on a small screen? 

We wanted to understand more about the challenges preventing organisations acting as responsibly as they would like to be, and work out if there might be ways we could help unblock things.

So in our pilot, we looked to find out the answers to the following:

  • Do the 10 aspects of responsible technology we’ve outlined align with organisations’ own thinking about ethics and trustworthiness? What about their experiences of what their customers expect?
  • Is producing documentation of this sort useful for companies in demonstrating their trustworthiness to current or potential consumers?
  • Does this process help them learn about their ethical performance, or spot ways to act more responsibly?
  • Does it take a reasonable and proportionate effort to document things like this? What support do they need?
  • How does this idea for a trustmark process compare to other marks, standards, certifications and pledges which are used in the technology sector, in ethical business or in related areas? Is there overlap with other standards?

Why a trustworthy mark doesn’t work in practice

Through guiding this small group of organisations through a lightweight version of how a trustmark process might work (the programme workbook is available here) we found that the most significant change for the organisations was simply helping them identify ways they could work better. 

This was a surprising result. These organisations were all ones who were striving to be ethical and trustworthy; many had social missions and had prioritised responsible practice throughout their operations. But still, providing a framework and some tools to support their teams in thinking about responsibility was hugely useful.

First session of Trustworthy Tech partners programme at Yoti’s offices

But we also found that the hardest part to manage for small organisations is the actual evidence. This was partly because it is about demonstrating things externally that may touch on commercial sensitivities, and partly because it’s an extra task – something more to do in the already very busy life of a startup or small tech business especially. 

Further, we had doubts as to whether consumers would actually benefit from a mark. Choices are already difficult when you are picking apps and devices, and product offerings are complex, and time (and money) often scarce. Rather than identifying a few ‘gold standard’ products with a trustmark, it seems more important to enable more businesses to improve their practices in a lightweight and feasible way.  (The most ethical digital products today are often fairly easy to find anyway, if you want one! They are still quite scarce, but their unusual business models and brand positioning are generally visible, and there are curated lists of ethical apps available too.)

So whilst a trustmark backed by an open repository of evidence would still be of use, and may be a good future direction as the sector evolves and consumer and policy interest in responsible tech develops, it didn’t feel like the right intervention in 2018. 

Trustmarks for digital need innovative thinking and prototyping – both things Doteveryone can help with – but they also need an enforcement system which works at scale. This means a big, weighty organisation, and is much harder, and slower, to do. 

So we focussed instead on how we could build on what we learned in the pilot, and give organisations tools to help them be more responsible – streamlining our responsible technology framework from ten areas to three. We’ve developed tools as part of the TechTransformed programme to help organisations be more responsible day-to-day. The results are proving useful and are out there working in practice much more quickly than a trustmark would have been.

Find out more at TechTransformed.com.

TechTransformed banner


Say Hello.

[email protected]
020 725 79397

West Wing, Somerset House
London, WC2R 1LA

 

Registered Charity: 1146972. Doteveryone is registered in England and Wales. Company no: 06960661