I have not written a blog post on OOXML for well over a year now. My last post on this topic was on August 17th, 2008 and covered the contentious appeals process which followed the DIS 29500 Fast Track ballot. So I hope that one more post, 14 months later, will not seem excessive to my critics. There is too much good stuff going on with ODF these days, with ODF 1.2 coming soon, inter-vendor work at plugfests, the ODF Toolkit, and continual national adoption, for me to waste much time on OOXML. “Let the dead bury their own dead” is my attitude here. That said, I have received several requests for an update on OOXML, so I will oblige with some quick observations in what (I hope) is my final update on this sad chapter in standardization.
I’ll structure this update over a handful of posts, each one looking at a single topic. In this post I’ll cover the tight control Microsoft maintains over the OOXML standard, despite their earlier assertions to the contrary.
From the beginning of the Fast Track procedure Microsoft encouraged NBs to approve OOXML with the promise that their approval of the specification would guarantee that it would be handed over to the “global community” for maintenance. Vote against the standard — because it was obviously flawed — and you would lose this unique opportunity to transfer control from proprietary interests at Microsoft to the benevolent and international meritocracy of ISO. This was one of the main “selling points” for OOXML and what Microsoft repeatedly sold.
For example, here was Jerry Fishenden, Microsoft’s National Technology Office in the UK:
There’s an easy question to consider here: would you prefer the Microsoft file formats to continue to be proprietary and under Microsoft’s exclusive control? Or would you prefer them to be under the control and maintenance of an independent, open standards organisation? I think for most users, customers and partners that’s a pretty easy question to answer: they’d prefer control and maintenance to be independent of Microsoft. And the good news is that the Open XML file formats are already precisely that: currently under the control of Ecma International (as Ecma-376) and, if the current voting process is positive, eventually under the control of ISO/IEC
Or Microsoft’s Jason Matusow:
I still hear patently untrue claims that MS controls Open XML – this wasn’t true following the adoption of Ecma 376, and is now permanently a moot argument.
Microsoft Australia said:
This is encouraging and should be a reminder to all that the Open XML standard will be controlled by the international community not by any commercial business or other organisation – including Microsoft.
Chris Capossela , Microsoft Senior VP said it thus:
If Open XML is approved as an ISO/IEC standard, the story would not end there – like any other standard, maintenance affords the opportunity for continually updating and improving the standard. In this case, the global community would be in control of the evolution of this standard going forward – a fitting result given that this format will be widely used around the world for years to come.
Now, the global community has the opportunity to take control of the future of the specification by ratifying Ecma 376 as an ISO/IEC standard. We know that it will be in good hands when this happens based on the tremendous work and improvements that have been made to the specification during the ISO/IEC process over the past 14 months. We are committed to the healthy maintenance of the standard once ratification takes place so that it will continue to be useful and relevant to the rapidly growing number of implementers and users around the world.
(If you watched the video linked to from the letter, you will hear Chris say that Microsoft “has transferred stewardship of the file formats to the global community”.)
Well, that was what was promised. But how did it turn out in reality?
Let’s take a look at who actually attends meetings of SC34/WG4, the technical committee that should have made the question of OOXML control “moot” and puts it “under the control of ISO/IEC”.
If you look at the attendance records, summarized in the following table, you will find that the committee regulars consist primarily of Microsoft employees. In many of the meetings, Microsoft employees outnumber all other attendees combined. And then there is the “Microsoft Co-Prosperity Sphere”, the Microsoft consultants, Microsoft business partners and Microsoft-funded research institution, which further contribute to Microsoft’s effective domination of the meetings.
|Jirka Kosek||Consultant||Czech Rep||1||1||1||1||1||1||1|
|Rex Jaeshcke||Microsoft Consultant||Ecma||1||1||1||1||1||1||1|
|Gareth Horton||Data Watch||UK||1||1||1||1||1||1||1|
|Jesper Lund Stocholm||Ciber||Denmark||1||1||1||1||1||1|
|Alex Brown||Griffin Brown Digital Publishing||UK||1||1||1||1||1||1|
|Jaeho Lee||University of Seoul||Korea||1||1||1||1|
|Caroline Arms||Library of Congress||Ecma||1||1||1|
|Francis Cave||Francis Cave Digital Publishing||UK||1||1||1|
|Nasser Kettani||Microsoft||Côte d’Ivoire||1||1|
|Pia Lange||Dansk Standard||Denmark||1||1|
|Juha Vartiainen||Finnish Standards||Finland||1|
|Sam Oh||Sungkyunkwan University||Korea||1|
|Klaus Peter Eckert||Fraunhofer Fokus||Germany||1|
|Jung-Jin Yang||Catholic University of Korea||Korea||1|
So is this really handing over control? Is it really independent? And is it really global?
Let’s look at it in graphical form. In this chart I tally up the participation from each entity (company, organization or unaffiliated individual) attending WG4 meetings. This takes account of all 8 published meeting minutes for WG4. It shows the total participation over those meetings. So if a company sent 8 people to one meeting, this is scored the same as if they sent 1 person to each of 8 meetings. It is the overall participation for an entity that is measured relative to the total participation of all entities at the meetings. Note also that the “Microsoft” tally is of Microsoft employees only. The rest of the Microsoft Co-Prosperity, for purposes of this chart I am all counting as “independent” entities. So this picture is the most complimentary view possible of the degree of concentration in WG4. Obviously, Microsoft’s control is much higher if we take account of these other inter-entity obligations.
I suppose this is “global” in a sense, in the same way one could stage an “International Food Festival” and then have McDonalds show up and contribute a Big Mac from the U.S., a Big Mac from Germany, a Big Mac from the Ivory Coast, a Big Mac from Finland and another Big Mac from Brazil and so on. Certainly, you could claim this was “international”, but you would be laughed right out of the festival if you did.
By way of comparison, here it the same analysis, plotted on the same scale, for the most recent 8 meetings of the OASIS ODF TC. As you can see it is much flatter. No company has more than 20% or so of the participation, and no two companies combined have control of the TC.
Now don’t get me wrong. There are certainly some independent people in WG4 and I would not want anyone to denigrate their efforts. They are not all Microsoft employees, consultants, business partners and research institutions that Microsoft is funding. But they are mostly so. Attend any OOXML meeting and look to your right, look to your left, and most likely one is a Microsoft employee and another is economically tightly tied to Microsoft.
Of course, I would not expect that Microsoft would be absent from this work either. After all, they authored the specification and have most of the relevant technical experts. But a glance over the attendance records shows that they are not gracing the committee with their file format gurus. Instead they are stuffing it with “program managers” and “technology directors” and other assorted non-experts. The problem appears to be that their file format experts are all cursed with American residency and so have little value in stuffing a committee that has one-country/one-vote rules. Thus the spectacle of a room filled with Microsoft employees wrapped in different colored flags.
So I don’t think one can truthfully say (in Jason’s words) that it is “patently untrue” that Microsoft controls OOXML. Or that OOXML “control and maintenance” is “independent of Microsoft” as Jerry promised it would be, or that the “global community would be in control” as Chris said. I don’t think those are accurate statements, given the evidence. I think the results fall far short of what was promised back when Microsoft were trying to secure a positive vote in ISO.
And this is not just me complaining. At the recent SC34 Plenary meeting in Seattle, delegates from several NBs approached me, voicing concerns at the domination Microsoft was asserting over the committee. (Perhaps this explains the substantial number of people who attended only one WG4 meeting and then never returned?) There is no easy solution here. Remember, we are dealing with a company that has demonstrated that it is willing to spend millions of dollars to protect its Office monopoly franchise from any pro-competition standards initiative.
The Former ISO Secretary-General, when interviewed about the OOXML farce, was asked about claims of Microsoft domination and admitted that he was powerless to stop this:
Companies have no direct vote on the International Standards, which are adopted according to voting by national member bodies, on the basis of one vote per country… As a stakeholder in the process, Microsoft and other interests certainly participated in the process to establish national positions. ISO and IEC national members are fully responsible for the way national votes are formed and relevant national interests consulted.
Evidently there is no one capable of fixing this. ISO says that domination by a single corporation is not their responsibility, because only NBs vote and each NB determines its own participation rules. But individual NBs also don’t see a problem, because any single one of them only has one Microsoft employee at the meeting. So the NB itself is not necessary stuffed (although that does happens occasionally as well). So by placing Microsoft employees in many NB delegations and putting the overflow into the Ecma delegation, Microsoft can still dominate the ISO committee and not trigger a rule violation in ISO or in any NB.
This is essentially how Microsoft hacked ISO. Now that the flaw has been demonstrated, any large international corporation with sufficient funds and interest can exploit it as well. So long as the rules remain as they are, ISO is vulnerable. ISO defends this criticism by pointing out what good work they’ve done in the past, and how they rarely have problems of this kind before. But this shows little appreciation for the nature of the problem which have been demonstrated. It is like arguing that a newly discovered (though long latent) security flaw in an operating system is insignificant because you’ve never had an attack before now. Of course, this misses the point entirely. Once the vulnerability is known and publicly exploited, you’re living on borrowed time until you can secure the system. Today ISO is living on borrowed time and is very close to becoming a Microsoft-infested zombie committee.
That is all for Part I of this update. In the next Part I’ll look at the maintenance of OOXML, and the most peculiar way in which the Microsoft-dominated committee is putting aside BRM decisions and making other breaking changes to the specification, in an bizarre attempt to make ISO OOXML conform to to the Microsoft Office standard.