{"id":1191,"date":"2010-09-09T20:07:13","date_gmt":"2010-09-10T00:07:13","guid":{"rendered":"http:\/\/2d823b65bb.nxcli.io\/?p=1191"},"modified":"2012-07-01T18:56:58","modified_gmt":"2012-07-01T22:56:58","slug":"recipe-for-open-standards","status":"publish","type":"post","link":"https:\/\/www.robweir.com\/blog\/2010\/09\/recipe-for-open-standards.html","title":{"rendered":"The Recipe for Open Standards (and Why ISO Can\u2019t Cook)"},"content":{"rendered":"

\"\"<\/a><\/h3>\n

Recipe<\/h3>\n

First some definitions.\u00a0 Let’s define an “open standard” as one that is:\u00a0 1) freely available, 2) developed in an open process and 3) freely implementable, e.g., is royalty free.\u00a0 Clearly there are interests out there that attempt to soften these criteria, but that only demonstrates the competitive power presented by truly open standards.\u00a0 We see similar “dumbing down” pressures on other popular marks of distinction, such as the constant pressure by “big agriculture” to allow more permissive use of pesticides in organic\/biologique food.\u00a0 It is almost a law of nature that any item of relative scarcity and value will be counterfeited.\u00a0 Dumbing down definitions is just one way to counterfeit an open standard.<\/p>\n

At the same time there is clearly a spectrum of openness, from proprietary, trade-secret technology at one extreme, progressing through proprietary non-RAND specifications, proprietary RAND specifications, RAND standards to RF standards.\u00a0 But for sake of argument, let’s draw the line for open standards at these three criteria: \u00a0 freely available, open process, and freely implementable.<\/p>\n

So how do you make an open standard?\u00a0 In the industry we have a number of years experience creating open standards.\u00a0 We know what works and what doesn’t.\u00a0 We’ve learned from experience and especially from failure, the harshest of teachers, e.g., Rambus<\/a> and OOXML<\/a>.\u00a0 At a high level, this experience has led to the following recipe for open standards, a recipe practiced by several notable standards consortia today:<\/p>\n

    \n
  1. Publish your standards on the web for free download and use<\/strong>.\u00a0\u00a0 This seemingly simple step has enormous repercussions for a standards organization, since it eliminates an entire business model, that of selling standards.\u00a0 So an organization that produces open standards must have an alternative source of income to fund its operations, for example,\u00a0 membership fees,\u00a0 corporate or government sponsorship, etc.<\/li>\n
  2. Define and enforce an open process for the development of standards<\/strong>.\u00a0 Much has been written and said about the further qualities that define an open process, but generally they focus on openness, balance, lack of domination, broad-based public review, consensus, due process, right to appeal, etc.\u00a0 ANSI’s Essential Requirements<\/em><\/a> [PDF] is an excellent outline of the minimum process requirements for ANSI, the organization that accredits US standardizers.<\/li>\n
  3. Have a clearly-defined, enforceable IPR policy<\/strong> that ensures that implementors of the standard have royalty free (RF) access to all rights needed to implement the standard.\u00a0 This area evolved quite a bit, especially post-Rambus, and the best practices now include: defining obligations of members with regard to patents they may control that read on the standard, defining obligations of 3rd parties who submit comments or proposals related to a standard, ensuring copyright assignment from contributors, defined 3rd party patent disclosure obligations, etc.\u00a0 The complexities of rights given during the drafting of the standard, durable obligations of members who leave, and how rights transfer to future maintenance releases of a published standard — all these are concerns of standards organizations that strive to produce open standards.\u00a0 For reference, note the IPR policies of\u00a0 OASIS<\/a> and the\u00a0 W3C<\/a>.\u00a0 (Now there may be some of you thinking, “IPR wouldn’t matter if we would just eliminate software patents”.\u00a0 But it is not so easy.\u00a0 First, we need to consider copyright as well.\u00a0 And second, remember that not all standards involve only software.\u00a0 Many relevant technologies today are defined by standards that encompass software,\u00a0 hardware and physical media components , e.g., Blu-ray.)<\/li>\n<\/ol>\n

    As you can see, there is a set of corresponding rights and obligations that the standards organization must deal with.\u00a0 The right of\u00a0 the user to freely download the standard derives from the obligation of contributors to assign copyright to the standards organization, so it in turn can make the specification freely available.\u00a0 And the right of implementors to implement the standard without payment of royalties comes from the obligation of contributors to waive royalties from patents that they control that are necessary to implement the standard.\u00a0 And the right of implementors to be safe from 3rd party patent claims — to the extent this is ever possible — comes from the obligation of members to disclose such 3rd party patents.<\/p>\n

    It might be useful to compare this to a well-run open source project, one that requires that contributors sign and fax in a membership or contributor agreement, assigning copyright and making assertions regarding necessary patents.\u00a0 In a similar way, participation in an open standards organization requires a binding membership agreement, to ensure that there is a record of the obligations that have been undertaken.<\/p>\n

    ISO in the kitchen<\/h3>\n

    Now what about ISO?\u00a0 I claim, quite cheekily, that they cannot cook.\u00a0 So let me right away make the case why ISO, by their own rules and procedures, cannot reliably develop open standards.<\/p>\n

    First, let’s look at the “free availability” question.\u00a0 ISO’s business model is predicated on the sale of standards.\u00a0 If we look at a typical example, say a copy of the C++ programming language<\/a> standard, we see it sells for 380 CHF ($374.38).\u00a0 Note that everyone directly involved in the development of ISO standards is a volunteer or funded by outside sponsors.\u00a0 The editors,\u00a0 technical experts, etc., get none of this money.\u00a0 Of course, we must also consider the considerable expense of maintaining offices and executive staff in Geneva.\u00a0 Individual National Bodies are also permitted to sell ISO standards and this money is used to fund their own national standards activities, e.g., pay for offices and executive staff in their capital.\u00a0 But none of this money seems to flow down to the people who makes the standards.\u00a0 In fact, in the US I need to pay $1200\/year for the privilege of volunteering my time to create standards that are then sold at costs that I could not afford.\u00a0\u00a0\u00a0 And what rights do you get for your $374?\u00a0 Very little.\u00a0 You can print one copy.\u00a0 ISO reserves almost all rights, as they explain in their copyright brochure<\/a> [PDF].<\/p>\n

    Note that ISO does make a small number of its standards available for download at no cost, generally ones that originated from outside of the ISO system.\u00a0 (It is hard to restrict access if the standard was born free elsewhere). But these “Publicly Available Standards” represent only around 1% of the 18000+ ISO standards.<\/p>\n

    So is this compatible with an open standard?\u00a0 I don’t think so.\u00a0 And if $374 is exorbitant for me, imagine what impact these ISO standards prices have on small technology firms, especially in the developing world?<\/p>\n

    What about criterion #2, the open process?\u00a0 Let’s go down the ANSI essential requirements list in more detail:<\/p>\n

    On Openness, ANSI says:<\/p>\n

    Participation shall be open to all persons who are directly and materially affected by the activity in question. There shall be no undue financial barriers to participation. Voting membership on the consensus body shall not be conditional upon membership in any organization, nor unreasonably restricted on the basis of technical qualifications or other such requirements.<\/p><\/blockquote>\n

    A big fail there for ISO.\u00a0 In particular, materially affected persons are not able to vote at all, but only indirectly via required membership in a National Body.\u00a0 The entire ISO system is non-open.<\/p>\n

    On Lack of Dominance,\u00a0 ANSI says:<\/p>\n

    The standards development process shall not be dominated by any single interest category, individual or organization. Dominance means a position or exercise of dominant authority, leadership, or influence by reason of superior leverage, strength, or representation to the exclusion of fair and equitable consideration of other viewpoints.<\/p><\/blockquote>\n

    We saw during the OOXML ballot, and especially at the BRM, how this totally fell apart.\u00a0 It was raised several times that Microsoft was dominating the committees, sometimes representing more than 50% of the people in the room.\u00a0 But ISO leadership dodged the issue, saying there was nothing they could do about it,\u00a0 based on their rules.\u00a0 This may be true.\u00a0 But that is just acknowledgment that their rules are not able to prevent dominance.<\/p>\n

    And on Balance, ANSI says:<\/p>\n

    The standards development process should have a balance of interests. Participants from diverse interest categories shall be sought with the objective of achieving balance.<\/p><\/blockquote>\n

    Like committees containing almost exclusively Microsoft Business Partners?\u00a0 Fail.\u00a0\u00a0 In fact you can go up and down the list and ISO fails to meet these minimum requirements.<\/p>\n

    OK.\u00a0 Maybe it is unfair of me to subject ISO to the criteria that we use in the US to accredit little industry standards consortia.\u00a0 Maybe it is unfair of me to suggest that the International Organization for Standardization should meet the openness requirements that are regularly met by stalwart giants like the International Institute of Ammonia Refrigeration<\/a> or the Hardwood, Plywood & Veneer Association?<\/a> (Full ANSI list is here<\/a> [PDF]) Maybe you tell me that it is unreasonable and asks too much. \u00a0 I would accept that response. \u00a0 But I believe that, as it is today, if ISO tried to get accreditation as a standardizer in the US, it would fail, for inability to meet basic minimum openness and due process requirements.\u00a0 And that saddens me.\u00a0 It should sadden you as well.<\/p>\n

    The 3rd and final ingredient, as we know, is the IPR policy.\u00a0 I ask you to glance over the ISO\/IEC\/ITU\u00a0 “Common Patent Policy<\/a>” and compare it to the IPR policies mentioned above from the W3C and OASIS.\u00a0 I think you will first be struck by how short and fuzzy the ISO statement is, and by the complete lack of any stated obligations for ISO members with regards to patents.<\/p>\n

    For example, the main disclosure requirement is stated as:<\/p>\n

    Any party participating in the work of ITU, ISO or IEC should, from the outset, draw the attention of the Director of ITU-TSB, the Director of ITU-BR, or the offices of the CEOs of ISO or IEC, respectively, to any known patent or to any known pending patent application, either their own or of other organizations, although ITU, ISO or IEC are unable to verify the validity of any such information.<\/p><\/blockquote>\n

    Now, I am not a lawyer, but even I can see that “any known patent or known pending patent application” is vague to the point of making it meaningless.\u00a0 There is zero qualifications or restrictions given.\u00a0 I know that there are 8 million or so granted US patents, maybe 10 million if you include pending applications, and that is just in the US.\u00a0 Should I report them all?\u00a0 That’s what it appears to be recommending (but only recommending, since it is stated as a “should” not a “shall”) when it says “any known pending patent application”.<\/p>\n

    There appears to be no serious consideration given to what the disclosure obligation is.\u00a0 Am I supposed to disclose patents that I actually know read on any part of the standard?\u00a0 On required portions of the standard?\u00a0 Optional portions?\u00a0 Mandatory requirements on optional features?\u00a0 Patents that I think, but am not sure that may read on a standard?\u00a0 Ones where there is a remote, but non-zero possibility that it reads on a standard?\u00a0 Ones where someone else has alleged it reads on a product that implements a standard?\u00a0 Ones where a jury has determined that a product implementing the standard infringes on a patent?\u00a0 Ones where the Federal Court of Appeals has upheld that a patent reads on a product that uses the standard?\u00a0 Ones where the U.S. Supreme Court has affirmed the Federal Court of Appeals decision?<\/p>\n

    You can see how ridiculous the ISO requirement is.\u00a0 IMHO, you could replace the ISO patent policy with a wall\u00a0 poster with a big yellow smiley face\u00a0 and the caption “Be careful!” with no essential loss of effect.\u00a0 ISO seems to be living in a world where Rambus never happened.\u00a0\u00a0 Without solid obligations for ISO participants there are no corresponding strong rights for implementors.<\/p>\n

    (That’s my opinion.\u00a0 Again, I am not a lawyer, so don’t take any of this as legal advice.\u00a0 This is all my personal opinion and observation.\u00a0 But, geez, look again at that patent policy.\u00a0 Are they joking?\u00a0 You should then look again at the OASIS disclosure requirements<\/a> for a real world example of how a disclosure obligation must be phrased for it to have any teeth whatsoever.\u00a0 What ISO has is more like a voluntary registration of reported patents.\u00a0 That is not much of an assurance post-Rambus.)<\/p>\n

    The fundamental issue is that the membership of ISO consists of National Bodies, not individuals and not corporations.\u00a0 So the formal members of ISO are not the patent owners.\u00a0 This “committee of committees” approach puts a level of administrative indirection between those who have the knowledge and control of the IP and those who formally make the decisions.\u00a0 It is an approach seemingly crafted to obfuscate accountability and disclaim\u00a0 responsibility.<\/p>\n

    The other problem is that they have attempted to craft a single patent policy that applies to all standards from ISO, IEC and ITU, for everything from document formats to paper sizes, from quality processes to bolts, screws and studs, from shipping containers to medical devices.\u00a0 The licensing and royalty practices of these diverse industries are equally diverse and any attempt to reduce them into a single rule will naturally lead to a lowest-common denominator statement of generalities.\u00a0 And if you have 18000 standards, the lowest common denominator is rather useless, as we saw above.<\/p>\n

    Another issue is that ISO is fundamentally accepting and accommodating of RAND licensing.\u00a0 There is no effective way for a committee to state the intent of developing an open standard, and then to maintain the pedigree and hygiene of the specification and process to assure a royalty free outcome.\u00a0 There is no guarantee that contributions from other NBs will be RF.\u00a0 There are no procedural protections against an NB who would seek to introduce patent encumbered material into the standard.\u00a0 In fact, there is nothing to prevent a National Body or group of National Bodies from withholding their approval of a draft unless and until a specific desired RAND feature is added to the standard, perhaps to benefit a domestic rights owner.\u00a0 This is all incompatible with the development of open standards.<\/p>\n

    What can be done?<\/h3>\n

    So what are we to do?\u00a0 ISO is obviously not going away, at least not quickly. But certainly for vast swaths of important,\u00a0 widely-adopted standards work, ISO is simply irrelevant.\u00a0 The web was built on open standards that were developed entirely outside of the ISO system, and in fact could only have been developed outside of that system.\u00a0 Openness was key to their success.\u00a0 So one approach for us is simply to ignore ISO wherever possible.\u00a0 Certainly, do not promote procurement and policy initiates that exclusively favor ISO standards, since by doing so you eliminate from consideration the majority of relevant open standards that are available.\u00a0 In other words, why grant ISO a monopoly on standards, especially when they seem constitutionally unsuited to the 21st century task of\u00a0 creating timely, market-relevant open standards?<\/p>\n

    Another approach is for industry to make more aggressive use of the Publicly Available Specification (PAS) process, allowed in ISO\/IEC JTC1, by which existing market-relevant industry standards can be turned into International Standards, largely unmodified, via an accelerated transposition procedure.\u00a0 This allows the technical work to originate in an industry standards organization that understands the unique requirements of open standards and that can ensure relevant protections are in place to ensure the pedigree and hygiene of the IP in the standard.\u00a0 Once the technical work is completed and review and consensus approval is achieved, the standard can then be transposed into an International Standard.\u00a0\u00a0\u00a0 Some have criticized this as using ISO as a “rubber stamp”, that this process does not permit NBs to fully participate in the work of creating the standard.\u00a0 But we must note that the PAS process is not intended as a standards development process.\u00a0 It is not intended as a means for ISO NBs to participate directly in the development of the standard.\u00a0 PAS is simply a transposition process, taking existing, relevant industry standards, and after a short review, giving them the imprimatur<\/em> of an International Standard.\u00a0\u00a0 So yes, it is a rubber stamp of sorts, but one where ISO has two rubber stamps at hand, one saying “Yes” and one saying “No”.\u00a0 Either can be used.<\/p>\n

    But in the end the problem isn’t the rubber stamp.\u00a0 The problem is that ISO has no ability to develop open standards of their own, to enforce the member obligations that ensure the rights of users to freely implement the standard, and that ISO lacks open and transparent procedures, and that ISO clings to standards publication revenue model that puts their standards out of reach for many.<\/p>\n","protected":false},"excerpt":{"rendered":"

    Recipe First some definitions.\u00a0 Let’s define an “open standard” as one that is:\u00a0 1) freely available, 2) developed in an open process and 3) freely implementable, e.g., is royalty free.\u00a0 Clearly there are interests out there that attempt to soften these criteria, but that only demonstrates the competitive power presented by truly open standards.\u00a0 We […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[147,15],"tags":[],"class_list":{"0":"post-1191","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-intellectual-property","7":"category-standards","8":"entry"},"_links":{"self":[{"href":"https:\/\/www.robweir.com\/blog\/wp-json\/wp\/v2\/posts\/1191","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.robweir.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.robweir.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.robweir.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.robweir.com\/blog\/wp-json\/wp\/v2\/comments?post=1191"}],"version-history":[{"count":22,"href":"https:\/\/www.robweir.com\/blog\/wp-json\/wp\/v2\/posts\/1191\/revisions"}],"predecessor-version":[{"id":1983,"href":"https:\/\/www.robweir.com\/blog\/wp-json\/wp\/v2\/posts\/1191\/revisions\/1983"}],"wp:attachment":[{"href":"https:\/\/www.robweir.com\/blog\/wp-json\/wp\/v2\/media?parent=1191"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.robweir.com\/blog\/wp-json\/wp\/v2\/categories?post=1191"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.robweir.com\/blog\/wp-json\/wp\/v2\/tags?post=1191"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}