Standards Best Practices Blog

Earlier this week I was privileged to attend the ANSI Open Forum for Standards Developers in Washington DC. This was the fourth in a series, all of which I have been able to attend, starting with a meeting to get consortia input into the U.S. Standards Strategy, and the last three years an Open Forum to discuss issues common to accredited and unaccredited standards developing organizations.

This year’s program (agenda and slides available on the ANSI web site here) focused on the so-called “co-opetition” situation where organizations compete with each other for members and activities, and also cooperate with each on by participating in and referencing each others’ work.

The first panel, moderated by Lynn Gilbertson of NCPDP, was specifically on co-opetition, and the moderator, plus presenters from HL7 and IFX, discussed how their respective organizations work together with other standards organizations in developing standards to complete a “big picture” of standards in their given fields.

The second panel, moderated by George Gulla, the new VP of Publications at ANSI, discussed technologies used in standards development. Chris Gift of Kavi talked about how collaborative technologies can be beneficial in standards activities, with an emphasis on how new technologies such as social networks, wikis, and mashups of web information are the wave of the future. Just as organizations moved from paper to email, they are now moving to Web 2.0 and other tools used by a younger generation.

Mary Saunders of NIST then presented on the topic of public policy in the standards arena. It is becoming increasingly common for standards work to begin to overlap with setting policy, causing concern for participants on both sides of the fence. A prime example is the ISO Social Responsibility Standard, which, while admirable in its goals and provisions, overlaps and in some cases contradicts provisions of trade and other negotiated policies and treaties. Other work at ISO such as in the biotechnology and sustainable agriculture fields could also be problematic. Concerns center around both process used to develop and the content of these standards. The consensus is emerging that ISO (and other standards oprganizations) should focus on technology and not on policy.

A panel on industry sector trends, moderated by Jim Hughes of Microsoft, had presentations by representatives of various standards developing organizations. The panelists discussed the wide range of standards being developed, from descriptions of buildings and facilities to those for specifying how web pages are made accessible to the handicapped. Also discussed was the need to coordinate and translate between various standards solving identical or similar problems or between commercial and military interests, and the issue of reducing duplication and redundancy in standards efforts. As I’ve written before on this topic, interested parties, especially SMEs and individuals, don’t have the resources to participate in all applicable activities, and having multiple answers for the same question causes confusion in the marketplace.

A panel titled “Better, Faster, Cheaper” moderated by David Soffrin of API, discussed ways to make standards activities more efficient. Developing standards takes a lot of time and the involvement of a lot of expensive people, so the getting the job done more efficiently is benefical to all those involved. Representatives from ASTM and ASME discussed the inforstructure provided to participants in those committees, and Nan Wolfslayer from PMI discussed the project management principles that can be applied to standards development activities — for starters, think of a standard as a product, and plan standards development the same way you would the development of a product.

The final presentation was by Geoffrey Oliver, a partner at Jones Day, discussing the current status of the various FTC and DoJ lawsuits pertaining to standards work.  Despite various rulings, several cases have not yet reached their conclusions, such as most(in)famously the Rambus case. What we can learn, however, is that a party can’t intentionally misrepresent; if there is a disclosure obligation a party cannot intentionally conceal; if disclosure is required the standards organization can ask for terms; and a patent holder cannot promise terms then later renege on those terms. A good rule of thumb is, to paraphrase Section 5 of the FTC Act, “don’t be oppressive; don’t be coercive.”

In short, this was an excellent meeting, and ANSI and the respective panel moderators are to be congratulated on putting together such a great program. This is intended as an annual event, so watch for meeting announcements for next June, or contact ANSI to be put on their mailing list.

I’ve been away from the blog for a while, for the holidays and while working on some other projects, one of which is the revision of a paper for publication. While working on the paper I’ve been ruminating on the actual value of accreditation or recognition of the standards organization as it relates to the standard itself. By this I mean whether the organization developing and/or approving the standard is recognized or accredited in some way, usually by one of the international organizations ISO, IEC, or ITU, or by one of the national bodies. These organizations gain their authority either directly from government or through government recognition of their work. They in turn will recognize or accredit other industry organizations or their work, and will further approve work coming out of these accredited organizations. This accreditation is generally based upon a recognition of the quality of the work coming out of the organization or of the process used to create the work, and generally results in increased adoption/implementation of the work as the accreditation is a measure of quality among potential implementors.

But is this always the case? And can an unaccredited organization produce work of similar or even better quality? Probably not, and most certainly yes.

In general, work coming from an accredited organization can be counted on to be of high quality. This I define as, among other things, being a good technical solution for a particular problem or one that meets a specific need, that is implementable, is interoperable between various implementations, free of bugs, and has been developed under an open, consensus-based process where all interested parties have had the opportunity to participate.

But can only accredited organizations develop standards that meet this measure of quality? Absolutely not. As I’ve observed before, there are several unaccredited standards organizations, sometimes referred to as consortia or SSOs, that would qualify for accreditation if only they saw the benefit of applying for this status. And on the other hand, there is work coming out of accredited organizations that is never adopted — a good sign of poor quality.

The example of the day is, of course, the OOXML specification which was developed internally by Microsoft’s engineers then submitted to Ecma, where it was quickly approved without review or further work, then submitted by Ecma, using their qualifications as a fast-track submitter, to ISO/IEC JTC1 SC34 for approval as an ISO/IEC international standard. About 3000 comments where submitted during the short comment period, and after the first SC34 approval ballot failed a Ballot Resolution Meeting was scheduled for next month to see if the national body delegates can resolve the comments and find a way to approve the specification. During the voting there were allegations of vote stacking and disenfranchisement within various national bodies, and during the review process there was no opportunity for the public to review and comment on the specification, and discussions were open only to members of the subcommittee with no public examination of the deliberations. This is a worst case of how things can happen under an accredited, recognized standards development and approval process.

The equivalent standard coming from an unaccredited body is ODF, which was initially developed by Sun Microsystems then submitted to OASIS where it was further developed by a technical committee for about three years before approved as an OASIS Standard. During this time multiple public comment periods were held, and all deliberations of the technical committee were open to public viewing. ODF was then submitted by OASIS to SC34, the same body currently working on OOXML, for approval as an international standard, and the vote passed without much if any opposition. This is the best case of how things can happen at a consortium.

So what’s my point? I’m not sure, but perhaps it’s something along the lines of accreditation not guaranteeing quality, and that work coming from unaccredited organizations is no worse than that coming from accredited organizations. Note, though, that OASIS did recognize the value of international recognition when it submitted ODF for ISO/IEC approval.

So where does that leave us? What is the value of accreditation by a recognized standards body? And when it comes down to it, what does “standard” really mean? Nobody owns the word, so anyone is free to call anything by that name. A standard is really only a standard if people recognize it as such. Certain groups of people, known as organizations, have developed rules for how they will use the word, and they have applied the word to specifications they deem worthy according to their own defintion. It is up to other people, the potential implementors and users of the standard, to accept the organization’s definition of the word, and decide for themselves whether work developed and approved by that organization is of the quality that they require to solve their problems. If they don’t like the quality of the standard, there’s probably another one to choose from. So it’s up to the standards organizations to make sure that they have the best development and approval processes that they can build, and that they administer those processes in a fair, competent, and professional manner. It’s their reputations that will ultimately be the deciding factor in whether their standards get adopted.

One of the important organizational policy documents required for every standards organization, right up there with the organization’s bylaws or charter, the membership agreement, and the committee process is the patent or intellectual property rights policy.  This document defines how the organization will handle the IP rights associated with the technical work carried out by the organization, including the requirements of participants declaring what IP they own in the topic, what licenses must be granted to implementors by participant owners, and how these policies are enforced.

The importance of having a well-crafted IPR policy is proven by the recent Rambus case where the U.S. Court of Appeals found that the ill-defined IPR policy and process at the JEDEC consortium led to participants not knowing what was required of them, leaving a situation open to gaming.

Does your organization want to be caught in the middle of a situation like the Rambus case?

As important as the need for a good IPR policy is, this isn’t a topic for the faint of heart. There’s quite a lot to be considered when putting together such an IPR policy for an organization, viewpoints and interests to be taken into account, details to be worked out, decisions to be made, and — gulp — legal counsel to be consulted.

Of course an easy solution, as is the case for many things in life, is to just copy what others have done. But while imitation may be a form a flattery it isn’t always wise as the circumstances for various organizations will differ. That’s not to say that others’ experiences shouldn’t be taken into account, but it does mean that while an existing policy could be taken as a starting point the policy must still be customized for your organization’s specific needs.

A recent publication by the American Bar Association provides an excellent resource for a standards organization looking at developing (or updating) their IPR policy. Published earlier this year is the Standards Development Patent Policy Manual, created by the ABA’s Committee on Technical Standardization and edited by Jorge Contreras. The book is available at www.ababooks.org. It’s a bit pricey at $60 for a short paperback, but has some very useful content. A brief introduction discusses the issues, then sections provide sample text (with options and commentary) for an organizational IPR policy.

In the December 2007 issue of Discover Magazine I read an interview with Hans Roling, a Professor of International Health and inventor of the Trendalyzer software program used to analyze trends in statistical data, which Roling uses to come up with solutions for international poverty and health issues. I’d like to quote one question and answer from the interview:

“Statistics from the U.N. and government agencies are readily available for purchase, but you argue strongly for dropping fees completely. Why is this so important?

Public statistics are owned by taxpayers. These data, which cost about $10 billion in tax money to collect, belong to everyone. And governments are selling them. The World Bank gets statistics for free from the world. They put them together and sell them back to the world for $275 per copy. This hampers entrepreneurs, activists, and politicians from getting access to public statistics. The money is not the only cost: It is cumbersome to pay, it takes time to get the data, and you are not allowed to make the data available to others. Businesses realize that statistics should be free. And there is is very strong support from middle-income countries — China, South Africa, Brazil, Mexico. They desperately need statistics because their countries are changing so rapidly and they want to trade. Their entrepreneurs can’t afford to pay for data.”

OK, what does this have to do with standards? Roling isn’t talking about standards at all, but the points he’s making about statistical data is exactly what I’ve said before about standards: they should be free. Re-read the above response but substitute “standards” for “data” and “statistics,” and “standards organizations” for “governments” and “World Bank.”

I’m not necessarily advocating that everything should be free; for example, pirated music downloads deprive musicians of compensation for their work. But standards have already been paid for through the work of volunteer participants who developed the standard; their employers paid for their participation because of the benefits to the company or industry in general once the standard is adopted. Where the standards organization adds value it should be compensated, and there are a variety of ways that the organization can add value such as by providing educational or certification activities. But putting a price on obtaining standards inhibits their adoption, and a standard that is not adopted is wasted cost and effort. Additionally, adoption of standards by small businesses and by middle- and low-income countries has a societal benefit in that standards can help them grow; putting a price on purchasing standards can discourage their use.

My son pointed me to a post on the usually entertaining FakeSteve blog criticizing Google’s new Open Handset Alliance. The author quotes the WSJ article on the endevor, which says “Tech consortia for decades have been notorious for failing to live up to their promise.” It’s the “failure of consortia” that caught my eye.

Before I go off on a rant we should be clear that Mr. Fake and the WSJ are talking about product consotia, not standards consortia.  It may be true that product consortia haven’t been terrible effective, but let’s not get that confused with standards consortia, upon which Apple’s (and any other vendor’s) life depends. Given a moment’s thought that should be clear, but I’m afraid that many people will see the word “consortia” and automatically assume that all types are included in the criticism, including many that are successful.

Successful products do tend to be developed by single companies. Laptop computers, automobiles, refrigerators, etc. are all developed and built by companies. Windows and MacOS were developed by companies. But then again Linux was developed by a cooperative effort (we could call it a loose consortia, I guess); time will tell which is most successful.

We shouldn’t forget, though, that any of those products are possible only because of the agreed-upon standards developed by various standards consortia. No, you don’t need a consortium to develop a single product (FakeSteve’s refrigerator example), but think of the number of standards that are used when building the fridge, from the 110v AC household current used to run the thing all the way up to the physical size of the box that fits into a standard cabinet opening.

And just how many standards do you think went into the iPhone? The mobile phone industry would be impossible without standards, most particularly for the standards such as GSM and GPRS used for transmission (and many more; see the Wikipedia article), all of which were developed by consortia. Any time you have two or more dissimilar products communicating with each other there’s going to be a standard required. And that’s only the cell phone part of the iPhone; think about the music player (MP3s, etc.) and other functions.

So let’s not paint all consortia with the same broad brush; some are successful and others not. I can’t speak much about product consortia, but I can say that standards consortia (and other standards organizations) are very successful.

While working this morning on my Resources page, I was reminded again of a topic that I feel quite strongly about and have spoken of on a number of occasions: the need to communicate about standards activities. By this I mean the need for standards organizations to publish, in a consistent and preferably central manner, the status of activities that they are working on and the results of that work.

Why is this important?  The nature of standards, that they are an agreement on how things should be done, implies that the standard needs be communicated. If everyone is supposed to do things in the same way, how are they supposed to do so if they don’t know what that way is? A secret standard defeats the purpose of standardization. Whether the use of the standard is voluntary or mandated, if a user or implementor doesn’t know about the standard then they won’t use it.

Further, by publishing information about work being done the standards organizations will prevent duplication of effort, increase participation, and decrease market confusion. Given the means to find out what work exists a person or company needing a standard solution to a particular problem can look for existing answers rather than starting a new effort, join and participate in an existing activity, or adopt an existing standard. While there is sometimes value in having different solutions to a particular problem, too many solutions requires a lot of duplication of effort, spreads resources thin, and defeats the advantages of having a standard.

The problem begins with the number of organizations that develop standards. There are hundreds, if not thousands, in the world today. Lists of standards organizations may be found at at ANSI, CEN, SES, WSSN, and ConsortiumInfo.org. And those are mostly just the U.S.-based and international level organizations; I’m sure that there are a lot more. Then consider the number of standards completed by or in progress at these organizations.

Most organizations are fairly good about publishing the results of their work; they have, individually, interests in seeing their standards adopted. But given the huge number of organizations, how does one go about finding a standards that meets his needs? This is compounded by the problem that each organization publishes their work in a different format; every web page is in a different format and requires a different set of mouse clicks to find the desired information.

So I’ve been suggesting for some time the idea of having a single database, or at the very least a set of linked databases, that will contain standardized (what a concept) information about every standard developed, or in development, by every standards organization. A person interested in finding a standard solution for a particular problem or topic can perform a single search to find all of the standards completed or in development in that area. Everyone that I’ve suggested this idea to over the past few years has thought that it was a great idea, but no one thought enough of it that they wanted to fund the effort. That seems to be the biggest problem: funding. The solution would require hosting for a web site and database, and salaries for the people involved in gathering, entering, and maintaining the information. CEN had embarked on just such a project a few years ago, but the funding ran out after a couple of years so the project was shelved. ANSI has an ongoing effort with their NSSN database but it appears to be mostly a front end to their e-store for purchasing standards.

A  possible alternative is for each organization to enter and maintain their own information. But getting standards organizations to work together, however noble the goal, is worse than herding cats. I’ve tried suggesting this, but the organizations I talked to insisted that they were just fine publishing their own information in their own way, i.e. in a manner different than their peers.

So, does anyone else feel strongly about this topic? Strongly enough to fund such an effort? Please step forward.

We saw in my previous blog entry that standards in 1929 were generally used for reducing variety, for simplification, for reducing the numbers of items produced, eliminating the outliers, and thus reducing costs of manufacturing. This was just a step further in the industrialization of the U.S. and the mass-production movement that gave us interchangeable parts and standard clothing and shoe sizes.

That’s not to say that that was all that was being done; perhaps the writer of the Britannica article was simply caught up in the emphasis of that decade. There had certainly been a lot of standards efforts in interchangeable parts and manufacturing processes, and many of the “grandfather” organizations of today such as ASTM, IEEE, and ANSI had their roots in work started in the late 19th century.

But it’s now 2007. What does standardization look like today? It’s certainly more extensive; rather than the small handful of organizations developing standards back then, we have hundreds. And rather than focusing mostly on variety reducing standards we have standards in dozens of categories.

ISO defines a standard as a “document, established by consensus and approved by a recognized body, that provides, for common and repeated use, rules, guidelines or characteristics for activities or their results, aimed at the achievement of the optimum degree of order in a given context.” Or, as I generally paraphrase, an agreed-upon way of doing things to achieve a specific result.

The definition gives us a lot of wiggle room as far as the purpose of the standard, the means used to develop and approve it, its contents, the means defined by the standard to achieve the stated goal, etc. And this is appropriate: there is no “one size fits all” that will satisfy all conditions, requirements, technologies, etc. for all industries and audiences.

That leads to the creation of many different types of standards, or different ways to classify them. And by that I don’t mean just different types of technologies or different industries. Here’s just a few of the different classification schemes that I’ve seen while reading various descriptions of standards:

• De facto vs. de jure; whether the technology or product is simply accepted or widely used by the market, or it is a formal specification that has been approved by a recognized or accredited body.
• Mandated vs. voluntary; whether use of or compliance with the standard is required by law, or if its use is voluntary and optional.
• Anticipatory vs. retrospective, proactive vs. reactive; whether the standard reflects the development of a new, perhaps bleeding edge, technology, or if it is simply the codification of an existing technology or practice already in use by industry.
• Open vs. proprietary; whether the standard is freely available for all parties to use without the requirement of licensing or payment of royalties.
• National, regional, etc.; whether the standard is designed, approved, or mandated for use within specific geographical or political boundaries.
• Physical/measurement/unit/reference. These are the oldest standards, going back hundreds and even thousand of years; the biblical cubit, for example. The oldest standards organizations were created to define things such as railroad track gauge, screw threads, etc. This also includes the imperial and metric measurements for inch, foot, mile, pound, and meter, liter, etc., time measurements such as second, minute, hour, or the calendar, or the octane of gasoline, the Kw/hr for electricity, etc.
• Performance. These standards, sometimes government mandated, are for such things as vehicle miles per gallon or the efficacy of pharmaceuticals
• Safety standards, such as for the lamp cord that has an Underwriters Laboratory sticker on it, fire protection equipment, etc.
• Compatibility/interface/interchange, including screw threads and railroad track gauges (see above) but also all of the plugs and wire connections we use every day for our computers and other electrical appliances. But this isn’t restricted to physical objects; data models and syntax for information exchange at various levels in the stack all fit in this category.
• Variety reducing, such as clothing and shoe sizes, tire sizes, lumber, etc.

Note that this is not an exhaustive list; there are always going to be new ways to classify things. Note also that there is a great deal of overlap in these categories; for example screw threads fall into both measurement and compatibility, and tire sizes are both variety reducing and reference.

The short message, though, is that there’s a lot going on.

I’m browsing through my new (to me) Encyclopaedia Britannica, 14th edition, published in 1929. I picked this up for a very reasonable price from our local book sale, the Friends of the Tompkins County Public Library, where I volunteer. I really don’t know where I’m going to find the shelf space for these 24 volumes, but the illustrations are great. Plus seeing the snapshot of things as they were 80 years ago is pretty cool.

At random last night I picked up volume 21 (SORD to TEXT) and came upon the article titled “Standardization” and caught a glimpse of the world of standards from way back when.

Standardization is here defined as “…setting up standards by which extent, quantity, quality, value, performance, and service may be gauged. Instances are the miles, the hour, the pound, the bushel, and the dollar.” Britannica then quotes from Mechanical Engineering, August 1926, to enumerate the advantages to manufacturers, distributors, and consumers as follows:

“(1) Standardization stabilizes production and employment…

(2) It reduces selling cost…

(3) It enables buyer and seller to speak the same language…

(4) …it promotes fairness in competition…

(5) It lowers unit costs to the public by making mass production possible…

(6) … it makes deliveries quicker and prices lower.

(7) It decreases litigation…”

and etc. all the way down to item 16.

The emphasis of this list, and the rest of the Britannica article, is on reducing variety. A subheading at the end of the article is on Simplification, listing the advantages of “…the commercial elimination of unnecessary variety in sizes, dimensions, grades or qualities of common commodities.” A U.S. Department of Commerce study showed that 80% of business is done in 20% of the varieties in the product line (is this the first use of the 80/20 rule?), and cited the increased business profitability of focusing on the more popular lines and eliminating the rest.

Another interesting tidbit from the article was that the then-future President Herbert Hoover was a standards guy. “Early in 1921, Herbert Hoover, then president of the American Engineering Council (the executive body of the Federated American Engineering Societies), organized a committee of 17 well-known industrial and management engineers to make a survey of waste in the industry.” Hoover was originally a mining engineer, first for the USGS then as a consultant. After the first World War he headed humanitarian efforts in Europe, then later in 1921 was made Secretary of Commerce where he used his post to continue his theme of simplification.

On Friday of last week I was in Calgary (sans baggage; thanks United!) speaking at the Fifth International Conference on Standardization and Innovation in Information Technology, SIIT 2007, hosted by the University of Calgary. As I was in Washington DC for ANSI World Standards Week on Wednesday and Thursday I missed the first day (and apparently some good papers), but was there for the second. Slides for presentations may be found on the conference web site.

My presentation (paper and slides) was on the convergence and harmonization of accredited and non-accredited standards organizations. I introduced my presentation as being a bit like Mythbusters, but unfortunately without the explosions. There are lots of perceptions about consortia and about accredited or recognized standards bodies, but these perceptions depend a lot on who you ask. While many perceptions are based on historical practices these are changing and the two types of organizations are becoming more and more like each other. The issues of openness, democracy, balance, process, governance, expense, etc. are not binaries; each may be measured along a spectrum, and generalizations such as “all consortia are closed groups” or “all accredited organizations have slow processes” are simply not true. All organizations have the same business challenges of financing their work. Recognized bodies are developing processes that allow consortia work to be submitted for national and international approval, and consortia are participating in these programs because the recognize the value that such recognition can give.

I suggested further that many non-accredited standards organizations are not accredited simply because they don’t see the benefit in doing so, but are otherwise qualified to become accredited. Rather than looking at accreditation vs. non as a way to describe an organization, a better way to distinguish standards organizations would be to look at the organization’s emphasis on anticipatory vs. retrospective standards, the levels of satisfying industry and market needs, use of modern infrastructure, their openness to public review and inspection, emphasis on non-sales revenue, and the extent to which they promote adoption.

I’ll mention just one other presentation, the one given by Dr. Laura DeNardis of Yale University on the political implications of open standards. She says “Technologies embody values and, once developed, have political implications.” Standards can define the capabilities of, for example, an electronic balloting system or the availability and openness of public documents. Further, technologies and standards can define what is allowed by law when then they define what is technically possible. Laws and government activities in the areas of individual privacy, property rights, free speech, disaster response, national security, and global trade are all influenced by standards and what is technically possible.

DeNardis also discussed the concept and definition of openness in standards, and referred to work done by Ken Krechmer of the University of Colorado. Just as in my comparison of standards organizations, openness of standards is not a binary yes/no, but rather a spectrum of openness using a variety of criteria during development, implementation, and usage. The question is not how open something is, but whether the level of openness is appropriate for the specific context. I’ll recommend that you take a look at the slides for this presentation.

Last week I was in Washington DC attending ANSI’s World Standards Week. This annual WSW event is comprised of meetings of the various ANSI committees and member forums. A major theme this year has been that of consumer confidence related to the issue of product recalls, many of which are for items from China, including most recently toys. This is a big issue as we enter the holiday gift-buying season; parents want to be certain that the toys they buy for their children are safe. Representatives from the U.S. Consumer Product Safety Commission and from various consumer interest groups attended the ANSI meetings, and the representative of the Toy Industry Association was on the hot seat for many of the discussions.

The issue of toy safety, which has been in the news almost daily for the last couple of months, is one of standards. But it’s not a question of the need for standards – there’s already a lot of them in place – but of enforcement. Given the nature of the enforcement and the quantities involved, this becomes an issue of conformance testing and certification. The enforcers of the safety standards, which are codified into laws and regulations, are the laboratories which test products to ensure that they comply with applicable standards. Examples of each type of toy, and each manufacturing lot, need to be tested. That’s a lot of work.

But who is qualified to do the testing? Can the manufacturers do the testing themselves? With which testing laboratories can they contract to do the work? Or should the government do the testing?

Part of the discussion at the ANSI meetings was around this topic. The CPSC is a candidate for the body that would certify testing labs to do the work, but ANSI is suggesting that this is a role for which it is better suited, both for the sake of separating the regulation-setting and certification roles and because there is precedent for ANSI certifying conformance-testing labs in other areas. ANSI has listed its role in support of consumer confidence among its top priorities for the coming year.

The broader lesson here is that standards by themselves are only part of any solution. Whether the standard is for a consumer product or not, the standards developer must define a means by which the standard can be enforced, usually be defining tests for conformance. How do you know if a standard is being followed or not? And further, who is qualified and/or authorized to decide? These are all issues to be settled as part of the standards development process.