In-Depth

The OOXML Appeals: What Next?

In-depth Q&A analyzes what developers can expect after the appeal's expected defeat.

• By Michael Desmond
• 07/17/2008

The longtime industry watcher and partner in the Boston law firm of Gesmer Updegrove LLP has tracked the OOXML standards battle since the very beginning. As legal counsel to both OASIS and the Linux Foundation, among other organizations, Updegrove has a long track record in the technology standards and open source software arenas. He says that the recent ISO/IEC recommendation to deny the appeal against the April 1 vote to ratify OOXML is a bad one.

We caught up with Andy to get his thoughts on the process behind the appeal and what its likely defeat means for developers and for the future of technical standards making.

RDN: I know you've blogged about what some have said is an ISO decision to deny the appeal of the OOXML approval, which was submitted by several nations.
ANDY UPDEGROVE: Let's start with where we are procedurally. The appeals aren't actually dead yet, although they may have a bad prognosis. What has just happened is that the first step of the appeals process has been completed. During that step, the CEOs of the two organizations (ISO and IEC) that together host Joint Technical Committee 1 (JTC 1) have reviewed the appeals, as they are required to do within one month of the close of the appeals period. Their options were to agree to recommend that the appeals proceed, or that they be denied (they chose the latter), but they are not authorized to make the actual decision.

The appeals are off on a bad foot, but they have not been denied. The next step is for the Technical Management Boards of each organization to consider the appeals, and for the members of those Boards to vote to proceed, deny, or abstain as to each of the four appeals. They can decide to approve one, more than one, all or none of the appeals for further consideration.

Does this action impact the viability of ISO as a standards-making body going forward?
Yes and no. ISO especially (and to a lesser extent IEC) are very broad organizations, covering many different domains, from quality control to document formats to live animal traps. So first of all, the matters of issue are not likely to even come to the attention of many people outside the ITC industry. Second, it's important to note that most of the time the ISO/IEC process operates well, or well enough, even in the ITC industry. So what we're looking at here is akin to a stress test that indicates a problem with the circulatory system when its under heavy demand, even though the heart is kicking along just fine, thank you, when the patient is flipping channels on the remote.

RDN: Can you be a bit more specific?
Sure. What we have seen is that rules and process that may work well in a collegial environment can break down badly in a hotly contested standards war. In my view, though, it goes deeper than this, in that I think that some of the judgments made by ISO in managing the process were terrible -- such as scheduling a one-week Ballot Resolution Meeting to resolve 1,200 issues. But according to the CEOs' interpretation of the Directives, there is no way to appeal such a bad call. So we have a system that purports to be consensus-driven, but where the decisions of management cannot be contested, even when (in this case) four National Bodies think that the process had terrible problems.

The situation is exacerbated by the fact that the Directives are very sketchy and vague, and the CEOs have made absolute statements in their recommendations that are, in my view, at best subjective -- such as the fact that no draft of OOXML reflecting the changes voted on at the BRM is available even today, despite the fact that the same Directives call for it to be produced within one month. Despite the fact that the appeals period expired without the draft being available, the CEOs have declared this "irrelevant."

What other aspects of the appeals merited a revisiting of the entire process?
A couple items come to mind. One, were the judgments made by the ISO/IEC valid under the rules? For example, allowing zero members to vote. The CEOs say that this was in their discretion, and that there is therefore no basis for an appeal. But why shouldn't the limits of that discretion be eligible for appeal?

Two, have the reputations of ISO and IEC been damaged by the way in which the process was conducted? The CEOs did not even bother to address this one, even though it is mentioned explicitly in the appeals, and even though the Directives explicitly call out "matters of principle" and effects on "reputation" as being valid reasons for appeal.

What other grounds did the CEOs use to disregard the appeals?
In most cases, the CEOs simply say that because the National Bodies voted to approve, that there is no basis for appeal. As a result, they are invoking a classic Catch 22: there can't be an appealable flaw if the specification is approved, because we've defined it out of existence. In other words, the appeals process proves to be almost non-existent, and just about any abuse, error of judgment or other problem can be ratified by a vote. Why say, then, that there is an appeals process at all?

So what does that mean for ISO's reputation?
If the Technical Management Boards side with the CEOs, I think that ISO and IEC will be damaged goods in ITC. Either they will reform their process to prevent a repeat performance, or I think that many consortia and their members will simply turn their backs on ISO/IEC. Bear in mind that they've done this before – and that there are now hundreds of consortia outside the traditional system. Recently, more of them have been using the PAS process to submit standards to ISO/IEC, but I think that the value to be gained by this extra work may not look worth it in the future, absent reform.

I would have been surprised, personally, if the ISO had held up the appeal. Am I wrong to feel that way?
Sadly, no. What I think you see here is a portrait of a comfortable management that has made some terrible calls, and yet is protected by rules that make them almost immune from being called to task. Hundreds, if not thousands, of standards professionals around the world have been put through the wringer during this process, and those that have gone through the domestic heat to file appeals are now being told that their job is simply to take whatever they are told to do, no matter how ill-considered those requirements may be. In my view, the OOXML saga reveals problems at ISO/IEC that go far beyond vague Directives.

Given the caustic nature of the OOXML ratification process, how could we be assured that a second run at the thing wouldn't result in an even worse outcome?
My belief is that most or all of the appeals are far less about whether OOXML is approved or not, and more about total frustration with what happened. As evidence of this, note that most of the letters asked for little specific relief, and the CEO's (to their credit) sent them a request after the appeal deadline had passed, inviting them to ask for more specific relief. But the CEOs are missing the point when they say, "there's nothing to appeal, because the National Bodies voted to adopt." In other words, as I read the appeals. As I see it, the CEOs are looking at what happened, and the national bodies are focusing on how it happened.

So what are the forms of relief that might be imagined if there was reform, and how would they go, as a result?
Here are two. One, send the draft back to a new, open-ended BRM. I think that this is unlikely, but I think that if it did happen, that things would actually go quite well. All who participated in the first BRM agreed that everyone was trying to do their best to make progress -- including many who had been vocal proponents of one position or the other in advance of the meeting.

Two, send OOXML through the longer, non-Fast Track process that would have made more sense to begin with. Standards-setting is not, how to say delicately, the most riveting activity on earth for those that aren't expected to do it as part of their day job. I expect that many of those that became involved during the short process of the Fast Track process that had no experience in standard setting would gradually drop out, leaving the professionals to handle the improvement of the specification. At that point, it becomes no different than any other specification, and this is hardly the first specification to ever spark an all out standards war.

It's also important to note that the marketplace has moved. Office will support ODF next year (hopefully well), while support for any ISO/IEC approved version of OOXML will not occur for several years. Given that reality and the fact that moving OOXML through the normal process would take a fair amount of time, there would be little tactical advantage to be gained from stonewalling OOXML, even if some subset of vendors were inclined to do so -- which I do not think would be the case.

Also, let's say the technical management boards hew to the ISO/IEC recommendation and deny the appeals. Could we see a lawsuit or other legal challenge mounted to the ISO?
Personally, I doubt it. I can't think of any basis for anyone suing ISO/IEC, although I'm not an expert on its rules, charter, and so on. It's possible that there could be investigations launched at the level of one or two National Bodies (probably a good thing, for purposes of tightening up the rules where needed), although my guess is that this won't happen, either, given how things have turned out in the marketplace. But a lawsuit? I don't see that. Nor can I imagine any individual company being sued.

OK, so a lawsuit is probably off the table. Are there any other obstacles ahead for OOXML?
What is more possible is that the European Commission (EC) might not like what it sees as it looks into the OOXML process. I would not expect the EC to take any action with respect to the adoption decision itself, as I'm not sure that they may even have the jurisdiction to interfere with the result. But they do have jurisdiction to prosecute a company or group of companies, or to prosecute (or more likely rap the knuckles of) a standards body and tell it to clean up its act, if they wish.

They are already looking into Microsoft's conduct, and I expect that Microsoft's February interoperability announcements were triggered in large part by pressure from the EC. That investigation is ongoing. And not long ago, the EC looked into the disclosure rules of the European Telecommunications Standards Institute (ETSI) and told ETSI that it should not bar patent owners from disclosing licensing terms for patents that might be infringed by a standard.

So if there is still a shoe to drop, I'd look to Neelie Kroes, the EC Commissioner. She clearly isn't shy when it comes to looking into business practices that she finds objectionable. It would be interesting to know whether she is watching the appeals process even now. If the appeals are dismissed, perhaps we might learn the answer to that question.

OK, so what's next? Assuming the appeals are dead, and absent an airstrike from Neelie Kroess, will we see any effort to perhaps shape OOXML post-process within the maintenance group?
Recall that Microsoft has announced that it will postpone implementation of whatever comes out of ISO/IEC until the next full release of Office, and estimates on when that may appear vary widely, but certainly don't include the near future. So what does Microsoft do in the meantime?

Well, for now they have to work with what is already implemented in Office 2007, which is Ecma 376. People have always wondered whether Microsoft would promptly and faithfully implement whatever came out of ISO/IEC, and now that question is even more relevant, since the post-BRM draft hasn't even been released to the national bodies yet. And hundreds of ISVs that need to sell products will need to work with OOXML as already implemented in Office 2007.

So I think that people will be taking their cues from Microsoft after the post-BRM draft comes out If Microsoft doesn't play a very energetic role, then I think people will assume that Microsoft doesn't intend to ever implement DIS 29500. But if Microsoft is all over it, then I think that others will be as well, because they're going to have to live with the ISO version as a fact of the Office environment for the foreseeable future, whether or not customers include it in their procurement requirements.

RDN: Do you think we'll see structural changes to the ISO fast-track approval process based on the OOXML experience? Or does ISO seem focused on "moving on"?
I think that ISO would like to just move on, but that a meaningful number of vendors are not going to allow that to happen. But how would anyone know? One of the things that I fault ISO on is for being so secretive. We haven't heard a word out of them about reform other than public statements that "we're always looking to improve."

In fact, I know that there have been private conversations going on behind closed doors about reforms ever since the BRM, if not before. The latest I've heard, however, is that these talks have been put on hold until the appeals are resolved. Why? Good question. You'd think that if a process was working badly enough to generate appeals by four different members that discussions should be expedited, rather than put on hold.

Setting a little perspective. Where does the OOXML standards battle rank in terms of contentious standards-making events? Any other examples that really stand out in your mind as approaching or surpassing OOXML in terms of pure acrimony?
Good question. In fact, there have been many battle royales in the past. A recent one involved standards for wild animal leg traps that didn't kill animals instantly. Some would gnaw their own leg off to escape. You can imagine how much popular attention that attracted, once it got publicized. In the international arena, the WiFi/WAPI fracas with China escalated all the way up to the Cabinet level, with Colin Powell discussing the matter with the highest levels of government in China after companies like Intel and Texas Instruments said they'd refuse to sell wireless enabled chips in China. And then there's the most ironic one of all: Sun's effort to Fast Track Java to ISO via Ecma -- which was effectively blocked by Microsoft.

So to close -- what does all this mean for the big picture?
Given the increasing importance of ITC standards in a world of a billion desktops and, not too far in the future, another billion Smartphones and Internet Devices, you can bet this won't be the last big standards war. That's why ISO and IEC need to take what happened seriously -- or the ITC industry won't be taking them seriously for much longer.