Q&A

The OOXML Appeals: What Next?

Industry watcher Andy Updegrove on the future of OOXML and ISO.

• By Michael Desmond
• 08/01/2008

The Office Open XML (OOXML) file format is probably destined to be an international standard under International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC). And Andy Updegrove, for one, is not happy about it.

The longtime industry watcher and partner in the Boston law firm of Gesmer Updegrove LLP has tracked the OOXML-standards battle since the very beginning. As legal counsel to both Organization for the Advancement of Structured Information Standards (OASIS) and the Linux Foundation, among other organizations, Updegrove has a long track record in the technology standards and open source software arenas. He says that the recent ISO/IEC recommendation to deny the appeal against the April 1 vote to ratify OOXML is a bad one.

RDN caught up with Updegrove to get his thoughts on the process behind the appeal and what its likely defeat means for developers and for the future of technical-standards making.

	"They're invoking a classic Catch 22. There can't be an appealable flaw if the specification is approved, because we've defined it out of existence."
Andy Updegrove, Partner, Gesmer Updegrove LLP

What does the ISO/IEC recommendation mean? Are the appeals dead?
The appeals are off on a bad foot, but they haven't been denied. The next step is for the Technical Management Boards of each organization to consider the appeals, and for the members of those boards to vote to proceed, deny or abstain as to each of the four appeals. They can decide to approve one, more than one, all or none of the appeals for further consideration.

You've been very critical of the ISO process as it relates to the OOXML effort. Is the process broken?
What we've seen is that rules and processes that may work well in a collegial environment can break down badly in a hotly contested standards war. In my view, though, it goes deeper than this, in that I think that some of the judgments made by ISO in managing the process were terrible -- such as scheduling a one-week Ballot Resolution Meeting [BRM] to resolve 1,200 issues. But according to the CEOs' interpretation of the directives, there's no way to appeal such a bad call. So we have a system that purports to be consensus-driven, but where the decisions of management can't be contested, even when -- [as] in this case -- four National Bodies think that the process had terrible problems.

Obviously you feel these appeals have some merit. What arguments in those appeals have traction?
A couple items come to mind. One, were the judgments made by ISO/IEC valid under the rules? For example, allowing O-Members to vote. The CEOs say that this was in their discretion, and that there's therefore no basis for an appeal. But why shouldn't the limits of that discretion be eligible for appeal?

Two, have the reputations of ISO and IEC been damaged by the way in which the process was conducted? The CEOs didn't even bother to address this one, even though it's mentioned explicitly in the appeals, and even though the directives explicitly call out "matters of principle" and effects on "reputation" as being valid reasons for appeal.

So you're saying the CEOs pretty much ignored these issues. Did the CEOs have any other grounds for disregarding the appeals?
In most cases, the CEOs simply say that because the National Bodies voted to approve, there's no basis for appeal. As a result, they're invoking a classic Catch 22. There can't be an appealable flaw if the specification is approved, because we've defined it out of existence. In other words, the appeals process proves to be almost nonexistent, and just about any abuse, error of judgment or other problem can be ratified by a vote. Why say, then, that there's an appeals process at all?

I would've been surprised, personally, if ISO had held up the appeals. Am I wrong to feel that way?
Sadly, no. What I think you see here is a portrait of a comfortable management that has made some terrible calls, and yet is protected by rules that make them almost immune from being called to task. Hundreds -- if not thousands -- of standards professionals around the world have been put through the wringer during this process, and those that have gone through the domestic heat to file appeals are now being told that their job is simply to take whatever they're told to do, no matter how ill-considered those requirements may be. In my view, the OOXML saga reveals problems at ISO/IEC that go far beyond vague directives.

Do you believe the fallout from the OOXML battle has hurt the reputation or authority of ISO in the technology arena?
If the Technical Management Boards side with the CEOs, I think that ISO and IEC will be damaged goods in ITC. Either they'll reform their process to prevent a repeat performance, or I think that many consortia and their members will simply turn their backs on ISO/IEC. Bear in mind that they've done this before -- and that there are now hundreds of consortia outside the traditional system.

So what are the forms of relief that might be imagined if there was reform -- and how would they go, as a result?
Here are two. One, send the draft back to a new, open-ended BRM. I think that this is unlikely, but I think that if it did happen, that things would actually go quite well. All who participated in the first BRM agreed that everyone was trying to do their best to make progress, including many who had been vocal proponents of one position or the other in advance of the meeting.

Two, send OOXML through the longer, non-fast-track process that would have made more sense to begin with. Standards-setting is not -- how to say this delicately -- the most riveting activity on earth for those that aren't expected to do it as part of their day job. I expect that many of those that became involved during the short process of the fast-track process that had no experience in standard setting would gradually drop out, leaving the professionals to handle the improvement of the specification. At that point, it becomes no different than any other specification, and this is hardly the first specification to ever spark an all-out standards war.

I understand that additional action like a lawsuit is unlikely, but are there any remaining obstacles to formal adoption of OOXML as an ISO standard?
What's possible is that the European Commission [EC] might not like what it sees as it looks into the OOXML process. I wouldn't expect the EC to take any action with respect to the adoption decision itself, as I'm not sure that they may even have the jurisdiction to interfere with the result. But they do have jurisdiction to prosecute a company or group of companies, or to prosecute -- or more likely, rap the knuckles of -- a standards body and tell it to clean up its act.

They're already looking into Microsoft's conduct, and I expect that Microsoft's February interoperability announcements were triggered in large part by pressure from the EC. That investigation is ongoing. And not long ago, the EC looked into the disclosure rules of the European Telecommunications Standards Institute [ETSI] and told ETSI that it should not bar patent owners from disclosing licensing terms for patents that might be infringed by a standard.

So if there's still a shoe to drop, I'd look to Neelie Kroess, the European Commission commissioner. She clearly isn't shy when it comes to looking into business practices that she finds objectionable. It would be interesting to know whether she's watching the appeals process even now. If the appeals are dismissed, perhaps we might learn the answer to that question.

OK, so what's next? Absent an air strike from Neelie Kroess, will we see any effort to perhaps shape OOXML post-process within the maintenance group? And what should developers be looking for in the post-approval phase?
Recall that Microsoft has announced that it will postpone implementation of whatever comes out of ISO/IEC until the next full release of Office, and estimates on when that may appear vary widely, but certainly don't include the near future. So what does Microsoft do in the meantime?

Well, for now they have to work with what's already implemented in Office 2007, which is ECMA-376. People have always wondered whether Microsoft would promptly and faithfully implement whatever came out of ISO/IEC, and now that question is even more relevant [because] the post-BRM draft hasn't even been released to the National Bodies yet. And hundreds of ISVs that need to sell products will need to work with OOXML as already implemented in Office 2007.

So I think that people will be taking their cues from Microsoft after the post-BRM draft comes out. If Microsoft doesn't play a very energetic role, then I think people will assume that Microsoft doesn't intend to ever implement DIS [Draft International Standard] 29500. But if Microsoft is all over it, then I think that others will be as well, because they're going to have to live with the ISO version as a fact of the Office environment for the foreseeable future, whether or not customers include it in their procurement requirements.

Do you think we'll see structural changes to the ISO fast-track approval process based on the OOXML experience? Or does ISO seem focused on moving on?
I think that ISO would like to just move on, but that a meaningful number of vendors aren't going to allow that to happen. But how would anyone know? One of the things that I fault ISO on is for being so secretive. We haven't heard a word out of them about reform other than public statements that "we're always looking to improve."

In fact, I know that there have been private conversations going on behind closed doors about reforms ever since the BRM, if not before. The latest I've heard, however, is that these talks have been put on hold until the appeals are resolved.

To set a little perspective, where does the OOXML standards battle rank in terms of contentious standards-making events? Are there any other examples that really stand out in your mind as approaching or surpassing OOXML in terms of pure acrimony?
Good question. In fact, there have been many battles royale in the past. A recent one involved standards for wild animal leg traps that didn't kill animals instantly. Some would gnaw their own leg off to escape. You can imagine how much popular attention that attracted, once it got publicized.

In the international arena, the WiFi/WAPI [WLAN Authentication and Privacy Infrastructure] fracas with China escalated all the way up to the cabinet level, with Colin Powell discussing the matter with the highest levels of government in China after companies like Intel and Texas Instruments said they'd refuse to sell wireless-enabled chips in China. And then there's the most ironic one of all: Sun's effort to fast-track Java to ISO via Ecma-which was effectively blocked by Microsoft.

What does all this mean for the big picture?
Given the increasing importance of ITC standards in a world of a billion desktops and -- not too far in the future -- another billion smartphones and Internet devices, you can bet this won't be the last big standards war. That's why ISO and IEC need to take what happened seriously -- or the ITC industry won't be taking them seriously for much longer.