The OOXML Appeals: What Next?
In-depth Q&A analyzes what developers can expect after the appeal's expected defeat.
The Office Open XML file format is probably destined to be an international
standard under the International Organization for Standardization (ISO) and
International Electrotechnical Commission (IEC). And Andy Updegrove, for one,
is not happy about it.
The longtime industry watcher and partner in the Boston law firm of Gesmer
Updegrove LLP has tracked the OOXML standards battle since the very beginning.
As legal counsel to both OASIS and the Linux Foundation, among other organizations,
Updegrove has a long track record in the technology standards and open source
software arenas. He says that the recent ISO/IEC recommendation to deny
the appeal against the April 1 vote to ratify OOXML is a bad one.
We caught up with Andy to get his thoughts on the process behind the appeal
and what its likely defeat means for developers and for the future of technical
RDN: I know you've blogged about what some have said is an ISO decision
to deny the appeal of the OOXML approval, which was submitted by several nations.
ANDY UPDEGROVE: Let's start with where we are procedurally. The appeals
aren't actually dead yet, although they may have a bad prognosis. What has just
happened is that the first step of the appeals process has been completed. During
that step, the CEOs of the two organizations (ISO and IEC) that together host
Joint Technical Committee 1 (JTC 1) have reviewed the appeals, as they are required
to do within one month of the close of the appeals period. Their options were
to agree to recommend that the appeals proceed, or that they be denied (they
chose the latter), but they are not authorized to make the actual decision.
The appeals are off on a bad foot, but they have not been denied. The next
step is for the Technical Management Boards of each organization to consider
the appeals, and for the members of those Boards to vote to proceed, deny, or
abstain as to each of the four appeals. They can decide to approve one, more
than one, all or none of the appeals for further consideration.
Does this action impact the viability of ISO as a standards-making body
Yes and no. ISO especially (and to a lesser extent IEC) are very broad organizations,
covering many different domains, from quality control to document formats to
live animal traps. So first of all, the matters of issue are not likely to even
come to the attention of many people outside the ITC industry. Second, it's
important to note that most of the time the ISO/IEC process operates well, or
well enough, even in the ITC industry. So what we're looking at here is akin
to a stress test that indicates a problem with the circulatory system when its
under heavy demand, even though the heart is kicking along just fine, thank
you, when the patient is flipping channels on the remote.
RDN: Can you be a bit more specific?
Sure. What we have seen is that rules and process that may work well in a collegial
environment can break down badly in a hotly contested standards war. In my view,
though, it goes deeper than this, in that I think that some of the judgments
made by ISO in managing the process were terrible -- such as scheduling a one-week
Ballot Resolution Meeting to resolve 1,200 issues. But according to the CEOs'
interpretation of the Directives, there is no way to appeal such a bad call.
So we have a system that purports to be consensus-driven, but where the decisions
of management cannot be contested, even when (in this case) four National Bodies
think that the process had terrible problems.
The situation is exacerbated by the fact that the Directives are very sketchy
and vague, and the CEOs have made absolute statements in their recommendations
that are, in my view, at best subjective -- such as the fact that no draft of
OOXML reflecting the changes voted on at the BRM is available even today, despite
the fact that the same Directives call for it to be produced within one month.
Despite the fact that the appeals period expired without the draft being available,
the CEOs have declared this "irrelevant."
What other aspects of the appeals merited a revisiting of the entire
A couple items come to mind. One, were the judgments made by the ISO/IEC valid
under the rules? For example, allowing zero members to vote. The CEOs say that
this was in their discretion, and that there is therefore no basis for an appeal.
But why shouldn't the limits of that discretion be eligible for appeal?
Two, have the reputations of ISO and IEC been damaged by the way in which the
process was conducted? The CEOs did not even bother to address this one, even
though it is mentioned explicitly in the appeals, and even though the Directives
explicitly call out "matters of principle" and effects on "reputation"
as being valid reasons for appeal.
What other grounds did the CEOs use to disregard the appeals?
In most cases, the CEOs simply say that because the National Bodies voted to
approve, that there is no basis for appeal. As a result, they are invoking a
classic Catch 22: there can't be an appealable flaw if the specification is
approved, because we've defined it out of existence. In other words, the appeals
process proves to be almost non-existent, and just about any abuse, error of
judgment or other problem can be ratified by a vote. Why say, then, that there
is an appeals process at all?
So what does that mean for ISO's reputation?
If the Technical Management Boards side with the CEOs, I think that ISO and
IEC will be damaged goods in ITC. Either they will reform their process to prevent
a repeat performance, or I think that many consortia and their members will
simply turn their backs on ISO/IEC. Bear in mind that they've done this before
– and that there are now hundreds of consortia outside the traditional
system. Recently, more of them have been using the PAS process to submit standards
to ISO/IEC, but I think that the value to be gained by this extra work may not
look worth it in the future, absent reform.
I would have been surprised, personally, if the ISO had held up the
appeal. Am I wrong to feel that way?
Sadly, no. What I think you see here is a portrait of a comfortable management
that has made some terrible calls, and yet is protected by rules that make them
almost immune from being called to task. Hundreds, if not thousands, of standards
professionals around the world have been put through the wringer during this
process, and those that have gone through the domestic heat to file appeals
are now being told that their job is simply to take whatever they are told to
do, no matter how ill-considered those requirements may be. In my view, the
OOXML saga reveals problems at ISO/IEC that go far beyond vague Directives.
Given the caustic nature of the OOXML ratification process, how could
we be assured that a second run at the thing wouldn't result in an even worse
My belief is that most or all of the appeals are far less about whether
OOXML is approved or not, and more about total frustration with what happened.
As evidence of this, note that most of the letters asked for little specific
relief, and the CEO's (to their credit) sent them a request after the appeal
deadline had passed, inviting them to ask for more specific relief. But the
CEOs are missing the point when they say, "there's nothing to appeal, because
the National Bodies voted to adopt." In other words, as I read the appeals.
As I see it, the CEOs are looking at what happened, and the national
bodies are focusing on how it happened.
So what are the forms of relief that might be imagined if there was reform,
and how would they go, as a result?
Here are two. One, send the draft back to a new, open-ended BRM. I think that
this is unlikely, but I think that if it did happen, that things would actually
go quite well. All who participated in the first BRM agreed that everyone was
trying to do their best to make progress -- including many who had been vocal
proponents of one position or the other in advance of the meeting.
Two, send OOXML through the longer, non-Fast Track process that would have
made more sense to begin with. Standards-setting is not, how to say delicately,
the most riveting activity on earth for those that aren't expected to do it
as part of their day job. I expect that many of those that became involved during
the short process of the Fast Track process that had no experience in standard
setting would gradually drop out, leaving the professionals to handle the improvement
of the specification. At that point, it becomes no different than any other
specification, and this is hardly the first specification to ever spark an all
out standards war.
It's also important to note that the marketplace has moved. Office will support
ODF next year (hopefully well), while support for any ISO/IEC approved version
of OOXML will not occur for several years. Given that reality and the fact that
moving OOXML through the normal process would take a fair amount of time, there
would be little tactical advantage to be gained from stonewalling OOXML, even
if some subset of vendors were inclined to do so -- which I do not think would
be the case.
Also, let's say the technical management boards hew to the ISO/IEC recommendation
and deny the appeals. Could we see a lawsuit or other legal challenge mounted
to the ISO?
Personally, I doubt it. I can't think of any basis for anyone suing
ISO/IEC, although I'm not an expert on its rules, charter, and so on. It's possible
that there could be investigations launched at the level of one or two National
Bodies (probably a good thing, for purposes of tightening up the rules where
needed), although my guess is that this won't happen, either, given how things
have turned out in the marketplace. But a lawsuit? I don't see that. Nor can
I imagine any individual company being sued.
OK, so a lawsuit is probably off the table. Are there any other obstacles
ahead for OOXML?
What is more possible is that the European Commission (EC) might not
like what it sees as it looks into the OOXML process. I would not expect the
EC to take any action with respect to the adoption decision itself, as I'm not
sure that they may even have the jurisdiction to interfere with the result.
But they do have jurisdiction to prosecute a company or group of companies,
or to prosecute (or more likely rap the knuckles of) a standards body and tell
it to clean up its act, if they wish.
They are already looking into Microsoft's conduct, and I expect that Microsoft's
February interoperability announcements were triggered in large part by pressure
from the EC. That investigation is ongoing. And not long ago, the EC looked
into the disclosure rules of the European Telecommunications Standards Institute
(ETSI) and told ETSI that it should not bar patent owners from disclosing licensing
terms for patents that might be infringed by a standard.
So if there is still a shoe to drop, I'd look to Neelie Kroes, the EC Commissioner.
She clearly isn't shy when it comes to looking into business practices that
she finds objectionable. It would be interesting to know whether she is watching
the appeals process even now. If the appeals are dismissed, perhaps we might
learn the answer to that question.
OK, so what's next? Assuming the appeals are dead, and absent an airstrike
from Neelie Kroess, will we see any effort to perhaps shape OOXML post-process
within the maintenance group?
Recall that Microsoft has announced that it will postpone implementation
of whatever comes out of ISO/IEC until the next full release of Office, and
estimates on when that may appear vary widely, but certainly don't include the
near future. So what does Microsoft do in the meantime?
Well, for now they have to work with what is already implemented in Office
2007, which is Ecma 376. People have always wondered whether Microsoft would
promptly and faithfully implement whatever came out of ISO/IEC, and now that
question is even more relevant, since the post-BRM draft hasn't even been released
to the national bodies yet. And hundreds of ISVs that need to sell products
will need to work with OOXML as already implemented in Office 2007.
So I think that people will be taking their cues from Microsoft after the post-BRM
draft comes out If Microsoft doesn't play a very energetic role, then I think
people will assume that Microsoft doesn't intend to ever implement DIS 29500.
But if Microsoft is all over it, then I think that others will be as well, because
they're going to have to live with the ISO version as a fact of the Office environment
for the foreseeable future, whether or not customers include it in their procurement
RDN: Do you think we'll see structural changes to the ISO fast-track
approval process based on the OOXML experience? Or does ISO seem focused on
I think that ISO would like to just move on, but that a meaningful number of
vendors are not going to allow that to happen. But how would anyone know? One
of the things that I fault ISO on is for being so secretive. We haven't heard
a word out of them about reform other than public statements that "we're
always looking to improve."
In fact, I know that there have been private conversations going on behind
closed doors about reforms ever since the BRM, if not before. The latest I've
heard, however, is that these talks have been put on hold until the appeals
are resolved. Why? Good question. You'd think that if a process was working
badly enough to generate appeals by four different members that discussions
should be expedited, rather than put on hold.
Setting a little perspective. Where does the OOXML standards battle rank
in terms of contentious standards-making events? Any other examples that really
stand out in your mind as approaching or surpassing OOXML in terms of pure acrimony?
Good question. In fact, there have been many battle royales in the past.
A recent one involved standards for wild animal leg traps that didn't kill animals
instantly. Some would gnaw their own leg off to escape. You can imagine how
much popular attention that attracted, once it got publicized. In the international
arena, the WiFi/WAPI fracas with China escalated all the way up to the Cabinet
level, with Colin Powell discussing the matter with the highest levels of government
in China after companies like Intel and Texas Instruments said they'd refuse
to sell wireless enabled chips in China. And then there's the most ironic one
of all: Sun's effort to Fast Track Java to ISO via Ecma -- which was effectively
blocked by Microsoft.
So to close -- what does all this mean for the big picture?
Given the increasing importance of ITC standards in a world of a billion
desktops and, not too far in the future, another billion Smartphones and Internet
Devices, you can bet this won't be the last big standards war. That's why ISO
and IEC need to take what happened seriously -- or the ITC industry won't be
taking them seriously for much longer.