An Interview with Andrew Updegrove
by Sean Daly, Geneva February 26, 2008 [ Audio - Ogg]

Q: This is Sean Daly, reporting for Groklaw, I'm in Geneva for the OpenForum Europe conference, and I'm seated here with Andy Updegrove [bio]. Thank you very much for being with us today.

Andy Updegrove: My pleasure.

Q: Now, I just wanted to talk a little bit, in reaction to your presentation this morning, which I found very interesting, one or two other questions. Well, I think it's very clear that you are worried, you said this morning "deeply troubled", about the standards process surrounding OOXML. You talked about the "smoke-filled room". What are your concerns today?

Andy Updegrove: Well, I think, first of all, just by way of background for people that aren't familiar with the standards process, ISO/IEC is an organisation that has been around for about sixty years and has a highly evolved process that is utilized for creating standards of many, many, many, many types. Everything from mining to information technology. And, the first point to make is that it's a one-size-fits-all process. The second point to make is that standards, for many, many years, were set in a rather genteel and collegial setting, and in large part they still are. IT is unusual in part because it is so patent-laden. Many, many, many other types of standards have little or no patent exposure at all. So, I could go on, but suffice it to say that there are a number of differences between the ITC -- Information and Communications Technology -- space, and many of the other settings in which standards are set and virtually all of those in which the standards-setting process, is conducted in these organizations, was originally created.

So, one of the... the last thing I'll mention is that standards historically have not been anywhere near as strategic as this standard is, and outside of IT, a strategic standard is more of the exception rather than the rule, particularly when it comes to patent relationships. So, what we have seen in the current scenario is a number of places where the traditional standards-setting infrastructure, as compared to consortia, which operate under different rules and different realities and are somewhat more able to cope -- we're dealing with a process that really wasn't created to operate for this kind of standard and under this kind of stress.

I wrote an editorial for the last issue of my journal, called Standards Today, where I -- which was titled The Overwhelming of ISO/IEC JTC-1 [PDF] -- that's not a bad metaphor.

So in the national bodies, the same problems cropped up, in these nations around the world, they aren't as used to the same thing either. They're used to genuinely interested long-term participants becoming involved in programs rather than last-minute arrivals of multiple people with an interest in a particular issue. So, from beginning to end, it really wasn't equipped to deal with this and has not been able to deal with it very well. The [Ballot Resolution] meetings that are going on concurrently, under the convenor Alex Brown are struggling with that same reality and trying to make the best of situation that is under stress.

Q: Do you think that this has an adverse effect on the ISO's reputation?

Andy Updegrove: I, uh... this is a bit forward, but I think it should. Because ISO/IEC has a quasi-governmental function in the world, and its output is recognized preferentially by a number of governments around the world, and with that sort of position comes a responsibility to upgrade process as the changing demands in the modern world require. And thus far, it has not adapted, and -- or to put it more charitably has not risen to the challenge, and I think that it's clear that if ISO/IEC is going to remain relevant and effective and useful, it's going to have to tackle this and come up with some solid solutions.

In this wise, it's worth reflecting that consortia came into existence 20 years ago, because the IT industry didn't think that the formal, accredited standards-setting process met their needs. So, now that they're starting to rejoin, to a certain extent, and seek ISO/IEC accreditation for some standards, we're going to see -- we are seeing -- a situation where something has to change. Either ISO/IEC has to be proactive and adapt, or the IT industry will have to come up with an independent solution of its own.

Q: What do you think will be the impact if OOXML is approved by the ISO?

[05:33]

Andy Updegrove: It's an interesting question. One answer, and you'll see that people give many different answers to this question depending on what their, how to say delicately, orientation may be, so it's more a matter of emphasis than anything else.

The first thing to reflect, as has been noted by a number of people, is that whether it's adopted or not by ISO/IEC, it's going to be widely adopted in the industry. Why is that so? Well, the first reason is because OOXML, being in a publicly available mode, is actually a very good thing, but it's important to then qualify that by saying: very important thing for whom? And the answer to that is: for Microsoft, first and foremost. Secondarily, for developers that live within the Microsoft ecosystem, and then finally existing Microsoft customers. So, it is good for all of those parties to have Microsoft open the kimono farther on its intellectual property.

So, it was necessary that this would happen, but it's not sufficient. And the main reason it's not sufficient is because OOXML is only useful for that purpose and will not really be able to act in the same way that ODF will.

[07:00]

Microsoft actually admits this and points out repeatedly that OOXML is intended for a different purpose. That's not disingenuous; that's exactly true. So then the question becomes: am I talking out of both sides of my mouth? And the answer to that, I think, is No. Those that are interested, I've done a long exegesis on this at my blog -- Standards Blog -- dated February 24th, so I'll summarize it very briefly here rather than in detail. But I think it's actually good that OOXML is open, but that it would be bad if OOXML became ISO-certified, because one of the few ways in which adoption or non-adoption does matter will be whether governments place it on an equal parity with ODF-compliant applications. And that is where it really matters. And it matters in two senses.

One is, only if there's a sufficiently large marketplace for ODF-compliant applications will both open source and proprietary vendors feel that it's worth their while to spend enough time to come up with truly competitive, robust, world-class, head-to-head competing products. That's the first way.

The second way it matters is because I believe that OOXML is just the first in a number of standards that are going to have significance far beyond the vendors. These are standards that are core to... are increasing, for example, dependence in society upon the Internet. And one of the reasons that ODF has inspired so much popular enthusiasm and support is because people recognize is that document formats are different from wifi implementations. It doesn't matter a whole lot which wifi implementation specification reaches the marketplace. People's lives won't be affected one way or another. It does make a difference whether open documents formats truly take hold in the industry.

Q: Well, I'd like to refer to your February 24th blog posting because it was very long, but for me interesting through and through. In particular, you spoke just about that there is an impact beyond technical issues, an impact on society. Perhaps you could talk a little bit what you mean by civil ITC standards, by ICT Rights?

Andy Updegrove: Right. One of the reasons -- I wrote that piece for two reasons. One, Patrick Durusau, who is the project editor in both OASIS and also ISO/IEC, for ODF, about a week ago wrote an open letter [PDF] which basically -- the link is in my blog post -- but basically says: "Hey, you know, let's get real here. Microsoft's come a long way, the standard is pretty good, let's just adapt it, you know, things just have happened the way they were supposed to, maybe we're not happy about some of the tactics along the way, but people joined in, they improved it, now it's worth it, let's adopt."

I think that this is a classic example of seeing the trees and not the forest. So, what I was trying to point out is that this is not just about a technical specification. This is about something with dimensions that go far beyond whether or not developers can easily create products that can be used easily in connection with Microsoft products.

What I tried to lay out in that blog posting was something I've been deeply troubled by for some years, which is that everyone is happy to embrace the wonderful things that the Internet brings about without being sufficiently concerned about the responsibilities and the weaknesses and the things that can be given up in making that transition. I did an essay once on a section of my site called Consider This, where I compared a clay tablet, a cuneiform clay tablet, to an iPod. And my purpose was to point out that each of them includes a number of characteristics that are important to storing information. And if you list all the things that matter, they include things like longevity, absence of abandonment, long-term access -- not existing but being able to understand them -- as well as portability and data density and things like that. And what I was pointing out was: it depends on what your needs are which one is best. We can still read a cuneiform tablet that is 5,000 years old. What's the chance of anyone being able to even find a workable iPod, let alone the likelihood that the format currently used for iPod will be available in 20 years, let alone 5,000 years.

For society, this is a real, important concern as we convert from traditional media to electronic media, and we need to remember that long-term preservation is as important as information density, and that we should not carelessly sacrifice that -- the constraints imposed by that criteria -- in order to get the latest whizz-bang technology. So what I'm pointing out is that many of the freedoms that everyone in a democratic society values and that people literally fought and died for, are things like freedom of speech, freedom of expression creatively, freedom of association, freedom to vote, freedom of access to government information.

Well, now let's look what happens when we get onto the Internet. Virtual worlds may even mean that freedom of association may happen in the future as you become more globalized. Freedom of association may literally occur more virtually than in the real world.

When you look at freedom of expression, how much time do you spend sharing information now online as compared to one-on-one? When you look at what you read, how much of what you read is now online rather than in a fixed medium?

And I could go on, but the point that I was trying to make is that we are used to having civil rights, but unless we have guaranteed equal access to the Internet on any device we wish, et cetera, we will not have civil ICT rights. And the more technology becomes the central part of life, the more civil ICT rights are going to matter over the rights in the ways that we've traditionally enjoyed and expressed them.

This is one of those things that I think that people have under-realized, just the same way that they've forgotten about what we lose when we go from a cuneiform tablet to an iPod.

So, what I did was, I tried to list, and I'm sure it's not an exhaustive list, but I tried to give a sample listing of the types of freedoms that we need to have on the Internet in order to make sure that we preserve, literally, what we've already got, and don't lose. And I don't have it in front of me, but they included: freedom to interact with government using whatever device and whatever software we wish, freedom to interact with each other in whatever device and application we wish, freedom to express ourselves online; I talked a bit about... actually, Sean is helping me out here, let me read these because I think they're rather important:

• That any citizen can use any product or service, proprietary or open, that she desires when interacting with her government.
• That any citizen can use any product or service when interacting with any other citizen, and to exercise every civil right.
• That any entrepreneur can have equal access to marketplace opportunities at the technical level at least (I didn't get into IPR here), independent of the market power of existing incumbents.
• That any person, advantaged or disadvantaged, and anywhere in the world, can have equal access to the Internet and the Web in the most available and inexpensive method possible.
• That any owner of data can have the freedom to create, store, and move that data anywhere, any time, throughout her lifetime, without risk of capture, abandonment or loss due to dependence upon a single vendor.

[16:23]

And if you think about those, those are what we enjoy in the real world. We need to have the same guarantees in the virtual world. And what might surprise you to think about is that just as we have a Bill of Rights and a Constitution in the US, and other nations have constitutions that balance the rights of society and individuals and guarantee those rights within reasonable constraints, standards actually function in the virtual world in the same way because standards, and particularly interoperability standards, are what negotiate the connection between proprietary technologies.

That's where these civil ICT rights that I speak of can be guaranteed at the technical level. And if they're guaranteed at the technical level, and that has to happen before you can have them at all, and if it does happen it makes it far more likely you'll have them whether or not government acts in the way that it has traditionally.

[17:30]

So, I think that, while Open Source has attracted a great deal of attention over the years, and has had clear explications of freedom rights by people like Richard Stallman and has attracted other people, open standards have not really attracted the same level of attention and the same type of thinking. And I would submit that what I tried to put down in this essay is as important in its own way, and in some situations more important, and that people have to be thinking about how standards are necessary to achieve the same types of freedoms that they're now well aware are important to protect in the realm of Open Source software.

Q: One last question. Microsoft has a duty to their shareholders to remain profitable. They make the lion's share of their income from their Office and Windows monopolies. There's a lot of money at stake. Now, there has been oftentimes expressed by people I have spoken with, and by others, the fear of retribution from Microsoft. I can cite a couple of examples. There's the Thanksgiving's Day Massacre of Peter Quinn, which those of us who have been following ODF don't forget. Tim Bray, who wrote a blog post about a year ago talking about how years ago he was hassled in ways that he didn't suspect would ever happen. As an attorney, do you think that kind of behavior could conceivably be an antitrust issue?

Andy Updegrove: Well, I'm not an antitrust expert, but there are -- I can speak about it in broad terms, and it's also important to note that the antitrust laws in the United States and the antitrust laws abroad for example in Europe, are not identical, and conduct that can be non-actionable in the United States might be actionable in Europe and vice versa. So, too, the zeal with which the regulators interest themselves in particular types of conduct changes with the administration in the United States. And under some administrations the antitrust regulators are very activist, and in other administrations they're basically told to back off and not hassle business. So first of all I just want to mention that there's no global baseline here.

Second of all, could it be actionable? In the United States, what the antitrust laws mainly have to do with is markets. And, therefore, remedies in intimidating or acting against a single individual would not be actionable in themselves. However, a broad-based pattern of action that can have an impact on the market could be something that the regulators would take into account.

I'm not an expert on EU antitrust law but just as a matter of common sense, people and companies bring situations to the attention of the regulators all the time, and they only have so much by way of resources, so just automatically they're going to allocate those resources in such a way not only in line with their current objectives and what types of things they're most concerned about but also how great the impact on their citizens may be. So a single incident, by that test, would also be unlikely to matter unless it had a huge impact on the market. That said, there may be other types of remedies outside the antitrust laws in any given situation under a given jurisdiction -- might be worth looking at.

Q: All right. Andy, thank you so much for spending time with us today.

Andy Updegrove: My pleasure. I'm a big Groklaw fan, and keep up the good work, PJ! And you Sean!

Q: Thank you.