Politics of standards


With great power there must also come great responsibility! ~ Stan Lee (via Spiderman)

Powerful technology companies often use the technical standardization process for marketing and to enhance their competitive market position. How to recognize this, and some strategies to ensure a competitive, diverse ecosystem.

I’ve written before about the importance of standards-based interoperability, but nowhere is the caricature of technical people or organizations as those who do not participate in active politics more wrong than when it comes to technical standards development.

To start, there are two high level steps to a technical approach to solving a problem becoming a true, globally accepted and utilized standard - (1) incubation and (2) standardization.


Incubation is a pre-standardization process where a group, an organization or a group of organizations identifies a technical approach that is articulated as a “specification” to solve a particular problem. There tends to be rapid change and evolution of the specification based on the perspectives of the folks at the table.

The incubation often takes places in a closed setting and may not provide any mechanisms to anyone outside the group to have visibility into or provide feedback into the development of the “specification”.

The quality of the final specification tends to directly reflect the diversity of thoughts and perspectives (or lack thereof) of the group membership and of the power-balance, whether due to technical credibility or organizational influence, between the participants.


The group may decide to submit the specification to a standards development organization (SDO) in order for it to become a formal standard. Depending on the SDO, it will form a Technical Committee (TC) or a Working Group (WG) which takes in the specification that was submitted as the starting point for its formal standardization process.

Often the members that incubated the specification will ensure that one or more of their representatives are installed as the “Editors” of the standard to, ideally, provide continuity and history. The editors “hold the pen” for the standard and have both formal and informal power and influence over what ends up as the final standard that is ratified by the SDO.

Subverting the process

While all this sounds like a largely acceptable and workable process, I’ve also seen the process be influenced or subverted for the benefit of the few at the expense of the many:

  • The incubation takes place in a closed ecosystem, whether that is within a single company or in a vendor-controlled group with a pay to play “governance” or “steering” group that have the ultimate say in what the final specification happens to be.
  • Powerful companies with global platforms or market-share, who are members of the incubation group, implement the specification in their consumer or commercial products thereby making that specification a “de-facto standard” and giving themselves first mover advantage or market control.
  • A multi-vendor standardization group at an SDO is derailed by a powerful company who unilaterally implements a particular feature or approach in their product to short-circuit discussions about feature sets that could provide a more interoperable and level playing field.
  • A powerful contributor to the SDO misuses the standardization process to throw up procedural barriers to slow down the process, increase the frustration level of the other members, or seek to use the SDO to rubber stamp the specification into a standard; the SDO is reluctant to directly address or challenge the entity out of concerns regarding alienating a powerful contributing member!

There are so many more shenanigans I could list here, but hopefully you get the reality of the technical standardization process!

Strengthening the process

I operate with a fundamental belief that innovation should be built on a foundation of security, privacy and interoperability and that a diverse, competitive ecosystem of solution providers, who provide value added services built on top of that foundation, benefits us all.

The building blocks of that foundation are global standards, and how you choose to approach the standardization process matters:

  • Work with and invest resources in true, global Standards Development Organizations (e.g. W3C, OASIS, IETF etc. ) that have long-established and validated processes for how to conduct the standardization process. The standards that result from their process tend to be open, royalty free and free to use by all with no gatekeepers.
  • Incubate the specifications in SDO affiliated structures whose work is globally visible (to members and non-members alike) and allows for participation by anyone, anywhere without a paywall. In addition to encouraging diversity of input, it also provides a pathway to the formal standardization process.
  • Implementations matter, so ensure that multiple entities who are contributing to the specifications or standards are constantly providing input from their implementations into the specification and standardization process.
  • Utilize automated test suites and interoperability plug fests on an ongoing basis to ensure the interoperability of implementations, and to inform the standardization process.

Improving the process

One long standing complaint about SDOs is that “Standards organizations are heavily dominated by members of corporate companies and […] Less-represented people don’t have the social capital to join or be a member.”

There is a lot that SDOs can do here, but is my personal opinion that this is also a place that Government can and should do more.

Government agencies source their technology from the same place as everyone else, the global market of technology solution providers. However, they are unique in that they do not have the luxury of pivoting away from providing services to a particular segment of the population because it is unprofitable or no longer part of their business plan.

Their remit and duty are to serve all, which in turn means that they need to be at the table to represent the voices of the “less-represented” and to ensure that what comes out of the standardization process is something that has utility that is in the public interest. In addition, given their lack of profit and commercial incentives, they are one of the few entities that have the credibility and influence to counter a market-centric, winner take all mentality at the standards table.

This is not going to be easy and it is going to take time, treasure and sustained attention from all of us to improve this situation, but the end results are too important to not make that investment. Are you ready?

cyberforge: random and relevant

 Tweet  Share  Email

Get the best cybersecurity research, resources and insights to help secure and safeguard the digital world.
No Charge. No Spam. Unsubscribe Anytime.