Microsoft, OOXML and the ISO: the Response
Update: Microsoft's comments can be found at the end of this article.
Microsoft plays to win. As a result, it seems to regard any legal means as justified, and sometimes even strays outside the law, as the US anti-trust case demonstrated. In the context of marketplace rough-and-tumble, such aggressiveness is perhaps acceptable, but in other realms, there may be serious collateral damage. A good example of where that is the case is Microsoft's behaviour during the OOXML standardisation process at the ISO.
In order to gain ISO approval, Microsoft needed to garner the requisite number of “P” votes, and the influx of many new “P” voting members, most of whom were in favour of OOXML, was striking. This sudden urge to join an otherwise obscure ISO committee might, on its own, be unproblematic if it had no further knock-on consequences. Unfortunately, that is not the case. Here's what Martin Bryan, the convenor of the relevant ISO workgroup, had to say soon afterwards:
The influx of P members whose only interest is the fast-tracking of ECMA 376 [OOXML] as ISO 29500 has led to the failure of a number of key ballots. Though P members are required to vote, 50% of our current members, and some 66% of our new members, blatantly ignore this rule despite weekly email reminders and reminders on our website. As ISO require at least 50% of P members to vote before they start to count the votes we have had to reballot standards that should have been passed and completed their publication stages at Kyoto. This delay will mean that these standards will appear on the list of WG1 standards that have not been produced within the time limits set by ISO, despite our best efforts.
In other words, the new delegations joining the ISO committee seem not to have the slightest interest in carrying out their general duties: they were purely there to vote in favour of OOXML. As a result, a small but important part of the ISO machinery has been seriously affected, to the extent that the consideration of other standards has been hindered.
With the facts that have come to light, it's not possible to say with certainty what role Microsoft played in causing those nations to join the ISO committee, even though it seems likely it was involved, if only for statistical reasons; I'd be interested to know Microsoft's official position on the encouragement and financial incentives it gave to any of the new “P” members.
Encouraging friendly “P” nations would be an obvious move in trying to gain the votes required, and would certainly fit in with other examples of the company being prepared to use all kinds of means to achieve this end. Rather than going through the entire list, here are some representative examples of its practices that have emerged.
The influx of pro-OOXML delegations mentioned above refers to the overall balance; but evidence can also be seen of Microsoft's activity at a national level. For example, in Italy:
Up and until mid-may  the members of the relevant Uninfo committee (JTC1) were five: IBM, Microsoft, CEDEO (Leonardo Chiariglione), the PLIO organization (Openoffice.org in Italy) and HP. Then new members started flocking. At the last count, voters were 83.
Particularly noteworthy is the fact that among those favouring the adoption of the standard without reservation a large majority is made of business partners of the proposing entity, a law firm retained by the latter, the official certified business partners association of the proposing entity.
How new members were admitted to national bodies is also a concern. For example, in Portugal:
Recently a Portuguese group was established to serve the same purpose, to determine whether OOXML shall become an ISO standard or not and not surprisingly Microsoft did their homework and got not only the president seat but also half-a-dozen partners “inside” of it.
...Apparently this bunch-of-impartial-tech-companies has rejected a proposal from Sun Microsystems (Portugal) to become an active part, arguing that “there are no empty chairs in the room used for the meetings”.
Specially since this isn’t true. For seating people there were seats enough for almost 30 people, but they chose to steer away one of the most important big companies in terms of open standards.
They further refused representativity to universities, libraries, and other entities that care a lot more for structured documents than Primavera or Jurinfor, Microsoft parners, or most ASSOFT registered companies.
Microsoft alone wasted three seats. ASSOFT wasted two more, business partners of Microsoft wasted a few ore spots.
Another problem that cropped up was that Microsoft misrepresented situations in order to gain tactical advantages. In Spain, for example:
[Google Translate: The Andalusian [Autonomous Government] has recently complained to the Spanish Ministry of Industry its "profound malaise" in how the company Microsoft, without explicit mention, has "misrepresented" an official letter that the Board had conducted in January to AENOR documentary on Microsoft format , Office OpenXML (OOXML), currently in process in ISO / IEC.]
Microsoft's “official letter” was sent to all the members of the Spanish national board that was considering its position on OOXML standardisation. Among other things, it claimed that the Andalusian Autonomous Government supported OOXML, when in fact exactly the opposite was true:
[Google Translate: Faced with this manipulation of Microsoft, and to his knowledge, the Board of Andalusia immediately issued a harsh statement and official complaint and clarification [CARTA_AENOR_07-Andalusia-2007_Sr_Izquierdo-200707.pdf] [to] Victor Izquierdo, president of CTN71 on behalf of the Ministry of Industry, the holder of AENOR. In the "correction" that expressly and categorically denies the alleged support of Andalusia to the DIS 29500, reiterates its bid for the sole existing standard ISO / IEC 26300, will demand to refer the communication to all members of the Committee requested an explanation and finally how it was possible that there is such confusion in AENOR a process of standardization "of such magnitude and transcendence."]
A different kind of misrepresentation occurred in Malaysia:
Anyway, without thinking much more about it, I turned up at the SIRIM meeting room this morning. The first person I see seated is Mr. Doug Mahugh. Yes, he is the "Senior Product Manager" at Microsoft USA. And he is here in the SIRIM building. It's nice to see him here, but ... what's going on?
Is he Malaysian? No.
Is he a TC4 member? No ... SIRIM decided to make Microsoft a co-opted member, and it was made clear that this meeting excluded all co-opted members.
Is he an expert? Yes, but SIRIM never requested for an expert from a co-opted member.
Would he have Malaysia's interests before his corporation? I dunno, but I somehow doubt it.
He certainly got quite a few stares from the room.
So anyway, I find out, from the business card, that Doug is representing our friends from IASA! He even has a business card and all! Sure, IASA is an international body for software architects, but Doug Mahugh is actually a VP for IASA, specifically, for Malaysia!
During meetings of national bodies, there was some inappropriate actions by Microsoft. For example, one of those involved in the meetings in Brazil writes:
I was recently advised that in a presentation at a NB (National Body from JTC1), it was used a SLIDE which was initially presented at the closing part of the BRM. I cannot write about the whole details, but my last contribution at the BRM, as a Brazilian delegate, I’ve asked to Mr Barta, representative from ITTF (ISO/IEC) and more or less “the judge” inside the room, that the text of that slide should be corrected, because on the way that it was presented it distorts everything that was discussed on that week. When I’ve finished my explanation, Mr Barta informed Mr. Oh (the secretary of SC34, from Japan, author of that slide and the person that was presenting it) that that slide and those numbers SHALL NEVER leave that room, because they didn’t summarize nor represent the results of the meeting. The slide didn’t also explain the process used by the meeting so it is meaningless to the people that wasn’t at the BRM. (issue solved ok? … no)
When I left the meeting and arrived at the hotel, I’ve discovered that a professional from the company that has submitted the specification to ECMA had already published the data the web, on his blog (and soon withdrawn… strange, right). To the people that don’t know what I’m talking about, it is about the absurd number of 98% of problems solved that Microsoft insists in use worldwide, committing a CRIME every time that uses or present those numbers.
So the delegates were explicitly told that they could not talk about or use the slide in question, but someone from Microsoft did precisely that. Even though the misleading slides were taken down, they were still used at another meeting:
The concrete fact is that I was informed by a colleague of Chile, that in last week, this slide (with the name of Mr. Oh on it) was used at a meeting of Chile’s NB. The slide was part of a presentation made by Microsoft to demonstrate how everything was resolved in OpenXML.
Interestingly, those slides turned up in Poland, too:
Andrukiewicz, while presenting the results of the Geneva Ballot Resolution Meeting on OOXML, presented the same slides the delegate from Brazil wrote about.
It turns out they have an interesting provenance:
In general the slides presented a false impression of the results of the BRM, claiming that 98% of the OOXML issues have been resolved during the meeting which is obviously not true. What is even more interesting is the real author of the slides. An anonymous KT 182 member confirmed that basing on the properties of the PowerPoint file which the members received, the author is Raul Pesch, Platform Strategy Manager, Microsoft Nederland.
Finally, and perhaps most worryingly, there were cases where Microsoft applied direct pressure in various ways.
Sometimes this was to an entire national body, as one of the Indian members describes:
My first anguish is the way the name of my colleagues and my Institution, along with names of several others on the committee LITD 15, have been maligned and tarnished by Microsoft. My second anguish is that Microsoft persisted in its attempt to pressurize Indian leadership to change the Indian stand, in spite of the fact that a due process established by the Government had completed its job, recommending no change in the Indian vote.
In Denmark, the pressure seems to have been applied to individuals:
[Google Translate: Microsoft makes no secret of the fact that they have been significantly involved in issues surrounding the approval of OOXML as an international standard under ISO.
But so far, the Danish Chamber denied that the company has tried to put pressure on the partners in question. But it is not consistent with the view to meet with partners.
A source who wishes to remain anonymous, according to [the Danish magazine] Version2 that he saw that Microsoft is so trying to manage the process. He denies that there was corruption, but his contact Microsoft came early in the path of a particular form which the partner was sent to Danish Standard. The source reiterated Microsoft switch repeatedly call to send the form in.
The distribution of forms is confirmed by the strategy manager Jasper Bojsen Microsoft, but he denies that there was that Microsoft wanted to determine what the partners would have thought.
"We have always said that it is up to partners themselves to decide what to believe, but it is true that we have given form to the partners. This is a standard form to Dansk Standard wants answers delivered on. When it comes to invitations to return, I will not deny that there may have been communication in connection with a deadline, but we're not talking about that we would decide what the partners would do, "he said.
It is now not considered as the source has received. Version2 to inform him that he definitely was considered.
"If I had not posted a positive comment in, it would have consequences in our cooperative relationship with Microsoft," he said.
The source identifies example leads, support and seminars as areas that could be in jeopardy if "he did not makkede right."
Jasper Bojsen sorry if the partners have experienced the situation as a pressure.]
Sometimes, the pressure amounted to damaging insinuations about a person, as happened in New Zealand:
We have discovered that Matthew Holloway was badly slurred by a Microsoft employee in an email to one of the bodies advising an overseas standards NB. It is worth noting that our own national body, Standards New Zealand (SNZ), took the claims so seriously that they responded to parties who received this email.
We discovered the slur by chance, similar information may be circulating in other countries. If you are aware of this please point concerned parties to this article. SNZ have given us permission to quote this email. I have removed names to protect the guilty parties.
Your email suggests that Matthew is “far from objective” that his goal “has always been to de-rail OOXML rather than making it a better specification” and that this “has clouded a lot of his thinking”.
Whilst you are entitled to your opinions, we do not share them. We are most concerned about your statement that “while his efforts have been appreciated by the Standards NZ people on the OOXML advisory group his attitude and disingenuous approach (especially with regard to reaching outside NZ to stir things up) have not gone down well”
Your statements imply that you are relaying the views of Standards New Zealand and we ask you rectify this misrepresentation immediately. We have found Matthew to be an extremely valuable member of our advisory group and believe that he has acted with integrity as an advisory group member.
Taken individually, these dubious actions might be dismissed by Microsoft as “minor lapses”, “misunderstandings” or actions of an atypical “rogue” manager – as was done in Sweden, where an offer was made to support partners financially if they attended the key meeting of the national body and voted in favour of OOXML. But taken together they suggest a consistent philosophy of being prepared to use whatever means necessary in order to gain the required number of votes.
Since there are very few laws relevant to this field, I doubt whether Microsoft has broken any with its actions during the ISO standardisation process, either through those already disclosed, or others that may come come to light (although the European Commission may have its own views on this). But as well as the letter of the law, the spirit matters too, and I would be interested to hear to what extent, against a background of skewed committees, misrepresentations and overt pressure, Microsoft thinks it adhered to the spirit of the collegial, consensus-based standards-making process in finally obtaining that much-coveted “win” for OOXML.
The response is from John Phillips, national standards officer, Microsoft UK:
“Microsoft is an advocate for broad participation in international standards. The great work of the JTC 1 SC 34 community has been both positive and highly productive. In reaching consensus, our guiding principles remain focused on our customers, partners, and the broader community.
“Open XML was standardized after a thorough technical review process in full collaboration with an unprecedented number of interested parties. Now completely in JTC 1 SC 34 maintenance, delegates from many countries are actively working on the future of the ISO 29500 document format which is exactly what governments and enterprises around the world were hoping to see happen as a result of the standardization process.
“Microsoft remains committed to choice in document formats. Microsoft has implemented ODF support in Office 2007 SP2 as promised. We are active in the ISO/IEC 29500 maintenance process in SC34 and the ODF maintenance process in OASIS, as well as the ODF-Open XML translation work being done in SC34 WG5. We have led the industry in providing comprehensive public disclosure of the details of our implementation of document-format standards (www.DocumentInteropInitiative.org), and we have participated in numerous interoperability events including numerous workshops globally such as the recent ODF Plugfest in The Hague. We look forward to continued participation in these and other activities, and we encourage other implementers of document-format standards to do the same.”
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Devuan Beta Release
- The Qt Company's Qt Start-Up
- May 2016 Issue of Linux Journal
- Open-Source Project Secretly Funded by CIA
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The US Government and Open-Source Software
- The Death of RoboVM
- The Humble Hacker?
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- New Container Image Standard Promises More Portable Apps
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide