Consortiuminfo.org Consortium Standards Bulletin- Month year
Untitled Document
Home About This Site Standards News Consortium Standards Journal MetaLibrary The Standards Blog Consider This The Essential Guide to Standard Setting and Consortia Sitemap Consortium and Standards List Bookstore
   Home > Consortium Standards Bulletin > June 2004
  Untitled Document
Untitled Document

 

June 2004
Vol III, No. 6

STANDARDS AND SECURITY

Editorial:  STANDARDS AND WAVE THEORY
Standards can be either proactive or reactive. Proactive standards (like Internet enabling standards) can create new markets. Conversely, reactive standards that enhance the user experience are developed after the value of a market has been proven. Tracking the launch of reactive standards efforts can therefore provide clues on where industry players are placing their bets for future growth. Print this article

Feature Article:  CONSORTIA, STANDARDS AND THE USER EXPERIENCE
Ecommerce and email usage are growing rapidly – and so are Spam, phishing, spoofing, and identity theft. A squadron of new consortia with a wide range of tactics has recently been launched in response, each by a different constituency that is threatened by the rise in cyber security abuse. Print this article

Update:  WHAT DOES 1086 MEAN TO CONSORTIA?
Last year, we reported on a new bill that would amend the National Cooperative Research and Production Act to allow traditional SDOs to better protect themselves from frivolous lawsuits. Now it's about to be signed into law, and it appears that consortia will suffer as a result. Print this article

Standards Blog:  AVOIDING A NEW DARK AGE
As we become more reliant on the Web to obtain information, we become more limited by what someone decides to put – and keep -- there. In 2020, will you be able to find your past? Print this article

News Shorts:   New Consortia Continue to Proliferate; Making Sense of Web Standards; Trade Barriers Redux; Will RSS and Atom Stay Friends? WiMax Makes its Move; Standards for a Hydrogen Economy; Consortium Standards Rule! and much much more. Print this article

Print this issue




EDITORIAL:

STANDARDS AND WAVE THEORY

Andrew Updegrove


Standards enjoy an intimate and unique relationship with technology industries. Without certain types of fundamental enabling standards, the wide commercial deployment of many new technologies would be infeasible. The most obvious examples of this synergy exist in the burgeoning area of telecommunications, which today underlies everything from the Internet to camera equipped cell phones.

Other standards have traditionally been created to optimize, rather than fundamentally enable, the commercial use of technology-based products. Examples in this area include the type of interoperability standards that permit the assembly of networks comprising the products of multiple vendors.

Such optimizing standards also provide important incentives to adopt new technologies, because they decrease the risks and increase the rewards of investing in upgraded technology, since adopters can expect to choose from more products and services, and at lower costs, and because standards-based technologies are likely to have a longer lifespan.

But with the convergence of information technology with telecommunications brought about by the ever-increasing use of the Web, the lines between enabling and optimizing standards are becoming more blurred. Are standards that limit Spam, bolster data security, and block viruses enabling or optimizing?

In the sense that such standards allow systems to meet minimum customer requirements, they are enabling, even though they are not necessary to execute base functionalities. For example, security does not enable purchasing, as such. At the same time, no one would engage in ecommerce without some reasonable expectation on the part of a customer that her bank account data, social security number and credit card information were reasonably secure.

If there is an “X-axis” along which one can plot the utility of a given standard, from pure enablement to pure optimization, there is also a Y-axis along which one can plot the commercial return to those that create and adopt a standard. Logically, as the value of a market increases, the rewards of creating standards that protect that market, or which are likely to lead to further growth in that market, will increase.

The result is that one may sometimes observe a kind of “wave theory” of standards development.

The first wave of standards enables something to be done that could not be done before, or provides a dramatically improved way of accomplishing an old task. Increasingly, this type of fundamental standard (or “commonality”, as we prefer to say) has been conceived or marshaled by an individual thought leader, such as Tim Berners-Lee or Linus Torvalds. More traditionally, the new standard is the work of a group of companies, which have realized the potential for a new standard to enable a significant commercial opportunity (witness, for example, the intensive and ongoing efforts of Microsoft, IBM, BEA and several allied companies to create a robust suite of Web services standards).

The second wave of standards follows after the value of the market has been proven, and is more likely to comprise second-level enabling or optimizing standards. It may also include what we have previously referred to as “strategic” standards. These standards are competing solutions launched by companies that are late to the party, or that feel they are suffering competitively in comparison to those promoting the original standard.

As a market matures, there may also be a third wave of standards. In this case, many of the standards are what might be referred to as “enhancing” or “maintenance” standards. Such standards may, for example, improve the quality of the user experience. Setting standards of this type may be viewed as an investment in cultivating and growing a proven market.

As a result, the number of standards efforts actually launched in a given technical area will tend to indicate the value of the market that these standards serve. Similarly, by observing the percentage of industry resources being invested in standards development in one market over another, one may also roughly measure the future return that those involved in standard setting hope to derive from their investment in one area as compared to another.

In this month’s Feature Article, we focus on a prime example of these forces in action. Already this year, there has been an explosion of new initiatives launched in what can broadly be called the Web security area. In most cases, these initiatives are taking place in new organizations formed expressly for the purpose of addressing areas of concern as diverse as Spam limitation, denial of service attacks, and “Phishing” (identity theft accomplished through deceptive email linking to credible – but fraudulent – web pages).

Significantly, many of these new organizations focus on the consumer experience. As such, they indicate that the Web is now experiencing the third, or “enhancement”, wave of standard setting.

In the future, we can expect that not only will additional wave cycles be launched in entirely new areas of technology, but also that this will occur on the Internet, as the “build out” of Web capabilities is completed. Each time a new capability is enabled, the cycle will begin anew, with successive waves of enablement, optimization and enhancement.

Comments? Email:

Copyright 2004 Andrew Updegrove



FEATURE ARTICLE:

CONSORTIA, STANDARDS AND THE

USER EXPERIENCE

Andrew Updegrove

Introduction:  In 2003, one of the most active areas of standard setting involved security. In 2004, this trend is continuing, but with a marked difference. Last year, the majority of the action centered on Homeland Security initiatives (see, Standards: the Year in Review.) The focus of much of the effort this year, in contrast, is the end user. And while most efforts in the past involved only standard setting, many of the organizations and initiatives launched this year involve a diverse range of other activities as well.

In some cases, the goal of these new consortia is to make the Web a safer place for customers (thereby facilitating ecommerce opportunities). In others, the intention is to make using the Internet less annoying, both for consumers as well as for the ISPs that carry the billions of email messages (legitimate and otherwise) that are sent every day. And there are also organizations whose goal is to bridge the gap between industry and government, as Washington begins to take a more active interest in what goes on over the Internet and the Web.

In this article, we survey the areas of greatest activity, as well as some of the new organizations that have been launched to help make the Web a better, safer, and more commercially rewarding place for vendors, service providers and customers to meet.

Why Now? Whether you believe that the Spam Age began in 1978 or 1994 (1), one might wonder why it is that 2004 has seen the advent of multiple, overlapping initiatives to curtail the flood of Spam and the incidence of identity theft.

There are a variety of reasons that are worth noting: One is the intervention of state and Federal governments in the effort to curtail Spam. But government intervention always evokes a mixed response from industry, which cannot reliably predict or control the ultimate results of legislation, even if it generally supports the overall thrust of the effort.

A second reason for action now is the potential for adoption of particular methods of Spam blocking to have a competitive effect on the fortunes of specific vendors. A third is that ISPs and carriers are suffering significant, although less widely reported, distress as well as consumers.

But most significant is the fact that, after failing to achieve the initial grandiose projections of the Internet bubble analysts, ecommerce is now growing to significant proportions. At the same time, there is a growing recognition that various forms of Internet abuse will limit commercial opportunities, and raise the costs of promoting and selling goods and services via the Internet and the Web.

The abuses themselves are becoming more troublesome. Those seeking to fleece the public are no longer just sending amateurish emails from Nigeria to their Dear Friends, but also superficially legitimate account confirmation requests (“spoofing”) purporting to come from name-brand credit card issuers and other respected sources, sometimes conjoined with realistic looking WebPages (“phishing”). According to some reports, such spoofing and phishing expeditions have fooled as many as 5% of those receiving them.

Force/CounterForce –Canning Spam and Fighting Phish: The intervention of Congress in the Spam wars is in many ways a natural development, given that the Federal Government has a history of acting to curtail telecommunications-based abuse of consumers, once the public uproar reaches a sufficiently defining volume. In 1991, for example, Congress enacted the Telephone Consumer Protection Act of 1991, which assesses fines for sending unsolicited junk faxes. Significantly, this Act addressed some of the more difficult Constitutional issues involving commercial free speech, paving the way for future efforts as new abuses evolved.

In June of 2003, the FCC and the FTC adopted rules under the same Act to create the Federal “no call” list that imposes fines on commercial telemarketers that do not honor telephone customer requests not to be bothered by unwanted solicitations. To most, moving from curbing junk faxes to curtailing junk email represents a logical and appropriate extension of Federal police power.

While the logic may be strong, the practicalities of this extension are far more problematic. In the eyes of most technically savvy observers, the enactment of the “Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003” (popularly known as the CAN-SPAM Act) proved symbolic at best. Given the foreign sources and camouflaging methodologies of many of the most notorious Spammers, the mere defining of a crime represents a necessary, but hardly sufficient step towards actually curbing email abuse. To give the most graphic example of how much greater a challenge is posed by Spam, creating a public “no Spam” list would manifestly prove to be a boon for anonymous Spammers, rather than a useful enforcement tool.

In consequence, CAN-SPAM is not likely to actually decrease Spam for the foreseeable future. Rather, its principal benefit has been to facilitate legitimate commercial email solicitation by defining what email format a vendor must use in order to avoid violating the law, and by preempting the multiple (and sometimes more restrictive) definitions of acceptable solicitation that had been springing up on a state-by-state basis.

At the same time, the limited nature of the Act and the practical limitations on government investigative techniques underline the fact that if anything effective can be done (at least in the near term), it will need to be done by private industry.

Multiple Approaches: The new initiatives formed to protect the public come from a variety of distinct constituencies, and adopt a range of approaches. None of the new organizations will exclusively use standards to reach its goals, and some will not create standards at all. Instead, these new initiatives involve creating codes of conduct, seeking the prosecution of abusers, and influencing public policy.

While production of best practices and standards has long been part of the consortium playbook, engaging in some other types of joint action has been largely avoided, in part because of the greater degree of antitrust care that must be exercised when competitors (and especially competitors controlling a majority of a given industry segment) act together. Similarly, while individual companies have hired lobbyists, and traditional trade associations have usually had a public policy agenda as an important part of their program, cutting edge technology initiatives have rarely looked to Washington for assistance.

This historical lack of interest in influencing legislation is not surprising, given that the time between conception and realization of lobbying efforts can exceed the useful life of the technology in question. Rather, investments in public policy are more likely to reward industries, instead of individual technologies or product opportunities.

But with the maturation of the Internet and the Web and the proliferation of security related issues, an environment has evolved that suggests the need for joint effort, in order to focus government attention on protecting and nurturing ecommerce. The result is a sudden proliferation of consortia formed solely, or in significant part, to inform and influence public policy to bolster cyber security.

Who they are: The new consortia addressing security needs are a varied group. Some of the more interesting are the following:

  • Cyber Security Industry Alliance: CSIA < https://www.csialliance.org/home> was announced in February at this year’s RSA security conference by an impressive list of cyber security software, hardware and services companies. The fact that its board is made up of the CEOs of member companies is indicative of both the gravity of the situation that the organization was formed to address, as well as the seriousness with which the member companies regard the challenges at hand. Similarly, CSIA took care to recruit an Executive Director that is also a heavyweight in cyber security: prior to accepting the position, Paul Kurtz was a Special Assistant to the President and the Senior Director for Critical Infrastructure Protection on the White House Homeland Security Council. Before that, he served as the Senior Director for National Security of the Office of Cyberspace Security and a member of the White House National Security Council. One reason for the high membership fees is the fact that public advocacy is the primary activity of CSIA, with the mission of improving cyber security through public policy initiatives. Its many current and planned programs include coordination with the Department of Homeland Security to promote information-sharing between business and government on cyber-threats; identifying gaps in cyber security R&D; collaborating with U.S. and international standards development organizations to support emerging technology standards and specifications that will serve to enhance cyber security; and pursuing U.S. Senate ratification of the Council of Europe's Convention on Cyber-Crime. CSIA currently has 13 members listed at its site.
  • Messaging Anti-Abuse Working Group: MAAWG < http://maawg.kavi.com/home/> was formed not by product vendors, but by the ISPs that must deal with the practicalities of Spam and related email-based forms of abusive behavior. Spam dramatically overloads ISP systems, and decreases the overall value proposition of purchasing and upgrading ISP services. Moreover, consumers have come to expect Spam blocking as an included service from many ISPs, and keeping pace with the enemy represents an ongoing challenge and expense. Moreover, email is the carrier of worms, viruses and other Internet assaults launched by hackers, which also can tax carrier resources. Finally, ISPs find themselves in the difficult position of deciding what to do when it becomes evident that abuse is occurring. All of this provided incentives for ISPs to band together to seek common solutions, based on collaboration, technology and policy initiatives. Not surprisingly, MAAWG’s goals include developing an ISP code of conduct for dealing with abusive practices, defining reference arc hitectures and network standards for combating spoofing and identity forgery, and influencing public policy. As of this writing, the MAAWG website discloses the names of 10 carrier members.
  • Trusted Electronics Communications Forum: The newest entrant into the anti-abuse consortium club is TECF http://www.tecf.org/ , which was announced just last week at the first ever Email Technology Conference, held in San Francisco. TECF was launched by yet another interest group with its own unique concerns and (therefore) action program. The focus of TECF is combating identity fraud and brand abuse, and the 14 members listed at its site represent a range of retail, telecommunications, financial services, banking and technology companies, including founding members IBM, BestBuy, E*Trade and Fidelity Investments. The goal of the organization is to curtail spoofing, phishing and other types of identity fraud that threaten the credibility and utility of e-mail marketing and e-commerce. TECF’s announced initiatives involve not only the promotion of standards for technology and best practices, but also the prosecution of phishers and other offenders. The initial four working groups of TECF are intended to formulate and/or validate techniques and tools that specifically address the high-risk threats identified by the organization.
  • Anti-Phishing Working Group: APWG http://www.antiphishing.org/index.html was officially launched in November of last year, and reportedly has 400 members (most of whom are individuals), representing over 250 companies. The actual membership roster does not appear at the member website, in order to avoid providing a target for retaliatory attacks. The public portion of the site provides a particularly useful resource for information on the nature and frequency of phishing attacks, as well as methods to recognize and combat such assaults. Recently, the organization announced a joint initiative with the Financial Services Technology Consortium < http://fstc.org/> aimed at defining the technical requirements for counter-phishing measures.
  • Global Infrastructure Alliance for Internet Safety (GIAIS): http://www.microsoft.com/serviceproviders/giais/ This initiative has a far different point of origin. Rather than being a membership organization launched by a core group of companies, GIAIS is a working group organized and hosted by Microsoft to promote and deploy its CallerID for E-Mail and related anti-SPAM initiatives. Like CSIA, GIAIS was also announced at the 2004 RSA security conference. Its goal is to increase Internet security for consumers by attempting to reduce the impact of viruses and worms. Its proposed methodologies include identifying potential threats, developing response tactics, creating longer-term remediation solutions, and communicating with and educating end customers. After an initial burst of publicity, it had not been much in the news. However, recently Microsoft announced that it would blend its CallerID proposal with another popular authentication scheme, the Sender Policy Framework (SPF), which would then be presented to the Internet Engineering Task Force as a single proposed specification for adoption.

Conclusions: The proliferation of consortia aimed at protecting the user, and thereby fostering further robust consumer use of the Internet and the Web, is a testament to the coming of age of ecommerce. On the positive side, the opportunities for advertising and closing sales via the Internet, as well as redeploying services more economically (everything from confirming flight schedules to enabling home banking), are growing enormously, fueled by a robust technology platform, a large and skilled technical work force, and the fact that a huge number of consumers have become experienced and comfortable with the Web. On the negative side, the increased online exchange of financial information has not gone unnoticed by those that see expanded criminal opportunities in ecommerce, and enforcement capabilities are failing to keep pace with technical innovation.

As we have so often noted before, the consortium approach provides a proven, low cost, easily deployed method for companies with similar concerns and interests to band together to seek common solutions. But – while the strength of this approach is that multiple groups can achieve rapid, targeted solutions for problems that they are uniquely able to understand and address, the concomitant weakness is the potential for disparate, poorly coordinated and (therefore) less effective solutions. The burden, therefore, is on these organizations to quickly explore and establish effective liaison relationships with each other so that the sum of their various worthwhile efforts adds up to the most effective, rapidly adopted, and pervasively deployed security solutions.

Comments? AuConAdd();">updegrove@consortiuminfo.org

Copyright 2004 Andrew Updegrove

Disclosure: The Cyber Security Industry Alliance and the Message Anti-Abuse Working Group were each formed with the advice and legal assistance of Gesmer Updegrove LLP, the sponsor of this site.

For further Information:

ConsortiumInfo.org has a variety of resources to help you locate and investigate new and existing consortia:

  • The Consortium and Standards List includes descriptions of over 300 consortia and accredited standards development organizations. Links are included to each organization’s web site, as well as to their specifications and intellectual property policies, if they appear at public portions of the site. The list is searchable by geography, type of organization, and subject matter. For a list of over 20 organizations involved solely or significantly in Security issues, click here. For ready reference on any area of standard setting, bookmark the master list. If you know of an organization that is not listed, please let us know.

Opinions differ on what marked the advent of the Spam Age. For the traditional view, which awards the dubious honor of First Spammers to immigration lawyers and Laurence Canter and Martha Siegel, see:http://www-106.ibm.com/developerworks/linux/library/l-spam/l-spam.htmlFor the “way back” point of view, see: http://www.templetons.com/brad/spamterm.html

 



UPDATE

WHAT DOES 1086 MEAN TO

CONSORTIA?


Andrew Updegrove

Background:  

On June 22, 2004, President Bush signed a little-noticed bill into law that is entitled the “Standards Development Organization Advancement Act of 2004” (referred to below as the “Amendment Act”). The effect of this law is to amend the National Cooperative Research and Production Act of 1993 (commonly referred to as the NCRPA). Prior to the Amendment Act, the NCRPA permitted parties to joint ventures to make a filing that will protect them from treble damages with respect to various types of collaborative research and development projects.

Now that the Amendment Act has been signed, standards development organizations that employ a consensus process of the type approved for purposes of government purchasing will also be entitled to make a filing under the NCRPA. Once they have done so, they will become immune to the treble damages that otherwise might threaten them under private suits that might allege antitrust violations in the standard setting process. As with joint ventures under the NCRPA in its pre-amendment form, any challenged actions will be judged under the “Rule of Reason” test, which permits a court to take the wider benefits as well as the negative aspects of a given activity into account in determining whether a violation of the antitrust laws has occurred.

What could be wrong with that?

The problem with this seemingly innocuous and useful law is that, like much legislation, it has been narrowly crafted for a single purpose. As a result, the changes to the NCRPA that have now gone into effect will raise considerable confusion (at best) in other situations, and particularly as respects the standard setting activities conducted by consortia. At worst, the Amendment Act will have stripped consortia, and their members, of valuable protection under the NCRPA.

The Status Quo: Before the Amendment Act, the NCRPA did not specifically address standard setting as such. However, it did include several types of activities in its very broad definitions of protected conduct that are typically carried on by standards setting organizations, including the following:

  • The development or testing of basic engineering techniques (which could encompass test beds projects, for example)
  • The extension of investigative findings or theory of a scientific or technical nature into practical application for experimental and demonstration purposes, including the experimental production and testing of models, prototypes, equipment, materials, and processes (which might cover some standard setting, as well as other types of initiatives in which some organizations engage)
  • The production of a product, process, or service (the creation of test suites might fall under this category)
  • The testing in connection with the production of a product, process, or service by such venture (certification and interoperability testing might qualify)
  • The collection, exchange, and analysis of research or production information (consortia commonly engage in such activities, producing studies, white papers and other work product) NCRPA, Section 4301(a)(6)(a) – (f)

Most significantly, the companies that engaged in these activities, and not just any organization that they formed for the purpose of conducting these activities, were protected. Since technology companies typically have significant assets and consortia have few (if any), this meant that those who were most in need of protection could benefit from the Act.

Given that complying with the NCRPA only requires making a simple filing within 90 days of the time that a consortium is formed, and updating the same filing on a periodic basis to address membership changes, many consortia have registered under the NCRPA, even absent specific language addressing standard setting as such.

All was well until several law suits alleging antitrust violations were filed against a few accredited standards development organizations (SDOs) that had reasonably large budgets and small (read: asset-poor) companies as members. While these nuisance suits were not ultimately successful, they did place a burden on the finances and management of these SDOs. As a result, these organizations sought an expansion of the NCRPA to provide immunity from treble damage, penalties and applicability of the Rule of Reason test. By doing so, they sought to lower the incentives for private parties to bring suit.

What 1086 Changes:Given a magic wand, the NCRPA could simply have been changed to provide that standard setting is expressly included as a protected activity under the Act, and there an end. Unfortunately, the actual changes that were made to the NCRPA came out rather differently, perhaps partially in response to post-Enron sensitivities over providing corporate immunity to big businesses for any reason.

As amended, the NCRPA will cover standards organizations, but only those that meet the following definition:

The term “standards development organization” means a domestic or international organization that plans, develops, establishes, or coordinates voluntary consensus standards using procedures that incorporate the attributes of openness, balance of interests, due process, an appeals process, and consensus in a manner consistent with the Office of Management and Budget Circular Number A-119, as revised February 10, 1998. [NCRPA Section 4301(a)(8), emphasis added]

The major issue with this and several related definitions in the Amendment Act is that several of the included criteria are quite vague (what, for example, constitutes adequate “due process” in standard setting?). Of greater concern is that many consortia do not have a formal appeals process at all. Yet their members are quite happy with their methods, and their standards are often respected and broadly adopted.

Most seriously, an important exclusion is noted in the same definition:

The term “standards development organization” shall not, for purposes of this Act, include the parties participating in the standards development organization. [emphasis added]

The definition of protected activity is quite comprehensive, encompassing all activities that reasonably relate to the standards process:

“Standards development activity” means any action taken by a standards development organization for the purpose of developing, promulgating, revising, amending, reissuing, interpreting, or otherwise maintaining a voluntary consensus standard, or using such standard in conformity assessment activities, including actions relating to the intellectual property policies of the standards development organization. [NCRPA, Section 4103(7)]

The net effect of the amendments is that SDOs conclusively may file for and gain protection under the NCRPA for themselves and their employees with respect to their standard setting activities, so long as those activities employ a process that meets the somewhat vague criteria of the Amendment Act.

What May Change? Many Questions:

The harder issues involve what else 1086 may inadvertently change, either by direct language or indirectly by implication. Unfortunately, while Section 108 of the Amendment Act purports to give guidance, the language of this section is convoluted to the point of being useless. It reads in full as follows:

SEC. 108. RULE OF CONSTRUCTION.

Nothing in this title shall be construed to alter or modify the antitrust
treatment under existing law of--

(1) parties participating in standards development activity of standards
development organizations within the scope of this title, including the
existing standard under which the conduct of the parties is reviewed,
regardless of the standard under which the conduct of the standards
development organizations in which they participate are reviewed, or

(2) other organizations and parties engaged in standard-setting processes
not within the scope of this amendment to the title.

If (1) is carefully taken apart word by word (not an easy exercise), it seems to be less helpful to consortia than not, while (2) seems to say that only those organizations that are not involved in proper standard setting activities ("standard-setting processes not within the scope of this amendment") may avoid being affected by the law. This means at best that consortia with good processes may be affected by the Amendment Act.

In short, the construction clause of the Amendment Act not only does not provide any reliable assistance to consortia, but rather introduces even more ambiguity into what impact the new law will have on such organizations, leading to uncertainty in planning and extra cost in any future litigation. As a result, the following questions are unavoidable:

I. Questions for Individuals and Companies Engaged in Standard Setting:

Can an individual company still be protected with regard to standard setting? In addition to the exclusion noted above, the new Section 4303(e) added by the Amendment Act provides that the limitations of liability under the Act:

…shall not be construed to modify the liability under the antitrust laws of any person (other than a standards development organization) who—

(1) directly (or through an employee or agent) participates in a standards development activity with respect to which a violation of any of the antitrust laws is found,

(2) is not a fulltime employee of the standards development organization that engaged in such activity, and

(3) is, or is an employee or agent of a person who is, engaged in a line of commerce that is likely to benefit directly from the operation of the standards development activity with respect to which such violation is found.

At most, one could attempt to argue that to the extent that the NCRPA would be included in “the antitrust laws”, that a company that is part of a consortium that did not meet the process requirements could still be protected. But as regards standard setting, this reading would doubtless be challenged in litigation. Certainly a plaintiff would consider it a worthwhile effort to argue that the clear intention of Congress was to protect SDOs, and not those companies that actually engage in standard setting, given the explicitness with which the topic is addressed in the Amendment Act.

Could the members of a consortium make a filing as a joint venture, leaving the name of the consortium out of the filing?While nominally this makes sense, one can easily imagine that a plaintiff would argue that the omission of the name of what is, after all, a membership organization would be purely a ploy that the courts should not countenance. Such a filing might be somewhat more effective if the consortium was not incorporated, but it would be regrettable if an organization that intended to have a long and varied existence were forced to forego incorporation, or to set up a contractual relationship with a service company created for that purpose, in order allow members to find protection under the NCRPA.

II. Questions for Consortia

Can consortia still file and be protected? The law addresses standard setting so specifically that it would appear that a consortium should not bother making a filing relating to standard setting activities unless it intends to follow a very conservative adoptive process, whether or not it believed that such a process would serve it well.

Should a consortium file at all? An organization is now faced with a Hobbesian choice: Should it protect itself, or its members? Since consortia are membership organizations and have no real assets to attract the attention of a plaintiff, there may be little reason for small organizations to make a filing at all.

Could a consortium file with respect to other activities? Since the NCRPA provides protection for other types of activities in which many consortia arguably engage, a consortium could presumably make a filing on behalf of itself and its members, expressly omitting any mention of (or in fact disclaiming coverage as to) standard setting. However, if its members were to seek to independently file as a joint venture with respect to the excluded standard setting activities, a plaintiff would doubtless once again allege that the dual filings represented game playing rather than legitimate practices under the NCRPA.

What activities could be covered? Appropriately for the benefit of SDOs, but inconveniently for consortia, “promulgating” standards, “conformity assessment” and “actions relating to the intellectual property policies” of SDOs are also included in the new definition of “standards development activity.” As a result, initiatives such as creating test suites, administering compliance programs, and licensing specifications may also all have been preempted, even if they were previously protected joint venture activities. The activities that consortia engage in that are left may not be legally problematic enough to worry about, although collaborative text bed activities would be one example of an activity that might reliably lie outside of the ambit of the Amendment Act.

Could a consortium still make a filing on behalf of its members and itself, and deliberately not follow the process requirements of the amended Act? Nominally, this might work, since the bill does state that the protections of the NCRPA relating to SDOs are limited to organizations that in fact meet the process standard. As with many of the other positions explored above, however, this is at best a very legalistic argument, since the clear intention of the Amendment Act is to set a high bar for conduct that merits protection. In any case, it would be ironic if the passage of the Amendment Act persuades organizations to disable the due process safeguards in their current standard setting process in order to retain previously-enjoyed protections.

What impact will the amendments have on consortia that are already registered under the NCRPA? Presumably, any actions taken prior to the effectiveness of the amendments will remain protected, to the extent that they qualified under the NCRPA in its prior form. But any future standard setting activities undertaken by a consortium would presumably protect only the consortium, and not any of its members.

Should a consortium that is not now registered do so? This answer seems clearer. Where neither a consortium nor its members are currently protected, there seems little to lose and much to gain by making a filing, assuming that the process of the consortium in question appears to meet the minimum standards of the NCRPA, post amendment. However, if the consortium has few assets, the risk of suit may not be high enough to merit making the filing.

III. Questions for SDOs and SDO Members

If a given activity may be risky, should SDO members take it outside the SDO process? Subject to the qualifications noted above, in a given instance it may be worth taking a particular activity outside of an SDO, and making it the subject either of a discrete joint venture, or of a new consortium. An example might be an effort that would otherwise be intended to begin within an SDO and then rapidly lead into the creation of a prototype, all of which would fit well within the NCRPA as it applies to joint ventures. A specification derived from the activity could still be offered to the SDO or a consortium after this work was completed.

Could an SDO file under the NCRPA as to non-standard setting activities, and claim protection for its members as well? In principal, this should be possible. In practice, a danger would remain for SDOs as well as consortia that the actions might be colored by close association with the same organization’s standards activities. For example, a study relating to standards adoption that involved exchanging information among companies would seem to lie outside the definition of standards development activities, but might nevertheless be challenged.

Should an existing SDO file? If the SDO has no meaningful assets, the likelihood of attracting a law suit may be too low to merit the filing. For larger organizations, a filing would be advisable.

Conclusions: As we noted in an earlier article prior to H.R. 1086 reaching the Senate (What is Congress Up To? Watch out for House Bill 1086 < http://www.consortiuminfo.org/bulletins/apr03.php>), it is regrettable that a rare opportunity to improve the protections afforded by the NCRPA was not exercised to greater positive effect. While one type of standard setting entity has benefited, another may have suffered. We sought to avoid that outcome through our earlier article, and did succeed in gaining some recognition in the record that consortia were not intended to suffer as a result of the Amendment Act (see <http://www.consortiuminfo.org/bulletins/may03.php#hr1086>). But that mention is in the record, and not the law, and is difficult to square with the language of the Amendment Act itself.

In effect, consortia will now labor under greater uncertainty with respect to the NCRPA as a result of SDOs gaining clarity with respect to antitrust liability. Whatever action an individual consortium and its members may decide to take now that the Amendment Act has become law (other than to forego making filings at all), a plaintiff may be expected to challenge that decision in court if a dispute ever comes to pass.

But most inexplicable and regrettable is the exclusion of individual company protection under the amendments. In the case of SDOs, their members have not gained protection that the original proponents of the NCRPA might well have favored. And in the case of consortia, their members may have lost whatever protection to which they were previously entitled. SDOs as well as consortia could have benefited from an explicit change that would have allowed participants in both types of organizations to benefit from protection under the NCRPA.

After all, there is little reason why a small group of head to head competitors may still seek protection to collaborate on a research and development project to create new commercial opportunities, while a broad group of hundreds of vendors, universities, government agencies and customers may not gain similar individual protection to create a Homeland Security standard for reliable first responder communications.

Congress turns its attention to standard setting all too infrequently. It’s a shame that it did not turn out better this time. Perhaps if consortia, as well as SDOs, had an organization like ANSI to help watch out for their joint interests, the passage of the Amendment Act could have been an event that everyone involved in standard setting could have celebrated.

Comments? Email:

Copyright 2004 Andrew Updegrove

Relevant Links:

The NCRPA in its pre-Amendment Act form may be found at:
http://thomas.loc.gov/cgi-bin/query/D?c108:5:./temp/~c108u0wCmg::

We have prepared a marked copy of the NCRPA, as it reads now that the Amendment Act has been signed into law, showing all changes:
http://www.consortiuminfo.org/bulletins/ncrpa.pdf

The final form of H.R. 1086, as approved by the President:
http://thomas.loc.gov/cgi-bin/query/F?c108:7:./temp/~c108qqxoof:e0:

Prior Testimony on H.R. 1086 a hearing before the Task Force on Antitrust of the House Judiciary Committee:
Available here

Prior CSB article on 1086:
http://www.consortiuminfo.org/bulletins/apr03.php#featured



FROM THE STANDARDS BLOG:

[] [] June 21, 2004

#17 AVOIDING A NEW DARK AGE  Everyone knows that the period following the fall of the Roman Empire is traditionally referred to as the “Dark Ages” of Western culture. And if someone knows only one more datum about the Dark Ages, it’s likely to be that we know very little about this period of time (hence, the adjective "dark").

The reason for the darkness is that European society rapidly crumbled into a multitude of illiterate tribal societies following the withdrawal of Roman military protection, as Europe and even Rome itself came under increasing pressure from barbarian attacks. It was the better part of a millennium before these societies reordered themselves into sufficiently complex polities for literacy training once again to become an attractive investment for political, and not just religious, institutions.

Once that point was reached, history, music, story telling, and the other aspects of everyday life that make the memory of one age available to the next once again began to be both recorded and preserved. But the many centuries that had elapsed between the fall of Rome and the rise of the European kingdoms left little to inform us of what life was like during that long period of neglect.

Are we unwittingly consigning much of our own past to a new Dark Ages, with the result that much of the history and lore of the centuries that have elapsed since the end of the last age of illiteracy will fade into obscurity as well?

Consider this: when was the last time that you did research in a library, as compared to online? Today, we are raising a new generation of students that will be increasingly willing to settle for whatever information is available through a browser, in lieu of seeking out the less convenient, but authoritative sources that may exist in hard copy alone. Because Web-based information is so easy to obtain, we unconsciously (or even consciously) adjust our output to what we can find most easily on line. And worse, we are increasingly tempted to employ data from non-official sources, with no assurance as to whether that data is accurate, or up to date.

Even if we are scrupulous about our sources, if we limit our research to Web-available matter, we are still limited to such information as someone has chosen to place upon the Web – and this is where the threat of a new Dark Ages begins to emerge.

Today, there are a variety of incentives for diverse parties to place most types of current information on the Web. But there are comparatively few incentives to make many types of pre-existing data available on line. Consider, for example, this comparison of Google search results on historical, as compared to current, social phenomena:

  “Hugh O’Brien” + Boston + Mayor: 61 accurate results. The longest is a single paragraph. Most are passing references  
       
  “Britney Spears” + poptart: About 11,800 (remove the “poptart” from the search toaster and the results jump to “about 4,690,000”)  

Presumably, there will be more serious researchers fifty years from now that will be interested in the social changes attendant on the election of the first Irish-born mayor of one of America’s most patrician cities than will be interested in the social impact of BS.

Even where valuable data from the past is assembled, it is usually “silo” data – narrow, topical collections of data that are not informed by, or assembled with reference to, other information or learning.

Worse yet, much of the useful information that has been made available on line on-line is not public, in the sense of being maintained by an organization that is likely to have a long existence. Rather, persons that derive no economic benefit from their efforts have placed it on the Web. The result is that they are free to expend as much, or as little, future effort into maintaining that data as they wish, and there is no long-term custodian to ensure its ongoing availability.

But worst of all is the fact that all of this information is ephemeral, since few sites bother to maintain comprehensive printed files of their own content. If I wished, I could unplug this site tomorrow, and all of the content would disappear forever, except for what may be archived at sites such as the Internet Archive’s “Wayback Machine” http://www.archive.org/web/web.php Of course, the Internet Archive is itself a non-profit organization, whose longevity will be determined by the generosity of its supporters and the enthusiasm of its staff. In comparison, there are libraries full of books that are hundreds of years old that simply need to be properly stored in multiple locations to ensure their survival. Presumably, there is no hard copy library being created by the Internet Archive to match it’s own virtual library.

What this means is that if we are to continue to move to a Web-based information society, as assuredly we should and will (and particularly so for the benefit of the third World), we need to create the following:

  • Backup hard storage in multiple locations of all information on the Web, so that a war or other disaster would not literally wipe out a substantial part of all new knowledge and history as it is created.
  • Multiple revenue models to create the type of economic incentives that are needed to create and preserve trusted, properly organized, easily found, and reliably archived information.

Call it the Alexandria Project, for the great library in which virtually all of the knowledge of the ancient world was supposedly once stored.

Which finally brings us to the standards part.

The first step in creating (as compared to funding) proper archival storage is a pure standards task: defining what type of storage is needed, how data must be formatted for importation, how often and by what means that data is transferred, and so on. As to funding: this should be a national priority, and part of the national budget.

The more interesting question has to do with providing the incentives for compiling old data comprehensively and usefully, and adding new data reliably and appropriately. And, while we’re at it, let’s make it easier to find trusted data as well.

The most obvious solution is to combine the following three elements:

  • a way to accredit data
  • a way to search for (only) that data, and
  • a way to pay for that data

This is not, in fact, as hard to do as it may seem, at least in so far as describing a workable methodology is concerned. Consider each step individually:

  • Accreditation is a classic standards exercise: first, create the requirements for trusted material (definition of scope of hosted information, comprehensiveness, reliability, attribution to sources, updating obligations, and so on). Next, create the infrastructure for applying for, maintaining (and rescinding) accreditation credentials.
  • Search is an even easier challenge within a certified system, and could be addressed in a variety of ways, from central hosting to unique identifiers supplied by the accrediting body.
  • Revenue models, of course, are the hard part. But it seems more likely that the initial Web model of free access will give way to viable payment models as the quality of information becomes higher, if the cost of access is low. After many early false starts, there are a number of new micro-payment and subscription models that have recently been launched to address the possibility of selling low-cost content and other goods and services, each of which is informed by knowledge of the factors that led to the demise of the earlier, similar efforts. It is my belief that at least some of these models will take hold, perhaps sooner rather than later. In the end, it may be eBay and PayPal that will sufficiently habituate the public to on line impulse payments to enable a conversion to online content shopping.

As with so many other aspects of the Web, it is time to transition from the frontier era to a mature build out of the full content preservation capacity of this revolutionary resource. It is true that the frontier era provided us all with a once in a lifetime, heady opportunity to participate in a riot of innovation. But it is now time to engage in careful infrastructural investment in order to fully realize the potential of the Internet and the Web to assemble a globally-accessible, trusted library of all human knowledge – and thereby protect us all from the catastrophic loss of that same priceless treasure trove as well.

Comments? Email:

Copyright 2004 Andrew Updegrove

The opinions expressed in the Standards Blog are those of the author alone, and not necessarily those of Gesmer Updegrove LLP

# # #

Useful Links and Information:

About the Internet Archive:
http://www.archive.org/about/about.php

Mayors of Boston (since 1884):
http://www.wordiq.com/definition/Boston#Mayors_of_Boston.2C_past_and_present

Typically Spartan online summary of the life, achievements and impact of Hugh O’Brien: http://www.wordiq.com/definition/Hugh_O%27Brien

The following site has, needless to say, a unique perspective. Click here for not only a complete list of Boston mayors – but the location of each worthy’s internment as well:
http://politicalgraveyard.com/geo/MA/ofc/boston.html

Postings are made to the Standards Blog on a regular basis. Bookmark:



THE REST OF THE NEWS

Every day, we scan the web for all of the news and press releases that relate to standards, and aggregate that content at the News Section of ConsortiumInfo.org. For up to date information, bookmark our News page, or take advantage of our RSS feed: http://www.consortiuminfo.org/news/rss/ Updates are usually posted on Mondays and Wednesdays. The following is a selection of the many stories from the past month that you can find digested at ConsortiumInfo.org.

New Consortia

More and more: Earlier this year we noted that a strengthening economy has led to a resurgence of consortium formation. That trend has not abated. This month's crop of new organizations includes entrants in the areas of anti-messaging abuse (see our feature article on the same topic), InfiniBand/Linux coordination, and governance, risk and compliance management in the age of Sarbanes-Oxley and the U.S. Patriot Act.

GLOBAL, CROSS-INDUSTRY LEADERS ASSEMBLE TO FIGHT ONLINE IDENTITY THEFT
TECF Press Release, San Francisco, June 16, 2004 --
A global, cross-industry consortium of industry leaders today announced the formation of the Trusted Electronic Communications Forum (TECF), a collaborative endeavor with the mission to help mitigate the risks posed by phishing, spoofing and other tactics of online identity fraud. The group will also focus on finding an immediate cross-geographic and industry-wide standard to protect consumers and businesses. The TECF brings together some of the most influential knowledge-leaders in retail, telecommunications, financial services, banking and technology to join forces to eliminate the threat of phishing to e-mail and e-commerce. The TECF's founding member companies include ABN AMRO, AT&T Wireless, Best Buy, Charles Schwab, CipherTrust, DIRECTV, E*Trade, Fidelity Investments, GE Access, HSBC, IBM, National City Bank, PostX Corporation, Royal Bank of Scotland and Siebel Systems. "Identity theft is a multi-billion dollar per year problem, and phishing and spoofing seriously erodes consumers' trust in the Internet and enterprise brands," said Shawn Eldridge, Chairman, TECF. ...Full Story

Vendors, users launch Linux InfiniBand effort
By: Robert McMillan
InfoWorld, San Francisco, CA, June 14, 2004 --
A group of high-performance computing users and technology vendors led by Sun Microsystems Inc., Dell Inc., and Intel Corp. will launch on Tuesday an effort to make the InfiniBand input/output architecture easier to use with Linux, according to companies involved in the initiative. The effort, called the OpenIB Alliance, will work to build a common set of software utilities and InfiniBand hardware drivers as well as an implementation of a number of networking protocols, including IP (Internet Protocol) over InfiniBand, and the Message Passing Interface (MPI) protocol used in high-performance computing, members of the Alliance said. ...Full Story

Software, Consulting And Content Firms Form The Compliance Consortium
AxentisEnterprise.com, Cleveland, OH, June 7, 2004 - Axentis...today announced [the formation of] the Compliance Consortium (www.thecomplianceconsortium.org ). The consortium will promote effective and efficient enterprise governance, risk and compliance management. In addition to Axentis, founding members include: Approva, Hyland Software, Inc., Hyperion Solutions Corp (NASDAQ:HYSL), Jefferson Wells International, Intuition, Navigant Consulting (NYSE:NCI), The Network, PLI-Corpedia, and Staffware (LSE:STW). By providing thought leadership, definitions of key components of a GRC framework and standards for integration, the consortium will provide much needed clarity to a market currently hit with broad array of conflicting information. The consortium believes that establishing better GRC management practices has become imperative in response to dramatic growth in new regulations and market expectations such as Sarbanes-Oxley, the USA Patriot Act, Basel II and others. ...Full Story

New Initiatives

Web services: convergence or tomorrow technology? Over the past year, we have frequently reported on the rapid development of increasing numbers of Web services standards, as well as the highly distributed (and even unorthodox) fashion in which this process has been evolving. (See, for example, our May, 2003 issue: Who Should Set the Standards for Web Services? ). The following stories highlight both the hopeful centripetal, as well as the less optimistic centrifugal, forces that continue to affect this interesting standards/business area.

Trying to make Web services make sense
By Martin LaMonica
CNET News.com, June 22, 2004 -- The company embraced the technology to do exactly what it was designed for: sharing information with business partners over the Internet. But even this leading-edge user is staying clear of the most recent Web services standards for security and more--because they're too confusing. "A lot of different organizations have gotten involved in Web services specifications, and some of them overlap," said Andy Miller, vice president of technical architecture at Corporate Express. Instead of experimenting with the latest capabilities, Corporate Express is sticking with the most basic communication and data-formatting Web services standards. "We're just trying to keep it simple because we have no idea how this stuff is going to go," he said. ..."Until we see more clarity and unification of Web service standards, then our IT purse strings will stay closed on new investments," said a publishing company's security expert, who wished to remain anonymous....Full Story

Proposed Technical Specification for Web Services Addressing and Referencing Framework
The Cover Pages, June 3, 2004 -- In an open letter the W3C AC Forum, eleven major companies have proposed the creation of a new technical activity to bring about industry convergence in the area of Web Service Referencing and Addressing. A draft "strawman" proposal calls for a new working group that would have the participation of the entire web service community. The WG would produce a WS-Addressing and Referencing Framework Recommendation based upon WS-Addressing (BEA, IBM, Microsoft) and WS-MessageDelivery (W3C Member Submission). ...Full Story

Story Updates

Trade barriers redux - up or down? Our last issue focused extensively on the use by some countries of standards as trade barriers, as well as the United States government's plans for confronting that practice. The three articles below are examples of the good news and the bad news on that front that has been released during the intervening month. On the glass half full side, ANSI reports in the first article on IPR-based trade barriers, while the second piece describes IPC's assault on Capitol Hill to drive home the same point. More hopefully, the third piece is a press release from the GSM Association, announcing the signing of an agreement between that standard setting organization and the TD-SCMA Forum, a Chinese standards organization. The collaboration shows important progress regarding the 3G mobile standards that will hopefully be globally adopted.

ANSI Submits Analysis of IPR Policies on Trade with China
ANSI News and Publications, New York, NY, June 11, 2004 -- "The trade challenges facing U.S. industry can be tied directly to intellectual property rights (IPR) concerns in certain standards-development organizations," cautions a group of experts organized by the American National Standards Institute (ANSI). The analysis comes from a white paper highlighting potential trade barriers that result when other countries mandate conformance to national standards developed in a closed process. Often, these countries may also be developing and implementing related IPR policies that are not transparent to U.S. companies and in many cases run counter to international norms. ...Full Story  To download a copy of the report, click here.

IPC's Lobbying Efforts Extend
IPC Press Release, Northbrook, Ill., May 26, 2004 --
Led by its members, IPC-Association Connecting Electronics Industries* carried high the banner for a fair, open and rules-based international trading system at its recent Capitol Hill Day-the industry's premier lobbying event. In more than 50 appointments with lawmakers, senators and their staff, IPC's Government Relations Committee and more than 40 industry leaders ardently lobbied Congress to enforce the United States' international trade agreements and more aggressively officiate U.S. trading partners' obligations under the World Trade Organization and other international trade agreements. In particular, Capitol Hill Day attendees asked Congress to keep the pressure on U.S. trading partners that manipulate their currency in order to gain a competitive and trade advantage over their U.S. counterparts. During his keynote address, Rep. Donald Manzullo, chairman of the House Small Business Committee, expounded on this issue, emphasizing that lower business costs, not protectionist trade policies, will revitalize the U.S. manufacturing sector. Congressman Phil English (R-Pa.) concurred with Manzullo in his address, as he discussed his countervailing duty bill and other congressional efforts that help level the playing field with foreign competition. ...Full Story

GSM ASSOCIATION ANNOUNCES ALLIANCE WITH TD-SCDMA FORUM
GSM Association, Beijing, 15 June 2004 -- The GSM Association and the TD-SCDMA Forum today signed an agreement to co-ordinate the development of the two 3G standards. Through closer co-operation, the two organisations will promote interoperability and international roaming between the two technologies and so maximise economies of scale for the benefit of end-users, operators and manufacturers. The GSM Association is the global trade association representing more than 630 GSM and 3GSM mobile operators world-wide, while TD-SCDMA Forum was established in China to promote the development and commercialisation of TD-SCDMA. Chosen by 98% of operators who have been allocated radio spectrum in the 2GHz band identified by the International Telecommunications Union for 3G, 3GSM exploits "paired" spectrum, with users speaking or transmitting data on one radio channel and hearing responses or receiving data on a second radio channel. By contrast, TD-SCDMA transmits and receives data in different time-slots on "unpaired" radio channels. ...Full Story

Blu-Ray loses a round: Dedicated readers of the CSB know that we have been watching the face-off between two competing DVD formats with close attention, due to the déjà vu aspects of the situation (which harks back to the VHS-Betamax standoff of 25 years ago, and even involves many of the same players). The latest news involves the continuing support by the DVD Forum for one of the two rival formats.

HD-DVD Spec Approved
ExtremeTech.com, June 11, 2004 --
The DVD Forum this week approved HD-DVD 1.0, a specification that will compete with Blu-Ray for the future of the DVD disc format. According to the DVD Forum's web site, the DVD Forum approved the specification on June 9 or 10. In November, the consortium approved version 0.9, which defines a 15-Gbyte single layer DVD disc and a 30-Gbyte dual-layer disc. The approval appears to set the stage for yet another optical storage standards battle. The DVD Forum's member list includes companies like NEC and Toshiba, who developed the current DVD-R and DVD-RW specifications. ...Full Story

When RSS met Atom: The continuing saga of the RSS and Atom web publishing formats continues, like a sitcom serial or soap opera. Earlier in this season, you will recall, Google had dissed RSS in favor of Atom. Last month, viewers will recall that RSS was making nice to Atom. Now, it seems, Google is flirting with RSS again. Will RSS and Atom's fragile friendship survive? Stay tuned.

Google Mulls RSS Support
By: Stefanie Olsen and Evan Hansen
CNET News.com, June 9, 2004 --
Google is considering renewing support for the popular RSS Web publishing format in some services. Along with rival Atom, RSS is a leading candidate to form the basis of an industry standard for a new style of Web publishing that lets readers easily compile news headlines on the fly. Were Google to support both RSS and Atom equally, it might help ease growing pains for a swiftly rising movement of Web publishing. It would also restore Google to the status of a neutral party in the midst of a bitter fight between backers of RSS and Atom, who have been divided since last summer when critics of RSS banded together to create the alternative format. Since then, many blog sites and individuals have rallied behind Atom. Google is central to the debate because of its mounting influence in the online community and within Web publishing circles as the owner of Blogger. ...Full Story

Big brother or Uncle Sam? Privacy concerns about RFID chips refuse to go away. The following story reports on efforts by everyone from Vermont Senator Patrick Leahy to the ACLU and the Electronic Frontier Foundation to focus attention on this issue. The good news? The cost of RFID tags is still too high to permit their use in actual consumer sales, allowing (we hope) a comfortable period of time for the debate to continue and acceptable practices to be agreed upon.

RFID and Privacy: Debate Heating Up in Washington
By: Grant Gross
InfoWorld May 28, 2004 --
Privacy advocates and some lawmakers are pushing a debate over potential privacy abuses from the growing use of radio frequency identification chips as huge retailers such as Wal-Mart Stores Inc. move toward large-scale use of the technology. RFID uses small computer chips and antennas that are integrated into a paper or plastic label. Those chips can then be read by an electronic scanner, and unlike barcodes, RFID chips withstand dirt and scratches and can be scanned from distances upward of 25 feet (750 centimeters). Privacy advocates worry that the technology will allow other uses, such as real-time tracking of customers in stores, or even after they leave stores. Privacy advocates see the potential for retailers and other companies to be able to track consumers long after a consumer purchases an item -- for example, a tennis shoe manufacturer scanning a sporting event for the number of people wearing its product. ...Full Story

Who's Doing What to Whom

Browsers fight back: Remember Netscape? Well, the browser that brought the Web to the Everyman still has its loyal followers, as does newer entrant Opera. Recently they banded together on the standards front to bolster their beachhead in the browser wars.

Mozilla, Opera Join Forces for New W3C Proposal
Sean Michael Kerner
InternetNews.com, May 31, 2004 -- Two of Microsoft's rivals in the browser space have joined forces on a standards proposal slated to be presented to a W3C workshop. The Mozilla Foundation and Opera Software collaborated on the document, which represents their "consensus" opinion in the context of standards for Web Applications, and Compound Documents. The working document of the draft specification is titled Web Forms 2.0 which is in its essence an extension of the way forms are defined in the existing HTML 4.01 forms chapter, though it will apply equally to XHTML user agents as well. The proposed specifications include new attributes, DOM interfaces and events for validation and dependency tracking as well as XML form submission and initialization. The specification also aims to document existing practices in the forms area that have not yet been officially standardized. ...Full Story

Standards and Your Business

Wireless and wide: While technology never stops moving forward, and standards along with them, these changes are often incremental rather than dramatic. Two standards-based technology trends are in the news lately, however, that may have a more profound impact on a wide variety of businesses. The first article below focuses on the increasing availability of wireless broadband access, while the second addresses the release of a new set of standards that will allow businesses to deploy Ethernet connectivity across carriers to wide area networks.

WiMax starting to make its move
By: Stephen Lawson
InfoWorld, June 16, 2004 --
With phones and LANs steadily going wireless and consumer electronics not far behind, one part of the networked world - broadband to the home or business - has stubbornly remained wired in most cases. Cost, complexity and proprietary systems have held back wireless broadband services that would compete against DSL, cable modem and leased lines. But WiMax, an emerging standards-based set of technologies, could unify the fragmented industry and bring down prices, according to vendors and analysts. ...Full Story

Ethernet Breaks Free of the Office
ITU International Press Release, Geneva, 8 June 2004 -- ITU has approved a set of global industry standards for Ethernet that will extend its flexibility and simplicity to carrier networks. The standards outline a way for Ethernet - a widely used local area network (LAN) - to link any number of endpoints in a wide area network (WAN), or simply as a service delivery mechanism. The news marks Ethernet's progress from a LAN connectivity technology to a carrier class service delivery technology. The ability to offer Ethernet services means that carriers will be able to offer considerably improved flexibility to customers through a much simpler and lower cost interface. It will allow users to specify exactly how much bandwidth they want between the 10Mbit/s and 1Gbit/s range currently offered. Further, the standards provide reduced operation complexity and improved scalability for carriers. The work according to Peter Wery, chairman of the ITU Study Group responsible, is driven by common sense, "Ethernet is the access interface of choice. 95 per cent of LAN infrastructure is based on Ethernet. It's quite simply the most logical next step to extend its reach beyond the enterprise." ...Full Story

Standards in Society

Building a new energy infrastructure: If a hydrogen-based economy is in fact to be created, an almost unimaginable number of standards will need to be developed in order to specify how the fuel itself will be produced, transported, stored, dispensed and actually used to power vehicles. The following initiative will help marshal and provide public access to the massive amounts of data that will need to be referred to in order to help manage this long-term process.

Standards Community Launches Partnership with DoE and NREL to Support Hydrogen Fuel Initiative
ANSI News and Publications, New York, NY, June 10, 2004 -- The U.S. Department of Energy (DOE), the National Renewable Energy Laboratory (NREL), the American National Standards Institute (ANSI), and members of the U.S. codes and standards community have finalized plans for a partnership project to develop a comprehensive online hydrogen fuel cell portal. The collaboration will support the advancement of the Hydrogen Fuel Initiative announced by President George W. Bush in his 2003 State of the Union Address. This online portal is intended to serve as an entry point to other websites and will provide a search engine that will connect the user community to U.S. hydrogen-centric standards. The President's Hydrogen Fuel Initiative commits a total of $1.7 billion over a five-year period to the development of hydrogen-powered fuel cells, hydrogen infrastructure and advanced automotive technologies. Fuel cells combine hydrogen and oxygen to produce electric power while emitting only pure water as exhaust. ...Full Story

Open Source

Linux marches on: Each month sees new successes for Linux, and the SCO litigation has been less in the news as well. The following story highlights the continuing conversion of German government customers to the ranks of the inexorable penguin, as well as the tactics used by those customers to convert their own employees. The second reports on the efforts of the Open Source Development Labs to ready another market for invasion by Linux: telecommunications.

German city reveals Linux migration tactics
By: Graeme Wearden
ZDNet UK, February 11, 2004 -- A local council in Germany may have found the secret to overcoming user reluctance to Linux -- stuffed penguins and powerful women. The small southern Germany city of Schwäbisch Hall ditched Microsoft's software in favour of open source back in late 2002. On Wednesday, Horst Bräuner, the civil servant responsible for implementing the migration, revealed the tactics used to get the council workers of Schwäbisch Hall onside...Schwäbisch Hall was the first German city to abandon Windows in favour of open source. It was soon followed by Munich, and yesterday the German Federal Finance Office signed up with Linux -- a deal thought to be one the largest Linux-based mainframe deployments in Europe...Full Story

Carrier Grade Linux Bulking Up
By: Sean Michael Kerner
Internetnews.com, June 18, 2004 -- Few industries have the same demands for high availability and scalable services as telecommunications providers, which helps define the term "carrier grade" in the industry. Now, the Open Source Development Labs' (OSDL) Carrier Grade Linux (CGL) working group which counts 22 member companies, is flagging its effort to bring Linux into that elite designation. Carrier Grade Linux (CGL) is an effort led by the OSDL to help create a Linux standard that meets the needs of network carriers. The CGL working group is intended to help foster specifications and development requirements that facilitate the adoption of Linux in carrier infrastructure. ...Full Story

Miscellaneous

Sir Tim honored again: The irrepressible Tim Berners-Lee received another homage this month. This one bestows not only honor, but also a long overdue financial reward for the vision and selflessness he demonstrated in releasing his handiwork to the world without charge.

Tim Berners-Lee Receives Millennium Technology Prize in Helsinki
W3C Press Release, June 15, 2004 -- The first-ever Millennium Technology Prize was today awarded to Tim Berners-Lee for the invention of the WWW service on the Internet. The prize of one million euros and the prize trophy, "The Peak", were presented by the President of The Republic of Finland, Ms. Tarja Halonen, in Finlandia Hall. "We must remember that the web is a long way from revealing it's full potential. The extension from human-readable to include also machine-readable information is just one direction of development," Tim Berners-Lee said in his acceptance speech. Berners-Lee, an Englishman and a graduate of the University of Oxford, is currently working on further development of the web at the Massachusetts Institute of Technology (MIT). He created the WWW, which was first released in 1991, at CERN in Switzerland. ...Full Story

Consortia Rule! The Editors of SD Times recently released their annual list of the 100 "Best of the Best" companies. The list is broken down into ten categories, with ten companies to a category. What groups were viewed as having the "greatest influence" in raising the bar? Tellingly, six out of ten groups in this category are collaborative efforts, from traditional consortia, to open source groups to groups that define specification suites, but don't create the standards themselves. The six groups are: OASIS and the W3C (standards consortia), Apache Software Foundation, Eclipse Foundation and Open Source development Labs, Inc. (Open Source initiatives) and Web Services Interoperability Organization (specification profile consortium). All in all, a convincing demonstration of the great influence that consortia and consortia-like efforts are having on the IT world.

The Best of the Best
SDTimes.com -- Trying to select a list of the industry's movers and shakers are not an easy task. So many companies are doing truly remarkable things to raise the bar for creating quality software, from design and architecture initiatives to more powerful development, testing and collaboration tools to broader deployment platforms as well as to mobile devices....But of those, a few really stand out as leaders and influencers in the industry. Some, of course, are the industry giants, who set the agenda by "owning" the markets in which they live. Others are start-ups that distinguished themselves in the previous calendar year with their ideas and foresight. In one way or another, the editors of SD Times have judged them to be the top 100 companies in plotting a course for the industry to follow. Some of our choices will seem obvious-others may be surprising, even controversial. ...Full Story