Electronic copy available at: http://ssrn.com/abstract=2115235

Standards Development, Disruptive Innovation and the

Nature of Participation: Lock-In, Lock-Out, Holdup

by John W. Bagby Sandeep Purao & Prasenjit Mitra1

Abstract:

Standardization processes are quickly replacing regulation and competition as the primary method that technical specifications are deployed as rules, guidelines, or definitions of characteristics that ensure materials, products, processes and services are consistently fit for their purposes. Importantly, for Information and Communication Technologies (ICT), there is an evolution in the process used by standards-development organizations (SDOs) and this is changing the prevailing standards development activity (SDA) for ICT. The process is progressing away from traditional SDA modes: the legacy de jure standards promulgation by regulators that typically involve the selection from many candidates and existing alternative components. Increasingly, standards development is moving towards voluntary consensus consortia, venues in which there is a more design intensive crafting of standards that include a substantial design component, also known as “anticipatory” standards. Standards that include a substantial design component require increasingly important roles from organizational players as well as SDOs. These processes are increasingly characterized by the presence of intellectual property rights and collective behaviors alleged to trigger legal issues in antitrust, the First Amendment and tort law. An analysis of recent and likely influential series of holdup cases, such as the Rambus appeal, is also instructive.

Few theoretical frameworks exist to understand these emerging processes. This research is influenced by the design, sense-making and negotiation (DSN) theoretical framework. DSN suggests viewing the new standards-setting processes as a complex interplay among these three forces. The DSN model provides the framework for measuring SDO progress and therefore understanding future generations of standards development processes. This research conducted archival analysis of SDO documents for a selected subset of web-services (WS) standards taken from publicly available sources including minutes of meetings, proposals, drafts and recommendations. This work provides a deeper understanding of SDAs, the roles played by different organizational participants and the compliance with SDO due process requirements emerging from public policy constraints, recent legislation and standards accreditation requirements. This paper examines the public policy principles in use to evaluate the due process mechanisms and checks and balances in SDA. These must be better understood to inform a critique of proposed reforms so they might accommodate efficiency,

1 All of the Standards Interest Group, the College of Information Sciences and Technology at The Pennsylvania State University, University Park PA 16802.

expertise and participation incentives. The empirically grounded results of our studies are useful foundation for other SDO modeling efforts.

Introduction Standards are a form of law or regulation covering

performances ranging from professional conduct to technical interoperability. Standards may be arbitrarily set by some organizations, can include hidden agendas, often display considerable technical complexity, evince a life cycle driven by underlying products, services and intellectual property (IP). Standards development activities (SDA) are almost universally touted as transparent yet arguably may not always expose all stakeholder interests. Standards are a woefully under-researched area, SDA raise interesting and persistent political and antitrust questions and standards are central to just about everybody's work these days.

It is increasingly argued that new policies are needed to broaden participation in SDA as a means to improve the quality and accessibility of standards. SDA is migrating from traditional de jure standards setting activities (SSA) of government largely through regulatory agencies to a much more active private-sector initiated, voluntary consensus standards (VCS) development activity, questions arise about the sufficiency of rewards to invest in SDA while assuring checks and balances to ensure fair outcomes.

Standards are critically important to pervasive information technologies because they can significantly (a) alter the direction of current and future research and development of products, (b) can have a considerable impact on practice and work lives, (c) can allow/prevent new entrants into an industry, and (d) consolidate/ challenge existing businesses. Traditional standards-setting processes are giving way to standards-making or development because of the non-trivial design component in modern technical standards. As a consequence, this increasingly important role is being handed over to non-governmental SDOs such as the W3C, OASIS and others, who operate as consortia of businesses, trade associations, non-profits along with participation from private citizens and some government agencies. The development of standards is provisionally an open process with significant participation from consortium members.

There are many working definitions for the term “standards.” Consensus generally coalesces only within various fields or sub-fields and this varies considerably across disciplines and between technologies. Broadly, standards are “recommended practices in the manufacturing of products or materials or in the conduct of a business, art, or profession … may or may

Electronic copy available at: http://ssrn.com/abstract=2115235

Standards Lock & Hold

not be used as (or called) specifications.”2 Subsumed in “standards” is the measurement of products or practices against the standard as a “basis for comparison; a reference point against which other things can be evaluated.”3 The evaluation may be exacting or simply constitute boundary conditions as evident when they are merely “a required approach for conducting an activity or task, utilizing a product” and therefore the assessment of some thing’s conformity is flexible and relative such as when a “standard is a best practice that must be followed to have a better chance of overall success.”4 “Standards” manifest diversely in different domains but often constitute “criteria (some of which may be mandatory), voluntary guidelines, and best practices.”5 Of course, standards assume more precise meanings in particular fields, such as in information and communications technologies (ICT) in which standards may assume the form of a “document, established by consensus and approved by an accredited standards development organization, that provides for common and repeated use, rules, guidelines, or characteristics for activities or their results, aimed at the achievement of the optimum degree of order and consistency in a given context.”6

Unlike traditional processes, modern SDA activities are becoming less likely to be undertaken under the umbrella of a government-controlled agency as typified by telephony standards set by the Federal Communications Commission (FCC).7 Instead, there is a manifest trend towards developing and setting standards in standards development organizations (SDO), whose members are for-profit and not-for-profit organizations, at least some of which may be competing in the marketplace but must cooperate during the SDO process.8 Another significant element that distinguishes modern SDA from legacy conceptions is that there is increasingly a significant design component contributed by SDO member organizations. SSDC developed in such settings are anticipatory in that products, software, infrastructure and supporting services are, at most,

2 See, e.g., Glossary, Metropolitan Water District of southern California, http://www.mwdh2o.com/mwdh2o/pages/yourwater/glossary/glossary01.html 3 WordNet, Cognitive Science Laboratory, Princeton University http://wordnet.princeton.edu/perl/webwn?s=standard 4 TenStep, Glossary, http://www.tensteppb.com/90.1Glossary.htm 5 Interoperability Clearinghouse, Glossary of Terms, http://www.ichnet.org/glossary.htm 6 SEI Open Systems Glossary, Software Engineering Institute, Carnegie Mellon University, http://www.sei.cmu.edu/opensystems/glossary.html 7 Lemley, M.A., Standardizing Government Standard-Setting Policy for Electronic Commerce. Berkeley Technology Law Journal, 1999. 14. 8 Weiss, M., and Cargill, C., Consortia in the standards development process. Journal of the American Society for Information Science, 1999. 43 (8), p. 559 - 565.

anticipated by the SDA and do not emerge into the market until the SDO is successful in approving and reporting out the applicable standard.

SDOs are private and public sector bodies that declare, command or prohibit functionality interoperability.9 Documents archiving the SDO development process are the primary and most authoritative source of the reasons for particular design strategies.10 While missing links in these documents can be the subject of speculation about SDAs outside the official processes, nevertheless, these definitive documents are often supplemented with views found in the popular and industry press including industry news, editorial reporting and voluntary, independent commentary such as that often found in BLogs or wiki’s concerning SDO’s planning, coordination, development and establishment of rules. In this sense, standards development processes closely parallel the development of public policy in laws and regulations.11

Evolution of Standardization from Setting Technical Specifications to Public Policy Development

Standards development processes are quite diverse and generally defy consensus in generalizing their nature, processes or outcomes. Standards and their underlying development processes are emerging from obscurity: (1) as they are more widely understood to impact most economic activity, (2) as they become viewed less as technically objective matters and more as arbitrary choices from among near infinite alternatives, and (3) as standards more often are perceived to favor particular nations, industries, firms or identifiable groups. This paper argues that the quality of standardization will improve as SDA become better understood and that the tools of analysis from public policy and political economy are woefully underutilized. This paper argues that analysis of standardization efforts in nearly any single field should be generalizable to most all other fields of standardization. This paper develops an ontology12 of standards and then integrates this into a provisional framework recognizing that life-cycle analysis should be applied both to standardization and to the objects of

9 Lowell, S.C., The Yin and Yang of Standards Development. Standards Engineering Society World Standards Day Paper Competition, 1999. 10 Berners-Lee, T, and S. Bratt, WorldWideWeb Consortium: Uniquely Positioned to Lead the Evolution of the World Wide Web. MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) Research Abstracts, 2003. March. 11 Reagle, J., Why the Internet is Good. Berkman Center for Internet and Society, Harvard Law School, 1998. 12 Derived from traditional usage in philosophy, expanded in modern, technical usage, an ontology results from efforts to create exhaustive and rigorous conceptual schema about any domain, see generally http://en.wikipedia.org/wiki/Ontology_%28computer_science%29

2

Electronic copy available at: http://ssrn.com/abstract=2115235

Standards Lock & Hold

standardization. Such analysis should reveal observations useful to the design and modification of SDA processes.

Traditional Standards Ontology: Origins Observers of recent history and for many modern

technologies argue that standards have arisen in three primary modes. First, there have been successful proprietary technologies that achieve market success as de facto standards. Second, there is considerable experience, particularly since the 1890s, with the imposition of de jure standards by expert government regulatory agencies. Third, more recently, industry-induced, grass-roots movements are developing in which industry participants and communities of those industries (suppliers and end-users) engage in sector-wide negotiation of voluntary consensus standards (VCS).13 This taxonomy is useful because these three categories persist in much of the descriptive discourse over standardization and because they reveal important early stage behavior in the life-cycle of a standard.

This three domain ontology discussed below a traditional vision of the origins of standards and retains some usefulness in analysis of the SDA process. However, as discussed in later sections, other taxonomies may also be useful suggesting that the de jure, de facto and VCS frameworks could be combined, modified or further detailed. Standards imply equivalency imposing requirements only on participants, much like the private law of contracts. De jure standards are like the public law in that they purport to constrain everyone. By contrast, de facto and VCS standards do not necessarily impose requirements on everyone. Members of the public can avoid compliance with a de facto or VCS standard if they choose not to engage in an activity or if they develop alternative, perhaps competing or substitute methods to engage in the activity.

De Jure Standards Standards described as de jure, in the most

restrictive sense of the term, are generally understood to emanate from law through an authorized lawmaking source applied using legislation, regulation or precedents. De jure is most often contrasted with de facto to highlight that de jure standards are “principled,” have the force of command, were promulgated by a legitimate authority and therefore satisfy mandatory legal requirements. Classic examples of de jure standards are the Federal Communications Commission’s ICT interoperability standards and standards for maximum toxic substances discharge into

13 See e.g., Lauren S. Albert and Arthur J. Burke, eds., Handbook on the Antitrust Aspects of Standards Setting (Chicago: American Bar Association, 2004).

the environmental under Environmental Protection Agency (EPA) standards or maximum toxic substance exposure standards in workplace settings by the Occupational Safety and Health Administration (OSHA). De jure standards may also be developed by non-government bodies if they are accredited and recognized as official, classic examples include building codes adopted by local governments.

De jure standards are arguably most appropriate when both de facto and VCS standards are unlikely to achieve adequacy as measured by policy analysis. Consider how federal regulatory policy captures this important distinction. Executive agencies may use government-unique (de jure) standards when VCS are “impractical” that is they fail to serve the agency's program needs, are infeasible, would likely be inadequate, ineffectual or inefficient, or are inconsistent with agency mission; or would impose more burdens, or would be less useful, than the use of another standard. Federal agencies are likely prohibited from engaging in VCS development when the agency has responsibility under law to make independent regulatory decisions as required by statute. For example, consider how agencies might violate their statutory mandates if they engaged in follow VCS with regulated entities in “determining the level of acceptable risk; setting the level of protection; and balancing risk, cost, and availability of technology in establishing regulatory standards,” It would likely be improper for an agency to adopt VCS in safety or environmental protections situations where the statute requires standards stricter than are already typical under existing industry “best practice.”14

De Facto Standards De facto standards contrast with de jure standards

in that the method of implementation is not directly through law but instead through practice. De facto invokes a state of affairs that must be accepted for most all practical purposes but is not prima facie illegal or illegitimate. The key distinction focuses on the early stages of the standards life cycle during which the standard becomes widely used, perhaps dominant, but without direct endorsement or intervention from government or by an SDO. Good examples include proprietary standards developed in the private sector that become ubiquitous through successful product sales that achieve critical mass. For example, in the ICT realm, de facto standards have arisen without much SDO or government intervention in personal computer

14 In such “risk protection” situations, agencies should confine the use of VCS “to determine whether established regulatory limits or targets have been met, [for, e.g.,] test methods, sampling procedures, or protocols.” OMB Cir.A-119 §6(c).

3

Standards Lock & Hold

operating systems, CPU instruction sets, peripheral interoperability (RAM, video, communications).

De facto standards are useful because they can accomplish several important social welfare goals. First, de facto standards require less expense from multi-participant coordination in SDA. Second, critical mass is a natural objective of most market participants and that ubiquity often implicates some aspect of the product or service has achieved status as a de facto standard. Third, organized standardization can impede market participants from exercising their liberty to develop alternative approaches and substitute products. This inflexibility to adapt technical specifications and operations methods probably suppresses at least some innovation while endowing legacy standards well beyond their useful lives.

De facto standards nevertheless run some important risks. First, de facto standards heavily favor monopolists, triggering most of the dead-weight, social welfare losses generally attributable to markets dominated by monopolists, monopsonists, oligopolists, oligopsonists or monopolistic competitors. Second, de facto standards are seldom exposed to the political checks and balances of legislation, the openness of regulatory rulemaking or the due process requirements of SDA using VCS methods. Third, de facto standards are often proprietary and closed standards in that the owner may exercise discrimination by restricting access and use and may choose to impose monopoly rents by charging discriminatory and/or high royalties or other fees for their use.15 Fourth, as with some other dominant standards, the switching costs of de facto standards can impede innovation.

Voluntary Consensus Standards The emergence of voluntary consensus standards

(VCS) that are developed to anticipate compliant products or services, generally preclude de facto

15 See e.g., Definition of Open Standards, Danish Ministry of Science, Technology and Innovation, National IT and Telecom Agency, Denmark (June 2004) http://www.oio.dk/files/040622_Definition_of_open_standards.pdf Open and closed standards anchor two extremes along a continuum that roughly describe restrictions on the transparency and access to use the standard. Proprietary computer operating systems are a useful example. Microsoft Windows is proprietary, closed to viewing of its source code by license restrictions without special permission from Microsoft and accessible for use only via fee-generating license sales. While antitrust litigation in the U.S. and the EU has forced open some access to its standard application program interfaces (API) the Windows standard is largely a closed one, see e.g., United States v. Microsoft Corp., 84 F.Supp.2d 9 (D.D.C.1999) (Findings of Fact); 87 F.Supp.2d 30 (D.D.C.2000) (Conclusions of Law). By sharp contrast, the open source operating system Linux amounts to an open standard visible and accessible to all and modifiable by anyone who accepts the far less restrictive General Public License (GPL), see generally, definition of open source at the Open Source Initiative, http://www.opensource.org/docs/definition.php.

standard dominance and are not developed in a de jure government SSA context are phenomena of increasing frequency. Voluntary consensus standards bodies (VCSB) are generally, not-for-profit, NGOs organized as consortia with participants from industry, government, various nations, up-stream suppliers as well as down-stream users. VCS represent a hybrid of the traditional de jure and de facto SDA. VCS VCS developed by VCSB’s conform fairly well to the evolving conception of de jure standards because they are encouraged by U.S. law and are produced by recognized and official standardization bodies (and not solely by government) while they permit much more private sector participation that traditionally inspired de facto standards. The essential difference from traditional de jure and de facto SSA are that VCSBs are recognized, often through government sponsored accreditation to assure due process,16 they can be more effective to attract SSA participation by a broad range of potentially affected groups and they can attract investment by major players in the often considerable design process of SDA.

Modern Standards Ontology #1: Autonomy, Specificity & Precision in Implementation

Another important ontology for standards address the autonomy, specificity and precision required in their implementation. Essentially, this approach would examine standards as to the variance permitted by the standard, the tolerance of compliant systems to variations outside the allowable limits, and the need for the flexibility underlying standards permitting considerable degrees of freedom in compliance. Consider how many electrical appliances can operate fairly well within some variation in voltage (e.g., 110 – 120 volts) or how some appliances can be designed to work well by adapting to variations in alternating current frequencies (e.g., 50 Hz to 60 Hz). The boundaries of some standards envision considerably more forgiving variance from the strictest statement of the standard. Indeed, some standards are intentionally drafted as vaguer guidance either because the system would not suffer immediate and obvious failure following some non-compliance or there is predictable and acceptable variation expected in activities subject to the standard.

Accounting and audit standards are classic examples of standards envisioning higher variance in compliance. Three general categories of compliance variance have been developed in financial reporting practice: rules-based standards, principles-based standards and principles-only standards. Rules-based

16 See infra discussion of ANSI due process requirements.

4

Standards Lock & Hold

generally anchor the strictest side of this spectrum of compliance variance. Rules-based standards are often expressed in more precise language, leaving less room for flexibility. In practice, rules-based standards arguably may induce circumvention of the intention of professional/behavioral standards.17 At the other end of this continuum there are principles-only standards, usually expressed in vague terms for which compliance is much easier than for rules-based standards. Principles-only standards may provide too little guidance or structure for exercising professional judgments.18 A middle-ground, principles-based standards, arguably exists that captures both the letter and spirit of behavioral standards through reliance on professional judgment.

Consider how CyberSecurity standards prevalent in the vague de jure requirements of privacy law. The Securities and Exchange Commission (SEC) has implemented the Gramm-Leach-Bliley (GLB) privacy rule with Regulation S-P19 by requiring information security controls.20 These are simple, principles-only standards because they are extensively general when compared with traditional banking controls or security control rules for healthcare privacy. Financial services firms must simply adopt some policies and procedures for security controls with the intent to safeguard customer records but without much guidance in three major areas: (1) administrative, (2) technical, and (3) physical. These principles-only standards require only “reasonable” design without clearly defining that term.21 There is little best practice information

17 See Study Pursuant to Section 108(d) of the Sarbanes-Oxley Act of 2002 on the Adoption by the United States Financial Reporting System of a Principles-Based Accounting System, Submitted to Committee on Banking, Housing, and Urban Affairs of the United States Senate and Committee on Financial Services of the United States House of Representatives, Office of the Chief Accountant, Office of Economic Analysis, SEC (July 2003), (hereinafter SEC-SOX Standards Study), http://www.sec.gov/news/studies/principlesbasedstand.htm. 18 Id. 19 Privacy of Consumer Financial Information, (Regulation S-P), SEC Release No. 34-42974 codified at 17 C.F.R. §248. 20 17 C.F.R. §248.30. The complete text follows: Procedures to safeguard customer records and information. Every broker, dealer, and investment company, and every investment adviser registered with the Commission must adopt policies and procedures that address administrative, technical, and physical safeguards for the protection of customer records and information. These policies and procedures must be reasonably designed to: (a) Insure the security and confidentiality of customer records and information; (b) Protect against any anticipated threats or hazards to the security or integrity of customer records and information; and (c) Protect against unauthorized access to or use of customer records or information that could result in substantial harm or inconvenience to any customer. 21 The objective of these standards is also vaguely stated: to insures security and confidentiality, protect against anticipated threats and hazards to the security or integrity of customers’ personally identifiable financial information and protect against unauthorized

available. Indeed, financial services firms learn of implementation details only following an SEC enforcement inspection so there still appears to be considerable discretion on nearly every aspect of such security controls.22 A firm’s selection of particular controls, their implementation and monitoring and their evaluation are largely left to development by individual firms and best practices from industry custom will take time to emerge. The evaluation framework and de facto standards will likely parallel litigation over internal accounting controls.23

The Federal Trade Commission (FTC) has taken another approach to developing Cyber Security standards. The FTC has issued more detailed security rules24 arguably anchored midway along the standards continuum nearer the rules-based anchor.25 The FTC requires the design26 of an information security program,27 a risk assessment,28 consistently implemented29 and deliberately coordinated security activities, 30 a design and implementation process for information safeguards, oversight of third party service

access or use of that information if a breach might result in substantial harm or inconvenience to any customer. 22 This contrasts with some other, more detailed SEC security rules applicable in other contexts, see e.g., the SEC Data Security Rule for electronic customer records held by brokers and dealers, 17 CFR 240.17a-4. In 1997, the SEC amended paragraph (f) of Rule 17a-4 to enable broker-dealers to store records electronically (e.g., on optical disk or magnetic tape). That rule imposed significant requirements on IT details, e.g., media used to store records, storage, and indexing and retrieval of records. 23 See e.g., Ernst & Ernst v. Hochfelder, 425 U.S. 185, 192, 193 n.10 (1976); SEC v. World-Wide Coin Investments, 567 F. Supp. 724, 738 (N.D.Ga 1983). See also, Lewis on Behalf of Nat. Semiconductor Corp. v. Sporck, 612 F.Supp. 1316 (N.D.Cal,1985); Monroe v. Hughes, 31 F.3d 772 (9th Cir.1994); and In re Ikon Office Solutions, Inc. 277 F.3d 658, 672 (3d Cir.2002). 24 16 C.F.R. §314, 36 Fed.Reg.36484 (May 23, 2002). 25 See generally SEC-SOX Standards Study. 26 There must be developed an appropriate group of safeguards that secure personally identifiable information (PII) through detection, prevention and response to attacks, intrusions, or other systems failures, 16 C.F.R. §314.4 (b)(3). The results of the risk assessment are needed to inform a design and implementation process that deploys the information safeguards, 16 C.F.R. §314.4 (c). 27 Information security program means the administrative, technical, or physical safeguards you use to access, collect, distribute, process, protect, store, use, transmit, dispose of, or otherwise handle customer information, 16 C.F.R. §314.2 (c). 28 The risk assessment must be conducted to “identify reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction or other compromise of such information, and assess the sufficiency of any safeguards in place to control these risks.” 16 C.F.R. §314.4 (b). The risk assessment must focus on each relevant area of operations, including at a minimum, employee training and management, 16 C.F.R. §314.4 (b)(1), information systems, (e.g., network and software design, information processing, storage, transmission, disposal), 16 C.F.R. §314.4 (b)(2). 29 16 C.F.R. §314.3 (a). 30 16 C.F.R. §314.4 (a).

5

Standards Lock & Hold

providers,31 and periodic evaluation.32 Precedents from FTC enforcement case law are becoming the major source of federal security standards, developed ex ante from experience with security failures.33 In addition to the greater detail that the FTC’s security standard when compared with the SEC’s standard, the FTC is providing plain language guidance.34

Modern Standards Ontology #2: Object of Standardization

Another basis for distinguishing standards focuses on the object of standardization. One potentially useful dichotomy may be to contrast technical and interoperability standards that address characteristics of non-human behaviors from behavioral or professional standards that more directly address the characteristics of human behaviors. Technical standards span

31 Each regulated entity must exercise oversight of service providers (generally third parties) that may handle customer PII or which supply software and hardware that processes customer PII, 16 C.F.R. §314.4 (d). There are at least two aspects to third party oversight including reasonable selection and retention of competent service providers. Service provider means any person or entity that receives, maintains, processes, or otherwise is permitted access to customer information through its provision of services directly to a financial institution that is subject to this part, 16 C.F.R. §314.2(d). Furthermore, regulated entities must delegate the safeguard duties for implementation and maintenance, through imposition in the service provider engagement contract(s), 16 C.F.R. §314.4 (d) (2). See also Statement on Auditing Standards No. 70, Service Organizations (SAS 70), American Institute of Certified Public Accountants. 32 The FTC security rule envisions both an initial and recurring evaluation of the information security program. An initial and (likely) most comprehensive evaluation is needed in the conduct of the risk assessment. The evaluation rigor is measured against the regulated entity’s “size and complexity, the nature and scope of [its’] activities, and the sensitivity of any customer information at issue,” 16 C.F.R. §314.3 (a). Evaluation must be conducted “in light of the results of the [risk assessment’s] testing and monitoring,” 16 C.F.R. §314.4 (e), and must inform the design and implementation of information safeguards that control the risks identified. Thereafter, and on an arguably regular basis, the effectiveness of the information safeguards’ key controls, systems, and procedures must be monitored and tested, 16 C.F.R. §314.4 (c). Furthermore, additional evaluation may become necessary in light of the results of the testing and monitoring, to “any material changes to your operations or business arrangements; or any other circumstances that you know or have reason to know may have a material impact on your information security program,” 16 C.F.R. §314.4 (e). Furthermore, additional evaluation may become necessary in light of the results of the testing and monitoring, to “any material changes to your operations or business arrangements; or any other circumstances that you know or have reason to know may have a material impact on your information security program,” 16 C.F.R. §314.4 (e). 33 See, Enforcement Cases, Privacy Initiatives - Unfairness and Deception, Federal Trade Commission,http://www.ftc.gov/privacy/privacyinitiatives/promises_enf.html 34 See e.g., Financial Institutions and Customer Data: Complying with the Safeguards Rule, FTC (Sept.2002)http://www.ftc.gov/bcp/conline/pubs/buspubs/safeguards.pdf and Security Check: Reducing Risks to Your Computer Systems, FTC (June 2003), http://www.ftc.gov/bcp/conline/pubs/buspubs/security.pdf.

numerous fields of natural sciences and engineering. Most ICT standards ostensibly fit neatly in the technical/interoperability realm.

Technical/Interoperability vs. Behavioral/Professional

A common, but narrow, vision of technical standards would require they address only the physical properties of tangible objects.35 A more expansive vision of technical is derived from current Federal guidance found in OMB Cir. A-119 issued by the Office of Management and Budget (OMB) which combines “standards” with “technical standards” into a single definition then focuses on the object of standardization (e.g., products, production methods).

“Technical Standards” under OMB Cir. A-119

(1) Common and repeated use of rules, conditions, guidelines or characteristics for products or related processes and production methods, and related management systems practices. (2) The definition of terms; classification of components; delineation of procedures; specification of dimensions, materials, performance, designs, or operations; measurement of quality and quantity in describing materials, processes, products, systems, services, or practices; test methods and sampling procedures; or descriptions of fit and measurements of size or strength. The OMB definition includes ancillary human and

management processes but only excludes from “technical” those “standards” strictly addressing professional codes of conduct.36 However, as with most standards definitions, there is little agreement because educational standards for admission, performance evaluation, graduation, certification are often considered technical standards and they resemble behavioral and professional standards more closely than they do to technical or design standards.37 Another

35 For example, consider this as a “physicality metrics” viewpoint on defining technical standards. One example is found in the “Standard Landscape Ordinance Definitions” (2003) offered by the Landscape Ordinance Research Project, by Prof. Buck Abbey of the School of Landscape Architecture at Louisiana State University: “Technical Standards - Criteria, requirements and standards of a technical nature, usually specified in quantities, dimensions, sizes, qualities and performance outcomes and spelled out in a landscape ordinance to guide designers in the proper design of various parts of the development site, building lot or property.” www.greenlaws.lsu.edu/terms.htm36 OMB Circular A-119, 63 Fed.Reg. 8,545 (February 19, 1998) at §3(a) (hereinafter OMB Cir.A-119). 37 See e.g., Glossary, Equal Employment Office, University of Kansas Medical Center, “Technical Standards: Requirements for admission to or participation in an educational program or activity. The academic & nonacademic

6

Standards Lock & Hold

source of obfuscation can be seen in the Cyber Security domain where security standards are likely to merge both technical as well as behavioral standards. For example, security personnel must satisfy educational standards, credentialing, in practice must adhere to (potentially detailed and specified) standards prescribing their work methods as well as satisfying professional and ethical conduct standards that relate to most of the above. Indeed, in many fields, conformity assessment38 with technical or behavioral standards and personnel certifications may resemble professional/behavioral standards more than they do than technical/interoperability standards.

Distinguishing technical/interoperability from professional/behavioral may be enhanced and potentially more informative if the participant’s economic incentive to engage in SDA or to comply with the prevailing standard is better understood. The distinction likely results in differing SDA due processes as discussed below. Indeed, there is an essential incentive distinction between two types of SDA participants. In the first “game” there is a prisoner’s dilemma while in the second “game” there is a coordination problem.39 The behavioral/professional

standards, skills & performance requirements demanded of every participant in an educational program. Academic standards include courses of study, attainment of satisfactory grades and other required activities. Nonacademic standards include those physical, cognitive and behavioral standards required for satisfactory completion of all aspects of the curriculum and development of professional attributes required at graduation.” www.kumc.edu/eoo/glossary.html38 Conformity assessment is “the determination of whether a product or process conforms to particular standards or specifications. Activities associated with conformity assessment may include testing, certification, accreditation, and quality assurance system registration.” See generally STANDARDS, CONFORMITY ASSESSMENT, AND TRADE: INTO THE 21ST CENTURY, International Standards, Conformity Assessment, and U.S. Trade Policy Project Committee, (National Research Council, 1995) and Breitenberg, Maureen A., The ABC’s of the U.S. Conformity Assessment System, NBSIR 87-3576, U.S. Dept. Com., Tech. Admin., National Institute of Standards and Technology, April 1997. The National Conformity Assessment Principles for the United States, ANSI (approved by ANSI Board of Directors-September 24, 2002), defines conformity assessment as “any activity concerned with determining directly or indirectly that relevant requirements are fulfilled.” Conformity assessment principles are derived from the Agreement on Technical Barriers to Trade, Final Act of the 1986-1994 Uruguay Round of Trade Negotiations. From ISO/IEC Guide 2, International Organization for Standardization, Switzerland, 1996, Standardization and related activities — General vocabulary, Conformity Assessment is defined as “any activity concerned with determining directly or indirectly that relevant requirements are fulfilled.” “Conformity assessment includes sampling and testing, inspection, supplier’s declaration of conformity, certification and management system assessment and registration. It also includes accreditation of the competence of those activities by a third party and recognition (usually by a government agency) of an accreditation program’s capability.” 39 See generally, Simcoe, Tim, Chapter 8: Open Standards and Intellectual Property Rights,

standards participant has an incentive to ward off regulation. This form of standardization incentive is for collective insurance - where every player has natural incentive to deviate from the consensus standard as long as the perceived risk is low.

Contrast this with technical/interoperability standards. In the latter, standardizing enhances compatibility thereby developing stronger network effects that might lead to no adopter of the standard with an incentive to deviate unilaterally once the standard is in place. Therefore, the primary incentive to participate in technical/interoperability SDA is to enable the use of the standard for some desirable activity. As discussed later in this paper, there are some significant strategic alternative behaviors in the SDA participation where the objects are technical/interoperability standards. For example, participants may seek to capture benefits of the resulting standard by engaging in various strategic behaviors ex ante-SDA, during SDA or post-SDA. For example, some participants may see benefits in steering a developing standard toward that participant's specific advantages in IP, productive capacity and/or expertise. This steering motive may enable the capture of benefits or it might steer the developing standard away from a potential competitors IP/capacity/expertise. Steering might delay standardization to assist that participant in retaining a competitive disadvantage or assist the participant in outlasting weaker/less committed participants to eventually win advantage.

Both major realms of SDA seek to manage risk of some type of failure, the source and situs of that failure seems to differ significantly. In the legacy de jure standards realm, standards are set by government acting in a regulatory mode or by disciplinary professional bodies because the participants are largely doing risk management to avert sanctions for future professional/behavioral misconduct. As they are seen as pro active in addressing their profession's moral hazards or they quickly react to other operational risks once identified, these insider SDA participants may believe they can maintain authority over behavioral regulation of their professional conduct. Therefore, risk management objectives dominate. Indeed, history illustrates that insider dominated SDO can often be successfully characterized as self-serving. If drawn to “excessive” self-interest, such SDO could eventually become untrustworthy as the primary standards forum.

By contrast, VCS processes that result in standards largely enabling technical/ interoperability standards

forthcoming in: OPEN INNOVATION: RESEARCHING A NEW PARADIGM (Oxford University Press, 2006).

7

Standards Lock & Hold

are largely coordinating collective activity intended to develop a network around which participants may produce (or adapt) compliant products or services. Particularly when the standards are anticipatory, and include a substantial design component developed before emergence of compliant production or service capacity, the coordination achieves the basis for building new markets. There are also some risk management objectives in these technical/interoperability SDA but they differ as to timing and pervasiveness when compared with behavioral/professional. The “initial risks” of inaction or poor quality standards are largely shared by many (if not all) participants because they fail to develop new markets. The risk of interoperability failure leads to the whole design not working well, both through the crucial initial process of achieving critical mass, but also later in maintaining the whole network's market(s). Such are flaws derived from a collective design, and not the moral hazard or technical design failure attributable to an individual participant as is the initial indicator of failure in a professional/behavioral standards situation.

Users and Purposes The National Institute of Standards & Technology

(NIST) encourages the classification of standards by “intended user group” and the standard’s purpose. Intended user groups are a narrower concept than “affected parties” under standards set in notice and comment rulemaking. All affected parties generally have standing to participate in informal rulemaking. Affected parties generally include non-users from the public at large or outside communities impacted by the regulated activity, generally outsiders (persons, organizations, environment) with only indirect or political control over the activity. By contrast, intended user groups are more likely to include only those who must directly modify their behavior in conformance with the standard because they understand how the technical aspects of the standards impact their activities and they have some control over how the activity’s externalities will impact non-users. NIST’s user group classification focuses on the firms, industries, nations/provincial/local governments and international organizations who develop, implement and are directly impacted by standards.40

40 See, NIST’s Standards.gov primer on standards, http://standards.gov/standards_gov/v/Standards/index.cfm#section-1 “Standards may also be classified by the intended user group. Some examples include:

• Company standards are meant for use by a single industrial organization and usually are developed internally.

• International standards are developed and promulgated by international governmental and non-governmental organizations, such as the North Atlantic Treaty Organization (NATO) or the International Organization for Standardization (ISO).

NIST also suggests a range of purposes for standards that contribute to this standards ontology.41 First, a basic standard has a broad ranging effect in a particular field, such as a standard for metal which affects a range of products from cars down to screws. Second, terminology standards (a/k/a standardized nomenclature) define words permitting representatives of an industry or parties to a transaction to use a common, clearly understood language. Third, test and measurement standards define the methods to be used to assess the performance or other characteristics of a product or process. Fourth, product standards establish qualities or requirements for a product (or related group) to assure that it will serve its purpose effectively. Fifth, process standards specify requirements to be met by a process, such as an assembly line operation, in order to function effectively. Sixth, service standards, such as for repairing products, establish requirements to be met in order to achieve the designated purpose effectively. Seventh, interface standards, such as the point of connection between a telephone and a computer terminal, are concerned with product compatibility. Eighth, data standards include characteristics for which values or other forthcoming data will specify a product, process or service. Finally, international Standards are developed in open participation usually with representatives of many interested nations and generally comply with the emerging due process requirements.

Modern Standards Ontology #3: Stage of Conformity in Life Cycle of Standard’s Object

Another frequently used standards dichotomy refers to the progression in the course of development of the object measured or constrained by the standard. This addresses the stage of development assumed by the underlying object’s phase in its life cycle. During the early-1980s regulatory reform efforts to reduce compliance costs, the design vs. performance dichotomy was urged as a structural method to achieve the benefits of regulatory standards while ameliorating

• Harmonized standards can be either an attempt by a country to

make its standard compatible with an international, regional or other standard or it can be an agreement by two or more nations on the content and application of a standard, the latter of which tends to be mandatory.

• Industry standards are developed and promulgated by an industry for materials and products related to that industry.

• Government standards are developed and promulgated by Federal, State, and local agencies to address needs or applications peculiar to their missions and functions.” (emphasis added). 41 Id.

8

Standards Lock & Hold

the social costs of traditional regulatory edicts.42 As illustrated in NIST’s distinction between design and performance standards, the design/performance distinction is characterized in “the manner in which [standards] specify requirements.”43

Performance standards describe how a product is supposed to function. A performance standard for water pipe might set requirements for the pressure per square inch that a pipe must withstand, along with a test method to determine if a specimen meets the requirement. Design standards define characteristics or how the product is to be built. The specification that a pipe be made of a given gage of copper would characterize a design standard. However, on closer examination, this distinction

can be collapsed to the traditional means-ends dichotomy. Design standards presume the adequacy of performance when known means are deployed such as designs using familiar materials, components and their arrangement. Performance standards offer more flexibility to achieve results from alternative or novel designs. Therefore, the means-based standards (design) presume performance adequacy and ends-based standards (performance) require adequacy in conformity assessment. The OMB distinction is more detailed identifying performance standards as results-oriented requirements that address functional, operational or interoperability aspects of the object of standardization. The OMB distinction more clearly suggests the means-ends dichotomy.44

Public Policy Constraints on Standards Development, Deployment & Conformity

42 See e.g., Bagby, John W., Regulatory Impact Analyses: Towards a Reasonable Economic Impact from Federal Regulations, 19 New Eng.L.Rev. 533-550 (1984) (discussing regulatory reform pressures to abandon design standards in federal rulemaking in favor of performance standards when feasible and arguably providing sufficient levels of protection). 43 See e.g., Definitions, Standards.gov, National Institute of Standards & Technology, http://standards.gov/standards_gov/v/Standards/index.cfm#section-1 44 OMB Cir.A-119, §c. “Performance standard” is a standard as defined above that states requirements in terms of required results with criteria for verifying compliance but without stating the methods for achieving required results. A performance standard may define the functional requirements for the item, operational requirements, and/or interface and interchangeability characteristics. A performance standard may be viewed in juxtaposition to a prescriptive standard which may specify design requirements, such as materials to be used, how a requirement is to be achieved, or how an item is to be fabricated or constructed.

Standards assume many of the public policy functions performed by law. Some standards emerge de facto from the marketplace, regulatory agencies promulgate many, non-governmental organizations are developing increasing numbers, some are set by statute, and some have been deduced from well-developed industry practices and case law. It was once widely believed that standards development had minimal public policy impact. They were mere technicalities reflecting physical constraints inevitably produced from empirical findings that define domains. However, standards increasingly have substantial impact on the functional and economic successes of many affected parties. Modern standards result from collaborative processes infused with technical design components carried out largely by self-selected groups of interested constituents with foresight and the resources to engage in often protracted and sometimes frustrating political processes. IP sometimes trumps antitrust law when they may appear in direct conflict.

Antitrust/IP Aspects of Essential Facilities An issue underlying application of antitrust to IP

and in particular to IP content in standards is that of the essential facility. An essential facility imposes a “bottleneck monopoly,” a barrier to entry requiring potential competitors to accept terms to gain access to an asset nearly indispensable for effective competition. Control over an essential facility enables the dominant firm or group of firms to either extract “economic rents” for access to the essential facility or to exclude outside competitors outright. Public policy limits both contractual freedom and the exclusive rights of owners to exploit their property, including IP, in such situations. Private property advocates often cite Garrett Hardin's Tragedy of the Commons45 to urge most efficient development by dividing common facilities into private parcels (e.g., Oklahoma land rush, fencing the open range). By contrast, institutional regulatory theorists use the Tragedy story to urge the recognition of more public goods when private property incentives fail to satisfy demand, to recognize the need to regulate natural monopolies or to suggest other antitrust enforcement. Owner(s) of such scarce property may be required to open access to competitors or provide reasonable terms of trade. This is the antitrust duty to deal, analogous to the rationale underlying some forms of compulsory licensing of IP rights. Antitrust problems may arise when the control exercised over an essential facility tends to substantially lessen competition or create a monopoly. The suspect activities may involve contractual restrictions (preferential access among cartel members), control of

45 Garrett Hardin, “The Tragedy of the Commons,” Science 162 (Dec.1968):1243-1248.

9

Standards Lock & Hold

access by a monopolist or barriers to entry created by essential IP technology.

The essential facilities doctrine emerged from U.S. v. Terminal Railroad Ass'n46 and has been applied to open up access in a wide variety of other network industries,47 such as news wireservices in Associated Press v. U.S.48 and professional sports facilities in Hecht v. Pro-Football, Inc.49 The Hecht case established a four-part test for essential facilities that was modified in the MCI litigation that opened up competition in long-distance telephony.50 The essential facilities doctrine applies when four factors are present:

1. a monopolist controls the essential facility 2. a competitor is reasonably and practically unable

to duplicate the facility 3. use of the facility is denied to the competitor 4. it is infeasible to provide a parallel facility.

Application of the essential facilities doctrine is

inappropriate unless the owner or cartel has monopoly power. The existence of substitutes or potential competition undercuts both the “essential” nature of the facility as well as any monopolization. Generally, essential facilities have capacity constraints, many have only finite throughput volume and are unable to service all demand.

Most essential facilities cases involve access to or the availability of services or use of real estate at the wholesale level, that is in markets up the supply chain, usually involving sales B2B, between businesses. These are cases in which the business purchasers have few adequate substitutes to using the alleged monopolist's essential facilities, few reasonable alternatives exist to buying in “upstream” markets dominated by the essential facility or cartel. Generally, the anti-competitive acts at the essential facility must impact relevant markets downstream.51 The key factor is absence of rivalry in the upstream market for the essential facility.

Some commentators suggest essential facilities resemble public goods or natural monopolies, often triggering government subsidy or economic regulation rather than structural remedies. There are difficulties in

46 224 U.S. 383 (1912) (robber baron Jay Gould’s chokehold over rail traffic crossing the Mississippi at St. Louis). 47 E.g., access to: stock exchanges, wholesale produce markets, real estate multi-listing services, airline reservation systems, electricity distribution, oil and natural gas pipelines, storage facilities, airline transportation terminals and piers. 48 326 U.S. 1 (1945). 49 570 F.2d 982 (D.C.Cir.1977). 50 MCI Comm. Corp. v. AT&T, 708 F.2d 1081 (7th Cir.1982), cert. denied, 464 U.S. 891 (1983). 51 Intergraph Corp. v. Intel Corp., 195 F.3d 1346 (Fed.Cir.1999) citing, TV Communications Network, Inc. v. Turner Network Television, Inc. 964 F.2d 1022, 1025 (10th Cir.1992).

fashioning appropriate antitrust remedies. Some remedies may seem harsh while others are difficult to manage possibly explaining judicial reluctance to impose liability in many cases. Therefore, it is unclear whether the PTO, the FTC or the DOJ would be best suited to oversee remedies concerning IP and antitrust. This difficulty is compounded for the regulatory oversight of standards with substantial IP components. For example, consider the propriety of pervasive regulation of aspects of the ICT businesses, which includes operating systems, applications and Internet operations. Direct regulation of software or e-Commerce seems drastic and politically infeasible. Comprehensive regulatory programs (e.g., rate setting, access, universal service, contract terms) have been instituted only after considerable experience with destructive competition, monopolistic acts and/or consumer abuse.

Standards and IP-Antitrust Risks Many high technology products exhibit

characteristics of essential facilities. Much of their functioning depends upon standard interoperability specifications or becomes a de facto standard. Because there is some history of cartel-like behaviors, group standard setting by private industry are scrutinized under antitrust law using the rule of reason.52 Many standards setting bodies’ rules reflect this concern and avoid the appearance of collusion if it might dampen innovation or favor a monopolist.

A key case on anticompetitive standards-setting activities involves attempts to lock-out competing technologies. Allied Tube and Conduit Corp. v. Indian Head, Inc. involved manipulation of the democratic process to modify building codes.53 The forum for changing the National Electrical Code was the National Fire Protection Association (NFPA), a private consortium including representatives from industry, labor, academia, insurers, medicine, firefighters, and government. The Code controls building specifications and becomes law when adopted by states and municipalities. Steel conduit interests allegedly packed a key NFPA meeting by securing membership, registration, and attendance for 155 “new” members who voted as a block at the annual meeting. This “political activity” defeated a proposal to permit PVC-plastic pipe as acceptable for electrical conduit. Allied Tube limits the scope of Petitions Immunity under the First Amendment depending “on the source, context, and nature of the anticompetitiveconstraint at issue.” There is absolute immunity from antitrust liability if a restraint of trade results from petitioning that is successful in achieving valid governmental action.

52 15 U.S.C. §§4301-05. 53 486 U.S. 492 (1988).

10

Standards Lock & Hold

There is qualified immunity for petitions directed at private action that lead to some governmental action. There is no immunity for purely private action that produces a restraint on trade that is merely incidental to any influence on governmental action. The First Amendment's petitions clause generally protects legitimate collective political activity from antitrust liability under the Noerr-Pennington doctrine. 54 However, where the collective political activity “is a mere sham to cover up what is actually nothing more than an attempt to interfere directly with . . . business relationships” the sham exception qualifies the antitrust or tort immunity exposing private standard setting activity to antitrust liability.

Proprietary Standards Lock-Out Competition in Related Markets

Complex technologies often have IP protection on key components or operational methods. The developer has an incentive to use its IP to restrict independent service organizations (ISO) from delivering ancillary services. In goods markets, a manufacturer might seek to extend its monopoly over goods containing key IP technologies into derivative aftermarket activities such as maintenance. In the primary market for intangibles or services, the developer has a similar incentive to prevent competition in related services. For example, a software vendor can be expected to allege infringement of its copyrights when an ISO modifies or repairs the original software program. In all these cases, the IP owner seeks to use the IP in one product line to prevent ISO's from riding free on the owner's IP through competition in derivative aftermarkets or services. Some cases hold these acts are an unlawful exercise of market power outside the IP field, constituting an unlawful tying, misuse or refusal to deal, limiting the extension of the IP monopoly into ancillary products or services. By contrast, IP law trumps antitrust when the developer's refusal to deal is simply an exercise of the fundamental IP right to exclude others. In recent years, these areas have precipitated considerable litigation.

Consider the case of Eastman Kodak Co. v. Image Technical Services, Inc.55 holding that an IP duty to deal case survives summary judgment to explore issues of relevant market(s) definition, market power, tying, refusal to deal, and monopolization of replacement parts and/or aftermarket service markets. Kodak refused to deal with ISO's, denying them patented replacement parts for Kodak photocopiers, thereby effectively preventing ISO's from competing with Kodak in the lucrative maintenance and service aftermarket. Kodak's

54 Eastern Railroad Presidents Conference v. Noerr Motor Freight, 365 U.S. 127 (1961), United Mine Workers of America v. Pennington, 381 U.S. 657 (1965). 55 504 U.S. 451 (1992).

market power was limited to the single-brand (intra-brand) aftermarket (Kodak photocopiers), one market for servicing and another market for sales of replacement parts. Kodak had no market power in the inter-brand market for all brands of photocopier parts and maintenance. Nevertheless, on remand, Kodak's refusal to deal was enjoined requiring sales of Kodak replacement parts to ISOs on reasonable and non-discriminatory terms, non-discrimination among ISOs, and non-interference with ISO sourcing parts from other vendors. The Ninth Circuit retained jurisdiction to supervise Kodak's compliance with the ten year injunction.

Interoperability is a key factor in antitrust cases alleging the misuse of proprietary standards. Two approaches are used to find the IP owner’s restrictions are reasonable. First, there is no tying unless two products are found to exist. The court’s finding of a single product preempts any analysis of tying because the allegedly separate two products are found to constitute a single product. The potential for a single product determination effectively encourages product bundling, such as a browser along with an operating system and a single product finding is even more justified when customers demand such product aggregation. However, the single product protection diminishes if the seller decides to aggregate and this forecloses competition in an ancillary product or service line. The single product defense is more likely if there is limited or no existing market for the two products when separated.

The second approach reappeared in another important case. It appears to create an IP limitation on the antitrust duty to deal. In Intergraph v. Intel,56 the Federal Circuit vacated a preliminary injunction requiring Intel to resume supplying microprocessors and technical assistance to Intergraph. In 1984, Intel, a manufacturer of microprocessor components, replaced Fairchild as primary supplier of CPU’s to Intergraph, an OEM assembler of computer CAD workstations. Intel designated Intergraph as a “strategic customer” thereafter supplying Intergraph with proprietary information and products under non-disclosure agreements. Intergraph's patented “clipper technology,” formerly used in the Fairchild chips, allegedly appeared in chips supplied by Intel to other OEMs. Intel was substituted as the primary defendant when Intergraph brought actions for infringement of the clipper technology against these OEMs. Intel responded by ceasing technical assistance and deliveries of chips during the patent infringement litigation. Intel was found not to be a monopolist, Intel and Intergraph did not compete in any identifiable market. Intel's chips were not an essential facility so there was no IP duty to

56 195 F.3d 1346 (Fed.Cir.1999).

11

Standards Lock & Hold

deal. Intel's refusal to resume technical assistance and chip deliveries was not intended to create or maintain a monopoly. IP law creates a presumption that it is a valid business justification to exclude others from infringement on IP.

Patent Law and Standards Development Activities

With the evolution of SDA that produce standards with a substantial design component (SSDC), at least some participants in SDA may contribute modules sufficiently innovative to qualify for patenting. Several forms of innovation embodied in standards or compliant with standards may qualify as patentable subject matter. Novel and non-obvious machines, manufactures and compositions of matter are patentable, and many reach success only when compliant with standards. Some standards require the use of particular physical inventions to maintain compliance. Automobiles, computers and communications networks are ubiquitous examples of these links between patents, physical products and standards.

Standards themselves are increasingly composed of patentable technologies. Most often these are not the physical inventions just described, but instead involve processes, methods and system designs that prescribe operations or functions carried out by physical objects. At one time, process patents were disfavored, English law required patents cover only physical embodiments—a “vendable substance.”57 However, over much of the 20th century, process patents have burgeoned. Patentable subject matter for processes expanded radically in the 1980s and 1990s and now lie at the heart of considerable modern technology in biotech (e.g., genetic identification, medical diagnosis and treatment), software, interface design and business methods. Indeed, business method patents are potentially all encompassing given that ICT is the major cross-cutting component in electronic commerce including, e.g., online contracting, investment and payment systems, marketing methods, supply-chain management and most business communication and recordkeeping systems.

An important difficulty is arising for SDOs when participants hold IP rights to technologies that may become components in standards under SDO development. These technologies may assume nearly any form of IP: copyrights in data compilations or particular language expressing the standard, trade secrets in data or unique methods, patents (most likely in processes) or perhaps even in trademarks. SDO rules

57 See e.g., John W. Bagby, Business Method Patent Proliferation: Convergence of Transactional Analytics and Technical Scientifics, 56 Bus.Law 423-458 (Nov. 2000).

of participation may request, but should consider requiring, ex ante disclosure of IP rights and may also constrain some uses of such IP rights as discussed below. However, a few cases illustrate the difficulties arising when SDOs cannot mandate ex ante disclosure and SDA participants fail to disclose their IP rights in contributions made to developing standards. This has been variously designated as the patent holdup problem or as a “patent ambush,” essentially a derivative form of the “submarine patent.”58 Note the FTC won remedies that largely dedicate the SDO participants’ IP into the public domain.

Patent Holdup The FTC’s 1995 consent agreement with Dell

Computer Corp. is an instructive watershed.59 Dell participated in the Video Electronics Standards Association (VESA) in the development of the VL video bus. Dell settled the FTC complaint alleging that Dell’s individual representative to VESA meetings misrepresented in an IP certification that Dell held no IP that would be infringed by the VL-bus. Although Dell filed no infringement suits nor announced acceptable licensing terms, it nevertheless sent a letter to makers of VL-bus standard compliant hardware demanding recognition that Dell’s ‘481 patent60 established “exclusive rights to the mechanical slot configuration used on the motherboard to receive the VL-bus card” after the VL-bus became widely adopted.

The FTC alleged these actions were deceptive acts that constituted unfair methods of competition in violation of FTC Act §5. Dell was ordered to cease and desist from asserting patent infringement cases concerning hardware products compliant with the VL-bus standard. The FTC further ordered Dell to desist for ten years from asserting infringement of Dell patents against any SDO for technologies incorporated into an open standard if Dell intentionally failed to disclose such patents while participating in SDA. The Dell case is instructive for representatives of SDO participants—agency law imputes the knowledge of the whole Dell organization to representations made by its VESA representative and the Dell representative’s failure to disclose was not excusable as inadvertent.

In 2003, the FTC alleged that Unocal misrepresented to the State of California’s Air

58 Michael G. Cowie and Joseph P. Lavelle, “Patents Covering Industry Standards: The Risks to Enforceability Due to Conduct Before Standard-Setting Organizations,” AIPLA Quarterly Journal 30 (Winter 2002): 95; Mark A. Lemley, “Intellectual Property Rights and Standard-Setting Organizations,” California Law Review 90 (Dec., 2002): 1889; Janice Mueller, “Patent Misuse Through the Capture of Industry Standards,” Berkeley Technology Law Journal 17 (2002): 623. 59 In re Dell Computer Corp., 121 F.T.C. 616 (1995), 60 Fed.Reg.57870-57873. 60 U.S. Patent No. 5,036,481 (issued July 30, 1991).

12

Standards Lock & Hold

Resources Board (CARB) and other petroleum industry groups that technologies Unocal contributed (equations and data) for incorporation into CARB’s reformulated gasoline standard (RFG) were not proprietary.61 After the standard was adopted and the refinery industry serving Californian markets spent millions to comply, Unocal aggressively pursued patent infringement claims based on the contributed technologies,62 winning judgments for royalty payments up to $.0575 per infringing gallon.

The FTC alleged that Unocal’s conduct before CARB were misrepresentations that constituted materially false and misleading statements constituting unfair methods of competition violating of §5 of the FTC Act. Specifically the FTC alleged that Unocal’s deceptive conduct permitted it to obtain unlawful market power that caused CARB to enact regulations that overlapped almost entirely with Unocal's pending patent rights. The FTC settlement cleared the way for FTC approval of Chevron’s takeover of Unocal,63 the transaction completed in August 2005. The order requires Chevron and its subsidiary Unocal to cease and desist from asserting or enforcing the subject RFG patents, recovering damages or costs, collecting fees royalties or other payments, in cash or in kind. Chevron must dismiss with prejudice any outstanding RFG patent infringement suits and must dedicate all subject RFG patents to the public.64 Finally, Chevron must notify infringement defendants of the order, provide annual compliance reports to the FTC and afford FTC access to monitor relevant records.

The most notorious family of alleged hold-up cases concerns the ongoing saga largely based on Rambus involvement in the Joint Electron Device Engineering Counsel (JEDEC) standards development for computer memory called DRAM. According to the FTC Complaint, Rambus designs, develops and markets chip-connection technology to enhance the performance of computers, consumer electronics, and communications systems. Rambus encourages other companies to design this technology into their products and licenses the manufacture and sale of chips using its technology. Even before Rambus incorporated in 1990, its founders, Michael Farmwald and Mark Horowitz, outlined a strategy whereby, in an effort to obtain high

61 In re Unocal, F.T.C. Docket No. 9305 (Mar.4, 2003) facts alleged in complaint at: http://www.ftc.gov/os/2003/03/unocalcmp.htm. 62 See e.g., U.S. Patent Nos. 5,288,393, 5,593,567, 5,653,866, 5,837,126 and 6,030,521. 63 In re Chevron Corp. & Unocal Corp., File No. 051 0125 (June 2005) consent decision and order at:http://www.ftc.gov/os/caselist/0510125/0510125.htm. 64 E.g., Union Oil Company of California v. Atlantic Richfield Company, et al., Case No. CV-95-2379-CAS and Union Oil Company of California v. Valero Energy Corporation, CV-02- 00593 SVW. No refunds were required for payments made to Unocal prior to the merger date.

royalties for their RDRAM designs, they would seek to establish RDRAM as a de facto industry standard. In March 1992, Rambus broke out portions of its ‘898 patent application65 into 10 divisional patent applications.66

Rambus was regularly involved with SDA at the JEDEC, its representatives regularly attended meetings of the JC-42.3 Subcommittee on RAM Devices between 1991 and 1995 but allegedly terminated participation when Rambus’ in-house counsel learned of the FTC’s proposed Dell consent order. The FTC alleges that during Rambus participation in JEDEC, Rambus made only limited and misleading disclosures about its IP rights and this violated JEDEC’s IP disclosure duty. In late 1999, Rambus began contacting all major DRAM and chipset manufacturers worldwide asserting that, by virtue of their manufacture, sale, or use of JEDEC-compliant SDRAM, they were infringing upon Rambus’s patent rights. Rambus invited contact to promptly resolve such issues. The DRAM industry has been unable to work around or design around Rambus’s patents. There have also been allegations about Rambus spoliation of internal documents related to some of the facts alleged in the civil and FTC cases.

There has been separate infringement litigation involving the major DRAM producers (Hynix, Samsung, Hitachi, Infineon, Micron) that some have settled, but some are ongoing in multiple jurisdictions (N.D. Cal., E.D. Va., D. Del.).67 On August 2, 2006 the FTC unanimously overturned an ALJ decision dismissing the FTC’s complaint against Rambus.68 The FTC found Rambus committed acts of deception that constitute exclusionary conduct under §2 of the Sherman Act and that this contributed significantly to Rambus’s acquisition of monopoly power in four relevant markets.69

Due Process Constraints on SDA Processes

Traditional conceptualizations of standards-setting processes may be excessively influenced by legacy government agency practices such as FCC standards regulations. De jure SDA were anchored by the government’s role in facilitating a more objective selection from existing technologies that would assure

65 U.S. Pat. App. No. 07/510,898. 66 As of January, 2006, Rambus helds at least 50 patents on related computer memory technologies derived from applications made throughout the 1990s. The most recent patent issued in October of 2004, but at least another 33 more patent applications are still pending. 67 See e.g., Rambus Inc. v. Infineon Technologies AG, 318 F.3d 1081 (Fed. Cir.), cert.denied 540 U.S. 874 (2003). 68 In re Rambus, F.T.C. Docket No. 9302, Order, July 31, 2006, http://www.ftc.gov/os/adjpro/d9302/060802rambusorder.pdf 69 In re Rambus Inc., F.T.C. Docket No. 9302, http://www.ftc.gov/os/adjpro/d9302/index.htm.

13

Standards Lock & Hold

interoperability. Traditional standards-setting processes are giving way to standards-making or SDA because of the non-trivial design component in modern technical standards. The federal government is encouraging the more widespread use of private consensus standards rather than the legacy, governmentally-directed, standards setting. In recent years, particularly for Internet standards, the SDA processes have involved both (1) proposing a solution created from scratch and (2) accepting, adopting, and standardizing this proposed solution as a new design. Herein, such standards are called standards with a substantial design component (SSDC), also called “anticipatory standards.”70 Internet standards-setting consortia develop SSDC more now than was present in legacy, government or de jure processes.

Due process criteria are emerging in SDO policies that include both and contextual and normative constraints on SDA. Today, there are several direct sources of public policy that constrain SDA with due process restrictions and at least two or more broad bodies of public policy that indirectly restrict participants in SDA. First, the American National Standards Institute (ANSI) requires adherence to its due process requirements before successful SDO activities can result in American National Standards (ANS).71 SDOs setting ANS must adhere to various principles of due process, consistent with democratic principles generally followed in legislative and regulatory rulemaking activities that prevail in many nations and as recognized by international treaties.72 Second, SDO activities that comply with OMB Circular A-119 are favored for federal agency adoption and federal agencies are encouraged to participate in these SDA’s.73 Third, the Standards Development Organization Advancement Act of 200474 (SDOAA) may exempt some SDA from some antitrust scrutiny. Finally, as discussed more fully elsewhere in this and other chapters, there are contextual and normative constraints that interplay, notably the conflicts between IP rights and antitrust law. IP rights either embodied in standards or necessary to practice standards raise antitrust questions that may conflict with strategies used by some IP rights owners in their SDA participation. In addition, there will likely persist an ongoing role for

70 See, Carl Cargill, Information Technology Standardization: Theory, Process, and Organizations, (Bedford, MA: Digital Press, 1989). 71 See American National Standards Institute “Essential Requirements: Due process requirements for American National Standards,” (January 31, 2005) http://www.itl.nist.gov/biometrics/Requirements0405.doc (hereinafter ANSI “ANS Due Process Requirements”) (replaced ANSI Procedures in March 2003). 72 Uruguay Round Agreement, “Agreement on Technical Barriers to Trade,” World Trade Organization, Marrakesh, 1994. 73 OMB Cir.A-119. 74 Pub. Law No: 108-237, 118 Stat. 661, (H.R. 1086).

private contracting by SDOs that conditions SDA participation on observance of these constraints.

ANSI “Essential” Due Process Requirements ANSI due process requires “equity and fair play”

in “activities related to the development of consensus for approval, revision, reaffirmation, and withdrawal of ANS. SDO procedures must afford such due process rights to any affected75 person76 permitting them to participate by considering their position and providing them a right to appeal. ANSI requires adherence to eight generalized but essential due process requirements, and requires other contextual compliance with the ANSI’s normative policies77 and ANSI’s administrative procedures. 78

ANSI - ANS Due Process Requirements

1. openness 2. lack of dominance 3. balance 4. notification 5. consideration 6. consensus 7. appeals 8. written procedures

First, openness requires open participation

opportunity, 79 without undue financial barriers or voting eligibility based on organizational affiliation or technical qualifications.80 Second, the SDA must

75 Under ANSI - ANS Due Process Requirements §1.0, participation rights must be afforded persons with a direct and material interest. 76 Id. “person” includes various organizations, companies, government agencies, individuals, etc. 77 Accredited SDOs must comply with the ANSI normative policies, ANSI - ANS Due Process Requirements §1.9, see ANSI - ANS Due Process Requirements §3.0 (normative policies). The normative policies include the ANSI patent policy, ANSI - ANS Due Process Requirements §3.1 discussed infra., commercial terms and conditions, ANSI - ANS Due Process Requirements §3.2, recordkeeping to provide evidence of normative policy compliance, ANSI - ANS Due Process Requirements §3.3, and have on file with ANSI a metric policy, ANSI - ANS Due Process Requirements §3.4 as well as an interpretation policy, ANSI - ANS Due Process Requirements §3.5. 78 Accredited SDOs must comply with the ANSI administrative procedures of the ANSI Executive Standards Council, ANSI - ANS Due Process Requirements §4.0 (normative administrative procedures). 79 Timely and adequate notice is required that clearly describes the SDA purpose and makes relevant information available. Notice is needed to facilitate participation and it must identify details of all participants; See ANSI - ANS Due Process Requirements §2.0, which provides implementation details and declares normative policies and administrative procedures. Accredited SDOs must comply with the ANSI normative policies and administrative procedures of the ANSI Executive Standards Council. ANSI - ANS Due Process Requirements §1.9, see ANSI - ANS Due Process Requirements §3.0 (normative policies) & §4.0 (normative administrative procedures). 80 ANSI - ANS Due Process Requirements §1.1.

14

Standards Lock & Hold

demonstrate a lack of dominance81 in the fair and equitable consideration of viewpoints by any single interest—a category, individual or organization. Third, there should be balance among interests from diverse “interest categories” depending on the proximity of impact the standard under development might have to various measures of their interests.82 Fourth, there must be notification of standards development and coordination “appropriate to demonstrate an opportunity” for effective participation and the notice must explain the SDA project and identify stakeholders likely to be impacted.83 Fifth, the SDO must give prompt consideration of participant’s views and objections including notice to all affected parties if a view is accommodated or is not accommodated.84 Sixth, a democratic consensus process, usually by a vote, must be taken specifying requirements for voter eligibility, election procedures and recordkeeping of commentary accompanying votes.85 The voting procedures are complex and their considerable respect to the content and quality of objections implies recursive negotiations. Seventh, there detailed directives for appeals from SDO or ANSI actions that result in complaints or concerns for the protection of directly and materially affected interests of participants.86 These should be fair, unbiased and readily available tribunals for the impartial handling of procedural complaints that are addressed promptly with

81 Dominance is defined as a position or exercise of dominant authority, leadership, or influence by reason of superior leverage, strength, or representation, ANSI - ANS Due Process Requirements §1.2. No ex ante test for dominance is envisioned but written (or electronic) ex post claims of dominance should be considered. 82 ANSI - ANS Due Process Requirements §1.3. Various quantitative thresholds of imbalance were historically used in some SDA depending on the nature of the standard under development. However, the ANSI Benchmarks now permit consideration of various constituencies called “interest categories” at a minimum considering producers, users and the general public interest. Depending on the circumstances, other constituencies may potentially include: i) consumers, ii) those directly affected among the public, iii) distributors and retailers, iv) industrial and/or commercial interests, v) the insurance industry, vi) labor, vii) manufacturer, viii) professional societies, ix) regulatory agencies, x) testing laboratories and xi) trade associations, ANSI - ANS Due Process Requirements §2.3. 83 ANSI - ANS Due Process Requirements §1.4. ANSI Benchmarks require use of the Project Initiation Notification System (PINS) form to facilitate announcement in the ANSI publication, Standards Action, http://www.ansi.org/news_publications/periodicals/standards_action/standards_action.aspx?menuid=7. There are certain exceptions for revisions to the maintenance of current standards. 84 ANSI - ANS Due Process Requirements §1.5. Notice must be given to each submitter of an unresolved objection including the opportunity for appeal under the SDO’s rules. 85 Under ANSI - ANS Due Process Requirements §2.6 several democratic processes are required including, e.g., all members must be eligible to vote, members must have an opportunity to change votes, the SDO must record comments accompanying votes, written or electronic proxy/absentee balloting must be accommodated and final results must be reported. 86 ANSI - ANS Due Process Requirements §1.7.

the participation of all concerned parties. Finally, SDOs must use and make available their procedures in writing.87

Federal Standards Policies Federal policy is significantly influencing the

migration of many standards from design (or prescriptive) standards88 to performance standards89 as well as another migration from government agency-imposed de jure standards to private voluntary consensus standards (VCS).90 First, the National Technology Transfer and Advancement Act of 1996 (NTTAA)91 requires all Federal agencies and departments, in carrying out agency policy, whenever possible,92 to use technical standards developed or adopted by voluntary consensus standards bodies, particularly for procurement and regulatory activities. Federal agency participation in SDO is encouraged because Congress found that the standards they develop will better serve both public and private needs.93

87 ANSI - ANS Due Process Requirements §1.8. 88 OMB Cir.A-119 at §3(c). Design standards are defined obliquely: “performance standard may be viewed in juxtaposition to a prescriptive standard which may specify design requirements, such as materials to be used, how a requirement is to be achieved, or how an item is to be fabricated or constructed,” (emphasis added). Note OMB Cir.A-119 applies only to technical standards, and not to behavioral standards used to regulate professional responsibility, under §3(b):

“The term "standard" does not include the following: (1) Professional standards of personal conduct. (2) Institutional codes of ethics.”

89 Id. “Performance standard” … states requirements in terms of required results with criteria for verifying compliance but without stating the methods for achieving required results. A performance standard may define the functional requirements for the item, operational requirements, and/or interface and interchangeability characteristics. 90 National Technology Transfer and Advancement Act of 1996 (NTTAA), Pub. Law 104-113, 110 Stat. 775 (hereinafter NTTAA). NTTAA §12(d) Furthermore, federal agencies must consult and participate with voluntary, private sector, consensus standards bodies when in the public interest and is compatible with agency missions, authorities, priorities, and budget resources. Narrow exceptions permit agencies to justify exceptions in reports to the Office of Management and Budget (OMB) necessitating the development of standards outside the VCS context if the VCS approach would be inconsistent with applicable law or otherwise impractical. The VCS approach is most appropriate when they are immediately useful or are adaptable to government use and may help to accomplish other important goals: reduce government development costs for de jure standards, decrease government procurement costs, incentivize SDA consistent with national goals, harmonize standards that promote efficiency and competition and encourage government procurement from the private sector. 91 Pub. Law 104-113, 110 Stat. 775. 92 OMB Cir.A-119 §6(a). 93 Agencies should use VCS because, “when properly conducted, standards development can increase productivity and efficiency in Government and industry, expand opportunities for international trade, conserve resources, improve health and safety, and protect the environment.) OMB Cir.A-119 §6(e).

15

Standards Lock & Hold

Second, the NTTAA is implemented by most executive federal agencies94 and these disparate efforts are supervised by the Office of Management and Budget (OMB).95 OMB coordinates this dispersed compliance under its own guidance found in OMB Circular No. A-119.96 Third, the Standards Development Organization Advancement Act of 2004 (SDOAA)97 further incentivizes SDA that result in VCS by endowing SDOs with limited antitrust immunity.

OMB Circular No. A-119 OMB Cir.A-119 requires a due process approach

closely parallel to the ANSI—ANS Due Process Requirements. Federal agencies are encouraged to participate in SDA and use the standards developed by a voluntary consensus standards body (VCSB). Under OMB Cir.A-119, a VCSB is defined in terms of

Agency participation in SDA is encouraged but constrained.

While agencies must consult and participate with VCSB, this involvement is limited to activities “in the public interest” and compatible with the agencies’ missions, authorities, priorities, and budget resources. There are further constraints on the form of support permissible, the agency’s authorization of particular participants, the agency’s explicit or implied endorsement of VCS arising from SDAs, limits on agency involvement with VCSB internal management (e.g., avoiding domination), the number of agencies participating in any particular VCSB OMB Cir.A-119 §7.

Nevertheless, agency participation in SDA must be as a peer with other participants particularly in matters such as establishing priorities, developing procedures for preparing, reviewing, and approving standards, and developing or adopting new standards. This includes full involvement in discussions and technical debates, registering of opinions and, if selected, serving as chairpersons or in other official capacities. Agency representatives should be given full voting rights unless prohibited by law or agency policy. Id. 94 Under OMB Cir.A-119 §5 “Agency” means “any executive department, independent commission, board, bureau, office, agency, Government-owned or controlled corporation or other establishment of the Federal Government. It also includes any regulatory commission or board,” but not independent regulatory commissions because there are separate statutory requirements on the use of voluntary consensus standards, nor does it cover legislative or judicial agencies. 95 OMB’s authority to require VCSB participation and VCS use are derived from 31 U.S.C. §111 (authority to establish policies to improve management of executive branch). Under OMB Cir. A-119, the Secretary of Commerce must coordinate implementation and provide guidance including the identification of VCSBs and VCS (e.g., through databases of standards maintained by the National Institute of Standards and Technology (NIST), VCSB, other federal agencies, standards publishing companies. OMB Cir.A-119 §6(l)). An Interagency Committee on Standards Policy (ICSP) is chaired by NIST to consider agency views and advise the Secretary and agency heads on the Circular and reports to the OMB Director on implementation. The heads of other executive agencies must implement OMB Cir.A-119, insure agency compliance, designate a senior level official as the agency’s Standards Executive who implements OMB Cir.A-119, represents the agency on the ICSP and prepares an annual report through NIST to OMB, OMB Cir.A-119 §15. 96 OMB Cir.A-119 was previously revised on October 20, 1993. The currently effective version of OMB Cir.A-119 reflects the expansion of OMB authority in the NTTAA. 97 Pub. Law No: 108-237, 118 Stat. 661 (H.R. 1086).

its due process “attributes:” (i) openness, (ii) balance of interest, (iii) due process, (vi) an appeals process and (v) consensus. Therefore, OMB Cir.A-119 requires executive agencies, but not quasi-independent regulatory bodies (e.g., commissions) to participate in VCSB activities and use the VCSs produced therein but only when the SDO has due process attributes similar to the ANSI Due Process Elements. Listed in Table 4 are the OMB’s attributes for VCSB.

VCSB Attributes OMB Cir. A-119

1. openness 2. balance of interest 3. due process 4. an appeals process 5. consensus

The fifth OMB due process attribute, “consensus,”

is the most detailed, actually a complex collection of due process rights analogous to several from the ANSI regime. For example, the OMB vision of a “process for attempting to resolve objections” compares closely with the ANSI concept of “appeal.” The OMB requirements for an opportunity to submit “comments [to have them be] fairly considered” closely parallels the ANSI “consideration” element. OMB’s requirement that each objector be “advised of the disposition of his or her objection(s) [including] the reasons why” combines components from the ANSI elements of “consideration” and “notification.” Finally, the OMB requirement that VCSB must offer participants with an “opportunity to change their votes after reviewing the comments” comports quite closely to the ANSI “appeals” element.

Standards Development Organization Advancement Act - SDOAA

The Standards Development Organization Advancement Act of 2004 recognizes the societal contributions of standards by expressly approving the SDO due process attributes of OMB Cir. A-119. The SDOAA renames and restates these principles in the §102 Findings:

“Such principles provide for—notice to all parties known to be affected by the particular standards development activity, the opportunity to participate in standards development or modification, balancing interests so that standards development activities are not dominated by any single group of interested persons, readily available access to essential information regarding proposed and final standards, the requirement that substantial agreement be reached on all material points after the consideration of all views and objections, and the right to express a position, to

16

Standards Lock & Hold

have it considered, and to appeal an adverse decision.”98

The SDOAA also recognizes that the SDA of government agencies is protected by antitrust immunity not available for private-sector VCSBs making SDOs vulnerable to antitrust claims even though SDOs are unlikely to directly benefit from collusion. Therefore, the SDOAA grants limited antitrust immunity for SDOs to incentivize their benefits for society and government99 through application of the rule of reason to qualifying SDO activities, both domestic and international, rather than per se analysis. The SDOAA also limits treble damages and encourages SDOs to disclose their various SDAs for review by the antitrust enforcement divisions of the Department of Justice (DOJ) and the Federal Trade Commission (FTC).

SDOs risk antitrust law exposure from allegations of various forms of anticompetitive collusion, including, price fixing, concerted refusals to deal, or other practices that barriers to entry by competitors or alternate technologies.100 The SDOAA is intended to reduce the uncertainties of SDO antitrust exposure by limiting situations that use the per se analysis.101 Instead, SDOs can partially immunize their SDAs by filing notice with antitrust regulators and this is more likely to result in antitrust scrutiny under the rule of

98 15 USC 4301 note (SDOAA §102(5). The following lists more succinctly lists these SDOAA Standards Development Principles

1. Notice of particular SDA to affected parties 2. Opportunity to participate in SDA 3. Balancing interests to avoid SDA domination by any

single group 4. Ready access to proposals and final standards 5. Consideration of all views and objections 6. Substantial agreement on all material points before

reaching final standards 7. Right to express positions in SDA 8. Right to consideration of positions by SDO 9. Right to appeal adverse SDO decisions

99 SDOAA, Pub. Law No: 108-237, 118 Stat. 661, §102. 100 See e.g., Allied Tube & Conduit Corp. v. Indian Head, Inc., 486 U.S. 492 (1988) (SDO meeting packed with new recruits favoring steel conduit to defeat permitted use of PVC as electrical conduit in National Electrical Code violates Sherman Act prohibition against concerted refusal to deal). 101 See e.g., Bagby, John W., ECOMMERCE LAW, (West Pub. Co. 2003) at 542-44.

“Courts have encountered many types of agreements that are almost always unjustifiable. The rule of reason is an inefficient use of judicial and regulatory resources. Some business agreements, such as price-fixing, are designated illegal per se and so they are never justified. This means that the inquiry ends if a per se violation is proven. Trials are shortened and simplified by avoiding unnecessary attempts to justify the restraint. The per se rule provides business managers with clearer guidance. Per se offenses include price-fixing, division of markets, group boycotts, concerted refusals to deal and tie-in relationships. The courts first determine whether the conduct in question falls within one of these per se categories. Thereafter, no further analysis is necessary because unlawful anticompetitive effect is presumed.”

reason.102 To qualify for rule of reason treatment, the SDO must file “original” notice with DOJ and the FTC before 90 days elapse after SDA is commenced; including the SDO’s name and principal place of business and documents showing the nature and scope of the SDA.103 The SDOAA grants no immunity to SDA participants. Furthermore, the SDOAA makes the qualified immunity under the rule of reason inapplicable for SDA that engage in price fixing, market allocation and certain information exchanges,104 and SDOs remain subject to state-court-based and private rights of actions. The public policy framework and due process principles applicable to SDOs and VCSB engaged in developing VCS now constrain SDA sufficiently that research methods like those employed here are now enabled.

Clearly some differences remain among all these the broad due process principles and there is potential for detailed differences between ANSI’s more precise rules of practice and those of various SDOs. The

102 Overly strict, literal application of the Sherman Acts prohibition against "every contract, combination . . . or conspiracy in restraint of trade" could make nearly every contract illegal because most contract restrain trade at least in some small way. To avoid this misinterpretation, the courts encourage free markets and through the conduct of in-depth economic analysis of the alleged restraint’s procompetitive benefits, in the SDA context, the pro-competitive rationales for standardization, the SDO’s procedures and the actual behaviors of all participants in a particular SDA.

See e.g., Bagby, John W., ECOMMERCE LAW, (West Pub. Co. 2003) at 541: “The rule of reason developed to prohibits contracts that will reduce competition, if intended to unreasonably restrict competition, the parties have the power to implement their scheme and/or had no less restrictive alternative to the scheme. In 1918, Justice Brandeis announced the rule of reason analysis in Chicago Board of Trade v. United States, 246 U.S. 231 (1918):

“The true test of legality is whether the restraint imposed is such as merely regulates and perhaps thereby promotes competition or whether it is such as may suppress or may even destroy competition. To determine that question, the court must ordinarily consider the facts peculiar to the business to which the restraint is applied; its condition before and after the restraint was imposed; the nature of the restraint and its effect, actual or probable. The history of the restraint, the evil believed to exist, the reason for adopting the particular remedy, the purpose or end sought to be obtained, are all relevant facts.”

103 See Filing Notification Under the NCRPA (DOJ Antitrust Div.) Supplemental filings to update and/or revise are needed when the SDA makes an addition to or change in the standards setting activities such as convering new subject matter not covered in the original filing, http://www.usdoj.gov/atr/public/guidelines/ncrpa.htm104 15 U.S.C. 4301(c), “The term ‘standards development activity’ excludes the following activities: (1) Exchanging information among competitors relating to cost, sales, profitability, prices, marketing, or distribution of any product, process, or service that is not reasonably required for the purpose of developing or promulgating a voluntary consensus standard, or using such standard in conformity assessment activities. (2) Entering into any agreement or engaging in any other conduct that would allocate a market with a competitor. (3) Entering into any agreement or conspiracy that would set or restrain prices of any good or service.’’

17

Standards Lock & Hold

similarities represent an important evolution towards universal standards of SDA processes. Precise uniformity seems both unlikely and unnecessary. International SDOs and accrediting bodies are unlikely to adopt all the precise wording of ANSI’s Essentials or any U.S. law for that matter. As with differences in most national laws, the similarities tend to overpower the differences, fostering commerce and general conformity. The impact of such differences will be revealed over time, perhaps through some litigation, but most likely through future negotiations over SDO policies and procedures. Most importantly, a long awaited equilibrium in SDO processes is being accomplished.

SDA Strategies Several aspects of the U.S. antitrust and patent law

have impact on the strategic behavior of SDA participants when IP rights may underlie the standards. This, in turn, affects the strength of SDO’s IP disclosure rules. First, the 18 month publication of pending patent applications limits the confidentiality of patent claims. This rule requires revelation that may inform SDOs and SDA participants who do costly patent search of IP rights to determine if such rights may block free access to the standard. Of course, patent search does not unearth such technology until after 18 months, perhaps even longer for U.S. domestic-only applications. This raises the question of the scale of patent search “investments” needed during SDA and who should bear these costs. If SDOs impose stronger ex ante IP disclosure rules, this could attenuate exhaustive patent search costs. These are potentially enormous expenses of expert identification and evaluation of publicly available patent search data to determine the presence of IP rights in developing standards. However, with weak SDO disclosure rules and/or their weak enforcement, patent search expense falls on SDOs and SDA participants. In addition to these search and interpretation costs are the risks of infringement litigation.

Provisional patent applications may reduce some patent search costs to the extent they provide earlier, but imprecise notice about technologies invented by SDA participants. Some SDO rules deny responsibility to identify “all” IP rights in standards. For example, under the ANSI’s “Normative” ANS requirements, it can be appropriate for IP rights to exist in ANS if licenses are available free or on terms that are reasonable and non discriminatory (RAND). This provision is triggered “if” the SDO receives notice of IP rights in the standard and the standard may not issue until the IP rights holder provides assurances of free or

RAND licensing.105 Most SDO rules concerning the ex ante disclosure of IP rights are weak, requiring disclosure only of issued patents only and not requiring disclosure of applications, R&D or trade secrets.

The U.S. patent law’s first-to-invent rule requires inventors to be diligent and prevents later inventors from claiming ownership or control. The first-to-invent rule may enable surprise submarine patents that contribute to the hold-up problem if SDO ex ante disclosure rules are weak. This suggests that SDOs consider developing stronger ex ante disclosure rules and prevent SDA participants from claiming inventorship for technologies developed in the SDA. For example, SDOs could design rules that identify or discourage tactical, strategic behaviors by SDA participants that cause delay or serve to abandon participation to pursue IP rights directly developed in the SDA. Stronger rules might also include requirements for disclosure of R&D, patents held and patent applications relating to the standard, require RAND licensing terms for SDA participant’s IP rights and set limits on the control that either SDOs or SDO participants may retain over technologies developed in the SDA.

The U.S.’s one-year grace period provides further cover for SDA participants with secret IP rights. Premature disclosure of technology invented before a patent application is made may prevent its issuance so early ex ante disclosure to SDOs is discouraged by patent law. Strong patent infringement remedies further advantage patent holders in negotiations with SDOs. SDOs typically have very limited litigation defense budgets that are inadequate to defend many infringement suits.

SDO Due Process – Competition in Laxity? Society is best served with successful SDA because

society suffers sunk costs and lost opportunity to commercialize new technologies if undisclosed IP rights remain unavailable or a promising developing standard must be abandon. SDOs face a dilemma in changing their IP rights policies. Stronger requirements for ex ante disclosure of all IP rights risks deterring (at least some) important SDA participation. Indeed, competition among SDOs may lead to a classic “race to the bottom” incentivizing weak IP rules to maximize participation by major players. Participants with substantial secrets can be expected to sometimes decline SDO participation when required to reveal trade secrets, non-public patent applications or signal R&D and strategic plans. SDOs may be unable to unilaterally enforce strong rules if important SDA participants would simply refuse participation in such forums.

105 ANSI - ANS DUE PROCESS REQUIREMENTS, §3.1.

18

Standards Lock & Hold

At least two mechanisms could alleviate some of this difficulty. First, federal law requiring ex ante disclosure might level the playing field in SDO competition. Such a law is controversial and likely to ignite opposition from at least some in the IP community. Second, SDA participants without IP rights to contribute could provide some balance. Their incentives often differ from IP rights holders unless their support is induced such as with discriminatorily favorable licensing terms. Their absence from SDA participation weakens the balance and lack of dominance required by SDA due processes. Their absence also undermines the critical mass needed for a standard’s eventual success. These participants can be expected to push for stronger SDO rules that encourage or even require participants to make ex ante disclosure, provide RAND assurances that licensing will be made freely available, and insist on balanced licensing terms such as caps on royalties or other fees.

Five Models Addressing the Holdup Phenomenon

Even with ex ante IP disclosure, precise cost information is typically absent during SDA so participants face considerable uncertainty. There is no reliable consensus on what constitutes RAND. A “reasonable” royalty to the IP rights holder is likely higher than to a licensee trying to comply with the standard. When and how should such royalty negotiations occur? Consider the pricing alternatives possible for each item of IP rights embedded in a standard. First, the IP rights could be made available royalty free. This would give little preference for either the ex ante or ex post disclosure of such IP rights during SDA. Royalty free terms are less likely to incentivize participation by the IP rights holder. A second derivation of the free model was evident in the FTC’s consent agreements with Dell and Unocal. Under this fair use model the IP rights holder failing to provide ex ante disclosure and arguably engaged in unfair methods of competition could be ordered to dedicate its IP rights to the public, a form of negotiated public taking. Some IP property rights activists decry this development as inimical to the incentive philosophy underlying IP rights.

A third alternative would base licensing terms on RAND. Ex ante disclosure of IP rights would permit design or selection of contributed technologies vs. substitute technologies, thereby benefiting society and the other participants. The level of RAND remains low only so long as alternative technologies exist or can be easily developed. RAND terms could be negotiated or otherwise set more competitively if antitrust enforcement risks covering such ex ante fee negotiations were protected from frivolous antitrust

suits. Perhaps a variation of royalty setting using the royalty pool model might be adapted to SDA thereby permitting negotiations between IP rights holders and other SDA participants. The risk of antitrust challenge for collusion has generally deterred this type of negotiation. However, it might be possible to gain comfort if qualified immunity was granted by statute, if clearance was forthcoming in a DOJ business review letter106 and/or other comforting statements of regulatory enforcement intent reduces the widespread apprehension to a pooling approach.107

The fourth approach is evident in several recent high visibility cases: the holdup model. Under this approach there would typically be no ex ante disclosure by IP rights holders. Hold-up runs the risk of considerable sunk costs by producers of products compliant with the standard. Ex post disclosure gives IP rights holders considerable negotiating advantage over other SDA participants when the latter become locked-in to the standard and thereby the underlying IP rights. However, the hold-up model may increasingly violate SDO rules and the spirit of voluntary SDA participation and it risks antitrust liability for misuse. To the extent feasible, IP rights holders may risk abandonment of the standard by other SDA participants if hold-up appears unreasonable and reasonable substitutes can be developed.

A fifth approach, essentially an extension of hold-up, adds the potential for unequal, discriminatory treatment of SDA participants and non-participants who might later seek to use the standard. This laissez-faire licensing model would recognize the essential and changing value of the IP rights and the standard. For example, early SDA participation could possibly be rewarded through lower royalty rates or more favorable non-monetary terms offered because early adopters assist the IP rights holder in achieving critical mass. There might be an incentive to penalize non-participating free-riders for failing to participate early and dutifully. It could also be used to favor other IP rights holders who have an ability to barter their IP rights through grantbacks, patent portfolio settlement strategies or cross-licenses. Note that SDO processes that require RAND based on monetary-only royalty payments actually reduce negotiation flexibility under the laissez-faire model. Monetary-only terms prevent the in-kind exchanges mentioned above and could make

106 Business Review letters are statements of prosecutorial intent binding only on the Antitrust Division of the Department of Justice, 28 C.F.R. §50.6 (2004). 107 Majoras, Deborah Platt, Chairman, Fed. Trade Comm’n, Recognizing The Procompetitive Potential Of Royalty Discussions In Standard Setting, at the Stanford University conference: Standardization And The Law: Developing The Golden Mean For Global Trade, (Sept. 23, 2005), http://www.ftc.gov/speeches/majoras/050923stanford.pdf

19

Standards Lock & Hold

illegitimate side payments or off-the-record settlements. Finally, throughout the standards life cycle (SLC) there are difficulties in evaluating the prevailing value of IP rights as well as any future contribution the standard makes to commercialization. The laissez-faire model permits an ever-changing equilibrium pricing from ad hoc negotiations.

A Theoretical Perspective: D-S-N Model applied to SDOs

To investigate the standards development process, we follow the theoretical perspective suggested by Fomin et al. (Fomin, Kyle and Lyytinen, 2003). They suggest an integrative model that combines three perspectives: design (D), sensemaking (S), and negotiation (N). The combined model D-S-N provides a “dynamic process model of standardization.” Each component in the model i.e. D, S and N is the result of different theoretical strands, i.e. each conveys a specific meaning of the terminology used. In this section, we first outline the individual components, followed by a discussion of the integrative possibilities suggested by the D-S-N model.

Design The term ‘Design’ (D) follows the view suggested

by Simon [Simon 1981] with specific occurrences such as the actors planning and committing to a specific, new innovative course of action, which can include small design steps, broad trajectories, and strategies such as design and conquer. The design activity can also include a requirement analysis followed by creation of an artifact. This process of creating the artifact or parts of it constitutes the design (D) perspective that is part of the D-S-N model. When multiple companies cooperate on the design, they have to design pieces of the artifact such that they may be integrated to create one consistent standard. For example, working groups at consortia such as W3C include vendors of software products, who have the capability to design different pieces of the standard. The development of the overall standard, sometimes termed anticipatory standards setting [Cargill 1989], then, requires significant design contributions from participants to the development process.

During a standards development process, it is possible that the software vendors ‘design’ the standards in-house, either singly or in conjunction with allied companies, and then present the standards to the committee as a proposal for acceptance. ‘Designing’ the standard, therefore, involves substantial technical input from software engineers, marketing personnel, sales and customer representatives, and other interested parties in the organization. Because design represents a choice, the organization designing the standard may

attempt to steer the outcome to one that provides the organization with a competitive edge. This requires the other two components, S and N to be part of the overall model.

Sense-making The term ‘sense-making’ (S) is attributed to Weick

(Weick, 1995), who describes it as “the process of invention or creation of a sense”. His work, which has been seminal for understanding organizations, suggests that sense-making is a process that participants engage in to create a ‘sense’ that results from an individual’s (or a community’s) response to changes in environment. His original description, which is mostly re-active (actors try to make sense of outcomes of past events and situations to become oriented with current environment) needs to be expanded for anticipatory standards-making. Sense-making in this context includes proactive sense-making i.e. attributing meanings to a not-yet-invented technology. Because of the substantial design component of the standards, the participants in the standards development process need to understand the (proposed) standard and all its features fully.

Sense-making, thus, is a prerequisite for acceptance or rejection of a standard, its features, and its implications for the participant. The process of sense-making, thus, involves an assessment by a participant of the features included in the design e.g. its potential benefits to the organization he or she is representing. For example, software components following a standard may facilitate or hinder organization from offer plug-and-play components that can work with other, existing offerings. During the sense-making phase, a participant assesses how the proposed design of a standard may fits with other existing software or even business strategies that his/her organization may be pursuing. In few cases, such sense-making can lead to complete acceptance or rejection of a standard. A more likely consequence is negotiation, the third component in the D-S-N model.

Negotiation The negotiation (N) element follows the view

suggested by (Latour 1995; Callon and Law 1989), recognizing the importance of social interaction within a network of actors in which technology becomes introduced and stabilized. In particular, negotiation suggests a processual perspective of the building of socio-technical network related to the standardization process. During Negotiation, actors bargain the distribution of future inputs and outputs to reach an agreement such as choosing one of many designs (Latour 1995). The entire standard need not be decided and accepted during one negotiation cycle. Instead, a

20

Standards Lock & Hold

negotiation may result in an agreement on changes required in the design and an assignment of tasks of who should perform the design change. A recursive approach to negotiation may follow, with negotiations of increasingly detailed design specifications. A broad definition of negotiation, however, can include negotiating for a membership in the committee, negotiating for the responsibility of designing a feature in the standard, negotiating the acceptance of a feature into the standard to negotiating a future enhancement to the standard at hand. It also includes compromises affected in order to reach an agreement as well as the division of labor and assignment of design tasks.

Inter-dependencies among D, S, and N It is important to note that an activity during the

standardization process may include multiple elements (D, S and N). For example, while an actor may individually commit to a design, different mechanisms can govern how multiple actors coordinate and negotiate to arrive at this commitment. This links design continually with negotiation because there are specific arrangements and negotiation tactics that can help reach and enforce agreement on designs. Sense-making that may emerge during standardization requires that the actor create and enact novel frames of reference and meaning in relation to potential and produced designs, processes and actors. This, in turn, continually links in design and sense-making, emphasizing the interpretive flexibility of a design. Finally, actors, via negotiations, continually rethink (i.e. make sense of) their relationships with others so that the actor network implied by the standard permits mobilization. That is, sense-making creates the negotiation space in which they relate designs to actors and to their different interpretations of the technology. In other words, mobilizing the actor-network as part of the sense-making process creates the negotiation space, in which the actors attempt to enroll and assign roles to others. The cycles and recursion with design (D), sense-making (S), and negotiation (N), therefore, provide a prima facie explanation of the complexities involved in the processes for developing standards with a substantial design component. One study (Virili, 2003) that has, so far, used this theoretical framework provides early evidence of the applicability of the D-S-N model to such standardization processes. However, that research lacks a substantial systematic and empirical treatment of the theoretical perspective to understand how the underlying standards development processes unfold. The current study provides this contribution.

Web Services The web services framework intends to provide a

standards-based realization of service-oriented computing. Web services are designed to enable “application-to-application communication and interoperability”108 among applications distributed over the Internet. Standards are an important component for web services because of the manner in which they facilitate interactions among applications within and across organizations. Web Services seek to enable interoperability. Enabling interoperation among information sources has been a goal for several technologies that have failed because of competing implementations. A case in point is CORBA. Microsoft’s COM family of products and OMG standard did not interoperate. Consequently, CORBA cannot be used to interoperate over the web. For the vision of interoperability across any machine or platform to be realized, there needs to be one standard for web services. Thus, standardization of web services is not an academic exercise nor is it an exercise, which will merely cause systems to improve. In this domain, standardization is vital for the very existence and realization of interoperation.

Standardizing the web-services technology is no easy task. These standards attempt to resolve a wide array of concerns. For example, web services must adhere to standards-based definitions of a messaging protocol, service description, service discovery, service composition, service choreography, service transactions, service management, contract establishment and several others. Security, efficiency, appropriate functionality, and ease of use are important considerations. These concerns clearly demonstrate the enormous difficulties associated with constructing a single, monolithic standard that encompasses all aspects of web services. Ongoing work on web service standards reflects this perspective. The core standards related to publishing the web services (WSDL [WSDL 2001]), finding the web services (UDDI [UDDI 2005]), and binding the web services (SOAP [SOAP 2003]) have been developed as separate, yet interdependent standards. Such interdependencies make standards development in this space a complex process.

In particular, the instantiation of web services is occurring via three different initiatives. The first represents a major effort from the World-Wide Web Consortium (W3C), which builds on the premise that web services may be defined in a programmatic manner so that companies can use them to integrate their operations [WS Arch 2005]. The second represents an

108 Web Services Architecture: Available at 2005http://www.w3.org/TR/2002/WD-ws-arch-20021114/ on 11th November, 2005.

21

Standards Lock & Hold

effort that is backed by the research community interested in realizing a vision of the Semantic Web in a machine-readable and machine-interpretable way [Berners-Lee and Miller 2002, Paolucci and Sycara 2004]. The third represents an effort put forward by the international consortium Organization for the Advancement of Structured Information Standards (OASIS) as a way to build upon existing EDI standards infrastructure and facilitate global trade [ebXML-Req 2001]. Over the years, these three initiatives have interacted with one another. For example, W3C now includes a working group on semantic web services [WS SWSIG 2002]. The Universal Description and Discovery Integration (UDDI) standard, initially developed by OASIS [OASIS 2005], is now foundational to the W3C efforts [WS Activity 2005]. The eBusiness XML (ebXML) standard put forward by OASIS [ebXML 2005] is also being integrated within the W3C efforts [WS Activity 2005]. These demonstrate cross-fertilization of ideas across these three standards-making initiatives, which started as distinct endeavors. They also highlight important similarities across the initiatives that go back to the basic concepts of SOC. Each initiative, thus, can be seen as a different instantiation of these basic concepts including the operations of publish, find and bind; and the roles of the service provider, the service discovery agency, and the service requestor [Manes 2003; Papazoglou and Georgakopoulos 2003].

Alternative instantiations The following presents a brief review of how each

initiative instantiates these basic concepts i.e. how it establishes the relationship between the roles and operations of SOC. We explain and contrast the three initiatives through an example for online travel agent:

“A customer [WSClient] who is registered to service discovery agent queries for online travel agent. Service discovery agent return list of online travel agent services. Customer [WSClient] will select a service which is most fitting to its requirement from search result, and then bind to that particular service. For our example scenario, we will assume that [WSClient] selects [TAService] service.

Fig. 1: Travel agent scenario with the W3C initiative

To realize our example scenario using the W3C initiative (see Figure 1), [TAService] would have to create a Web Services Definition Language (WSDL) document [WSDL 2001] to describe its service interfaces and publish it in the Universal Description, Discovery, and Integration (UDDI) registry [UDDI 2005]. [WSClient] will query the UDDI registry for services, which provide online travel agent capabilities. [WSClient], a potential customer, would select a service that meets its requirements. Assuming that [WSClient] selects [TAService], it would then bind its application to [TAService]. [WSClient] will generate Simple Object Access Protocol (SOAP) [SOAP 2003] messages conforming to [TAService]’s WSDL document and invoke [TAService]. Both [WSClient] and [TAService] will now exchange SOAP messages to communicate.

Fig. 2: The travel agent scenario with the Semantic

Web Services initiative

To realize our example scenario using Semantic Web Services (see Figure 2), [TAService] creates a service profile of its capabilities using the OWL based Web Services Ontology (OWL-S, formerly known as DARPA Agent Markup Language for Services (DAML-S)) [Ankolekar et al. 2001], which emphasizes semantic descriptors of capabilities. The service profile contains a service model that describes how to interact with the service, and a service grounding that maps the information exchanges described in the service model into actual messages [Ankolekar et al. 2001; Paolucci et al. 2003]. The service profile is then published in a Service Registry, which allows searches following these semantic descriptors. [WSClient] will query the Service Registry to find a required service, and when found, use its service grounding to bind the selected service. Assuming that [WSClient] selects [TAService], both services can generate messages to communicate. The key difference between the W3C initiative and the

22

Standards Lock & Hold

semantic web services initiative, therefore, is that the first depends on a syntactic description of web services, whereas the second utilizes more semantic descriptors derived from OWL-S.

Fig. 3: The travel agent scenario with the ebXML

initiative

Unlike the first two, the ebXML initiative builds on existing Electronic Document Interchange (EDI) standards [ebXML 2005] to specify the ebusiness XML (ebXML) language that globally distributed business partners can use to signify their compliance with minimum requirements for trading and conducting business [ebXML 2005]. The example scenario is realized following the OASIS initiative (see Figure 3) in the following manner. [TAService] will request the Business Process Specification Schema (BPSS) [ebBPSS 2001] from an ebXML registry [ebRS 2002] and populate it with its own capabilities that describe its implementation of an online travel agent service along with a Collaboration Protocol Profile (CPP) [ebXML-CPPA 2002] that specifies the electronic interactions it can participate in. [TAService] will then submit the BPSS and CPP i.e. its business profile to the ebXML registry. When [WSClient]’s query returns [TAService] as a potential business partner, it can download [TAService]’s business profile from ebXML registry. Both [TAService] and [WSClient] can then come to an agreement on conducting business (using their CPP), before negotiating and producing a Collaboration Protocol Agreement (CPA). Once the CPA is in place, [TAService] and [WSClient] are said to possess the required trading partner information, and may engage in conducting business electronically using a messaging service that is part of the ebXML specification [Rawlins 2002]. The key difference between the OASIS initiative and the first two is its focus on facilitating B2B commerce. Originally, the ebXML standard was suggested under the auspices of the United Nations with the interest of promoting participation from global

trading partners instead of specifying implementation-level details.

Research Methodology The research methodology used for this research

included content analysis, which suggests analytic procedures that enable researchers to make inferences from textual data in systematic and replicable manner (Stemler 2001).

Sources of secondary data The specific standard selected for this research is

SOAP version 1.2. Standards related to SOAP version 1.2 was developed under XML Protocol Working Group in W3C. Proposal for development of SOAP standards was submitted to W3C on April 2000 and it became a W3C recommended standard on June 2003. Figure 4 shows the timeline of the standardization process of the SOAP version 1.2. There are about 120 meeting records that are available under XML Protocol Working Group in W3C which are related to development of SOAP 1.2 standards. These meeting records are the transcripts of the telephone conversation and face to face meetings held for development of SOAP 1.2 standards. For this work-in-progress study, we have coded and analyzed first 60 documents in chronological order of the meeting.

The following is list of standards under SOAP 1.2: SOAP Version 1.2 Part 1: Messaging Framework: Recommendation. 24 June 2003 SOAP Version 1.2 Part 2: Adjuncts: Recommendation. 24 June 2003 SOAP Version 1.2 Specification Assertions and Test Collection.

Fig. 4: Timeline of standardization process of SOAP version 1.2

Content Analysis Software

We used the Atlas.ti™ qualitative analysis software to record the interpretations of the text. Then, we utilized these interpretations to perform comprehensible analysis. The software allowed us to add comments to passages (note-making/annotating),

23

Standards Lock & Hold

code selected passages as well as to search, retrieve, and browse the coded text rapidly. Figure 5 shows a screenshot of the Atlas.ti software that includes some of the data from a document being analyzed (left window pane), and the codes assigned to it (right window pane).

Fig. 5: Document editor and coding window in the Atlas.ti software

Coding Process

A coding process was used to generate elements that explained the roles and activities of participants engaged in the standards-development process.

The coders interpreted and assigned meaning to text fragments in the documents (which require reading and re-reading following a hermeneutic approach). Such an exploratory and emergent coding process consists of reflexive movement between concept development, analyzing texts in the documents, data analysis and interpretation (Altheide 1987).

To reduce the bias in the results, the coding process was performed by two independent coders. They conducted a systematic examination of the documents that involved ongoing discovery and comparison of concepts, codes, situations, interpretations and other nuances. The research method explicitly recognized difficulties of this nature in the process, and suggests that the biases of coders and the research team should be acknowledged. For this research, the team of researchers included participants trained in engineering, management, computer science and law. The diversity of the composition of the team ensured that the interpretations are not restricted to a single disciplinary perspective. Primary work for the coding was performed by researchers, whose backgrounds were in management and engineering with oversight provided by the other researchers.

In order to further reduce the bias and in particular, to limit problems of reliability of the emerging categories, the two independent coders engaged in process of establishing inter-coder reliability (Neuendorf 2002). Inter-coder reliability checks the extent to which independent coders evaluate a passage in the document and reach a similar interpretation. Achieving such a consistent inter-coder agreement is useful because it validates the emergent coding scheme,

and allows researchers to divide the coding work among many different coders.

The process for assessing and establishing inter-coder reliability involved establishing consistency among coders on the unit of analysis for coding and on the emergent coding schema. The following procedure was used to establish a consistent unit of analysis among coders.

Step 1: The two coders (coder A and coder B) code the same documents independently. Coding would consist of marking up the text into units and labeling each unit with a code. Step2: If both coders agree on the interpretation of the text in each unit as well as their assigned code, then it was marked as “Hit”. If both coders have agreement on the interpretation of the text in the unit, but had assigned different codes to the same piece of text, then it was marked as “Miss-code”. If both coders do not have agreement on the interpretation of the text in the unit as well as code assigned, then it was coded as a “Miss”. Step 3: The number of hits, miss-codes, and misses were counted and tallied. Step 4: The codes corresponding to the hits were added to the coding scheme. For codes marked as misses and miss-codes, the coders discussed and came to an agreement on the interpretation of the unit and its code. After the coders reached an agreement, coding rules were created and the agreed code was added to the coding scheme. Coders assessed their inter-coder reliability after

completing the coding process on a selected set of three documents. The documents were selected randomly in order to reduce any bias in the selection. Two kinds of inter-coder reliability statistics were measured.109 The first measure is inter-coding reliability measure based on hits (IR (hits)) and second is inter-coding reliability based on hits and miss-codes (IR (hits+miss-code)). Formulas for above two measures are given below. Both measures reflect the percentage of agreement among coders and can be used as a reliability measure (Neuendorf 2002). Three iterations of inter-coder reliability was performed, therefore, in total, nine random documents were used. The iterations were performed until a satisfactory measure of 77% for IR (hits) and 81% for IR (hits+miss-code) was reached. Although the coding scheme emerged through the inter-coder reliability process initially guided the study, other

109 The methodology and coding used in this study is abbreviated for this paper but is described in greater detail, including inter-rater reliability measures, in the following paper: Mitra, Prasenjit, Sandeep Purao, John W. Bagby, Karthikeyan Umapathy, and Sharoda Paul, An Empirical Analysis of Development Processes for Anticipatory Standards, NET Institute Working Paper #05-18, accessible at either: http://www.netinst.org/Mitra.pdf or http://ssrn.com/abstract=850524.

24

Standards Lock & Hold

codes are allowed and expected to emerge throughout the study.

Number of hits Inter-coding reliability measure based on hits (IR(hits)) =

No. of hit + No. of miss-code+ No. of miss

No. of hits +No. of miss-code Inter-coding reliability

measure based on hits and miss-codes (IR (hits+miss-code) ) =

No. of hit + No. of miss-code+ No. of miss

Examples of codes discovered In this work-in-progress, so far we have analyzed

first 60 documents in chronological order of the meeting records of the SOAP version 1.2 standards. A total of 92 of codes emerged from the analysis of these documents. Examples of codes that emerged from the analysis include:

Big-fish Small-fish Interaction. This concept indicates interaction occuring between participants from a larger market value company and a smaller market value company. These interactions usually involve participants proposing design, asking questions, clarifying answers, rejecting design, and general discussions. Action items. This concept refers to an assigned design task to the participants of the standardization process. Providing design alternative. This concept indicates that a participant is providing a design alternative to an open issue with respect to the standard. Suggesting design alternative. This concept indicates that the participant is suggesting an alternative design to the previously proposed design. Rejecting design alternative. This concept indicates that the participant rejected the proposed design alternative to an open issue.

Data analysis Codes that emerged from the content analysis of

the SOAP standards meeting records were mapped against the design, sense-making, negotiation, design & sense-making, design & negotiation, sense-making & negotiation and design, sense-making & negotiation constructs of the DSN model explained in section 4. Each researcher as well as the coders individually performed this mapping, assigning each codes to one or more of the D, S or N meta-categories. and assigned one of those constructs. A simple model of was used to resolve these mappings i.e. if more than half the researchers agreed on a mapping, that mapping was

retained. The large number of researchers (five) allowed us to operationalize this principle effectrively. Table 1 shows examples of these mappings, which did not preclude mapping a code to more than one of the D, S or N construct. .If multiple mappings were suggested, the dominant construct was also recorded.

Code DSN model construct (dominant)

Action Items: Responsibility Chair

Design & Negotiation.

Agreement Negotiation Expressing confusion: Big Fish

Sense-making

Issue Resolution Design Issue Overlap information Design & Sense-making Interaction between Big Fish and Small Fish

Sense-making & Negotiation

Tab. 1: Mapping Codes to the D, S or N Categories

Using Atlas.ti™ software report features, each

coded document coded units and respective assigned codes were extracted. Programs were written to perform data mining to extract information such as document date, starting and ending lines numbers of each marked unit, code assigned to the each marked unit and the assigned DSN construct.

Discussion of Results The results from the content analysis were mapped

to D, S, and N elements of the DSN framework. The first set of analyses focuses on the frequency of Design (D), Sense-making (S) and Negotiation (N) over the meetings. Figure 6 below shows the total number of D, S, and N codes that occurred at each meeting, with the meetings plotted in chronological order along the x-axis. In this graph, each code was recognized as being mapped to only one of the D, S or N constructs i.e. the dominant construct.

Fig.6. Occurrences of D, S and N in each meeting

25

Standards Lock & Hold

The figure shows three significant spikes, which indicate the intensity of design activities occurring in three meetings. It also shows the significant number of design activities (in light grey or in red in color) and negotiation (in dark grey or in yellow in color) that overshadow the trivial number of occurrences marked as sensemaking (in black or in blue in color). For example, for meeting 9 (the first spike), there were 92 occurrences of design, 111 occurrences of negotiation, and only 10 occurrences of sense-making. Only some of the early meetings, where significant groundwork was being laid out for the working group to begin functioning, and meeting 17 were aberrations to this general pattern. The data, thus, supports the conjecture that design is a substantial component of the standards development process for anticipatory ICT standards. The small number of occurrences for sense-making may be interpreted in at least two different ways. First, it is possible that the intricacy of designs that participants face in these meetings requires them to engage in sense-making outside the meetings. The complexity of technology specifications makes this interpretation a possibility. If this interpretation is accepted, sense-making may be seen as an activity that requires much deliberation, which would therefore require that it take place outside the meetings. Another interpretation is possible as well. If, it is expected that participants either bring to the meeting and articulate the results of this sense-making exercise,; then a different interpretation emerges. This, second, interpretation suggests that participants engage in the standards development process with a relatively stable stance about their role during the process i.e. they engage in the standards development process in a manner that does not lead to changes in their preconceived positions. Their stance or role is not affected by the complex design decisions and negotiation processes. This is clearly a more tenuous, yet probably more contentious interpretation. It is possible, however, to tie this interpretation to the notion of organizational inertia, which in turn, may be caused by the significant investments in technology designs that participants in the standards development process may make before they engage in the standardization process.

This analysis was extended by conceding that some of the codes may be mapped against multiple categories. For example, the code Interaction among big fish and small fish may be mapped to both S and N. Others may be mapped against two or even all three of the categories. Each code was, then, potentially open to mapping against multiple categories (instead of only the dominant one in the previous figure). The frequency of D, S and N by including such multiple mapping was clearly higher than the previous figure. Figure 7 below shows these frequencies.

Fig.7. Occurrences of D, S, N allowing for multiple

mappings

This figure is similar to the previous one except that it shows a greater number of occurrences of D, S and N codes. The relative number of codes still appears to be the same. Here also, we see a trend that design and negotiation codes are considerably more than sense-making codes. An interesting observation here is the sudden sharp increase in codes related to all three DSN components in meeting on 27th Nov, 2001. The reason for this was traced via looking at other W3C documents and was discovered to be the fact that this meeting took place just before the submission of the working draft. Since the participants were working to meet a deadline, there seems to have been a significant amount of activity at this meeting. Another possible interpretation that follows from both figures 6 and 7 is the significant overlap between activities in the categories D and N. While this can be investigated at the micro level as well to understand it further, the frequencies indicate a significant overlap between these two categories.

To further understand whether this overlap exists, the data was further analyzed to view codes, which were mapped either to category D or to category N or both. Figure 8 below shows the number of design codes, negotiation codes and codes assigned to both design and negotiation at each meeting.

Fig.8: Overlap between categories D and N

Figure 8 shows that design and negotiation were

often close in terms of the number of activities. The

26

Standards Lock & Hold

design activities did show non-trivial overlap with the negotiation activities, that is, the D and N elements were often assigned simultaneously to a text segment. While this overlap does not extend to a all text fragments marked as N, the fraction marked as both is sufficiently strong to suggest one possible interpretation. This interpretation suggests that participants may be using Design as one form of Negotiation, for example, by suggesting design alternatives or rejecting design changes suggested by others. This use of Design as Negotiation requires a greater understanding of the intricacies of the design suggestions and their relationship to the innovation and marketing trajectories followed by the participants.

Another important analysis of the data was in terms of players who participated in the process. The design contributions in the meetings came from four major sources – participating large companies like IBM, Sun, Microsoft etc; participating small companies like Systinet, Iona, Sonic etc; W3C representatives who were involved with development of the SOAP v1.2 standard and the Chair of the working group. These were mapped to understand their relative strengths as shown in figure 9below.

Fig.9: Design contributions by participants

The figure shows the percentage contributions

(design suggestions made) by these four major sources. The largest number of design contributions were made by large companies, in our terminology, the so-called ‘Big Fish.’ As many as 2/3rd of the total design contributions came from this group. To understand whether these contributions represented design decisions being made at the meeting or prior to the meeting, the codes were analyzed. Specifically, a distinction was made between “providing designs,” and “suggesting designs” with the former indicating designs completed by participants prior to the meeting and brought to the meeting and the latter being design contributions in the meeting. Further, of these contributions, more than half reflected design efforts that these companies had already completed prior to reaching the meeting. The results were similar for rejection of suggested design items. Big players rejected designs brought to the table six times more

often than did small players. The numbers are small, 18 and 3 respectively, for rejection of design items by big and small players.

To further analyze whether a significant amount of design was taking place outside of the W3C meetings, the ‘action items’ at each meeting were compared to ‘designs suggested/provided’ in the following meeting. The ‘action items’ were often design-related tasks to be completed by a participant and brought to the table by the next meeting. This led to participants suggesting or providing design solutions at the next meeting. We took the ‘action items’ code to, therefore, be a quantitative measure of the design happening ‘within’ meetings, and the codes ‘suggesting design’ and ‘providing design’ to be a quantitative measure of design happening outside of meetings. We then compared the number of action items at a meeting with the number of designs suggested/provided at the next meeting and the results suggested that participants often brought designs meetings that were beyond what they were assigned. This could mean that a significant amount of design was taking place outside of meetings.

Fig.10: Inferring design occurrences outside

meetings

Other observations from the data Some other observations from the data were as

follows. As to the cycles of DSN, as suggested by (Fomin et al., 2003), our data shows that the standardization process most often proceeds in cycles of D, S and N. As to the interaction among participants, in order to analyze the comparative roles played by big and small companies involved in the process, we assigned codes to discussions only among big players, only among small players and among big and small players. See Table 2 for a tally of these occurrences.

Tab.2: Occurrences by size of SDO “player” Code Number of

occurrences Interaction between big fishes 56

Interaction between small fishes 14 Interaction between big fish and small fish

20

27

Standards Lock & Hold

This data suggests that a significant amount of the discussion was dominated by exchanges between big players. This raises the question whether small players have as much say in the process and the decisions as do big players.

As to the agreement and disagreement, we assigned the code ‘agreement’ to sections of text where participants agreed on design or process issues and the code ‘disagreement’ to sections of text where objections were raised against proposals being discussed. The 202 instances of agreement as opposed to the 34 instances of disagreement suggests that most decisions found the support of the majority of players. As to the expression of a particular participant’s interests, we noted instances of participant’s expressing a specific interest in the development of the standard – such as their personal opinions or their expectations of design or process outcomes. These often reflected personal motivations of the players and the organizations that they represented. Again, the motivation was to examine how far the process was dominated by interests of big players, and we found that there were 28 instances of big players expressing their personal interests as opposed to 1 instance of a small player expressing his personal interests. It was also interesting that there were no instances of W3C committee members expressing their interests. Finally as to the strategic decision to engage in procrastination, we coded instances of participants delaying the discussion of issues or delaying taking action on issues discussed as ‘procrastination’ and found 37 instances of these. This suggests that perhaps procrastination is used by participants as a negotiation strategy.

Concluding Observations The pervasiveness of standards as rules imposed by

a controlling authority governing particular activities, relationships and resolution of disputes may among the least understood phenomena of political economy today. Standards have moved well beyond mere accepted reference points for conformity assessment to the point where they now attain status as “mandatory requirements employed and enforced to prescribe a disciplined uniform approach” to most economic, technical, educational and professional activities. SDA is becoming so pervasive that it is fast displacing traditional policymaking from regulation, legislation and litigation. The due process safeguards in most SDA are simply inadequate when compared with the traditional policy balancing inherent in checks and balances of government institutions used in successful democratic societies.

Exacerbating the widespread ignorance of this growing importance of SDA is a near dearth of education on SDA. While many professions embrace

some of the particular standards of their specialized domains, there is an alarming lack of SDA content in most primary, secondary and higher education curricula. Even in engineering, political science, law and economics where standards problems have become significant in recent years, there are few modules on SDA and even fewer courses on standardization. Indeed, a solid standardization curricula would require some substantial grounding in intellectual property, antitrust, due process, regulatory process and rulemaking, industrial organization and at least some experience in one or more application domain(s). Standards education is an interdisciplinary study with increasing public policy impact.

Research is needed in the standards governing particular domains as well as in the various cross-cutting disciplines that compose standardization activities so that comparative research can be conducted and shows promise to reveal constructive refinements to SDA generally. There are considerable challenges in making more visible the policy issues that too often masquerade as technical issues allegedly beyond the reach of various societal checks and balances. Such research should focus on SDA from various perspectives. Standards research is inherently interdisciplinary drawing from public policy analysis, micro-economics, strategy, innovation process and the relevant technical domain(s). Policy analysis should be conducted on various extant security standards: conceptual and decision constraint analysis would enable comparison of similarities, conflicts and omissions. Content analysis of SDA at various SDOs sponsoring the frameworks listed above would reveal how due process safeguards are working and to what extent SDOs are captured by particular constituents and the real impact of openness to provide opportunities for interested parties with wherewithal to exert meaningful influence on the outcomes. Of course, there are constituents in SDA whose interests are currently quite well served by extant SDA procedures. This is precisely the reason that more study is needed. Standardization has been too long ignored by law, political science and economics. These are the disciplines that have contributed so greatly to the more traditional political economy understanding of government processes. Increasingly, however, some components of standardization processes are intriguing as they increasingly focus on antitrust, intellectual property, coordination, collusion & compatibility.

This paper considers some of the uncertainties in IP rights and antitrust and intensively examines SDA in the ICT field to provide evidence of standardization behaviors. While there are many important developing research questions in standardization, the following list could be of some interest to many scholkars and policy makers:

28

Standards Lock & Hold

• Should SDO participants negotiate royalty rates as a group?

• Does RAND require identical terms for all product makers seeking to comply with the standard even if they did not participate in the SDA?

• Can RAND terms, once offered, be withdrawn, when and on what basis?

• How should RAND be determined, what algorithm(s) used, should RAND be based on ex ante disclosure.

• How much information disclosure from SDA participants is optimal to achieve standardization while protecting various rights and expectations?

• What ex post adjustments to RAND could maintain fairness?

• Can the patent pooling model be successfully adapted to both RAND negotiations and the potential function of RAND as a safe harbor from antitrust enforcement?

Additional References (not footnoted) Altheide, D (1987). Ethnographic Content

Analysis. Qualitative Sociology, 10: 65-77. ANSI Essential Requirements: Due process

requirements for American National Standards, (January 31, 2005); http://www.itl.nist.gov/biometrics/Requirements0405.doc

Bagby, John W., eCommerce Law, (West Pub. Co. 2003).

Berners-Lee, T, and Bratt, S, WorldWideWeb Consortium: Uniquely Positioned to Lead the Evolution of the World Wide Web. MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) Research Abstracts, 2003. March.

Bradner, S., The Internet Standards Process. Network Working Group, revision 3, 1996.

Bratt, S., Standards Setting and the W3C. Invited talk at Pennsylvania State University School of Information Sciences and Technology, on Wednesday, 13 April 2005, in University Park, PA, USA. http://www.w3.org/2005/Talks/0413-sb-w3cpsu/.

David, P. A., and Greenstein, S., The Economics of Compatibility Standards: An Introduction to Recent Research. The Economics of Innovations and New Technology, 1990. 1 (1), p. 3-41.

Economides, N., Network Economics with Application to Finance. Financial Markets, Institutions & Instruments, 1993. 2(5), p. 89-97.

Fomin, V., Keil, T., and Lyytinen, K., Theorizing about Standardization: Integrating Fragments of Process Theory in Light of Telecommunication Standardization Wars. Sprouts: Working Papers on

Information Environments Systems and Organizations, 2003. 3(winter).

Hofstede, A.H.M., Orlowska, M. and Rajapaske, J., Verification problems in conceptual workflow specification. Data and knowledge engineering, 1998. 24(3): p. 239-256.

HR1086, Standards Development Organization Advancement Act of 2003. The Senate and House of Representatives of the United States of America, 2003.

Kretschmer, T., Muehlfield, K., Co-opetition in Standard-Setting: The Case of the Compact Disc. NET Institute Working Paper No. 04-14, 2004.

Krippendorff, K., Content Analysis: An Introduction to Its Methodology. 2nd ed. Thousand Oaks, CA: Sage, 2004.

Lemley, M.A., Standardizing Government Standard-Setting Policy for Electronic Commerce. Berkeley Technology Law Journal, 1999. 14.

Lowell, S.C., The Yin and Yang of Standards Development. Standards Engineering Society World Standards Day Paper Competition, 1999. First place.

Lyytinen, K., and Rose, G.M., The Disruptive Nature of Information Technology Innovations: The Case of Internet Computing in Systems Development Organizations. MIS Quarterly, 2003. 27(4), p.557-595.

Mowery, D.C., and Simcoe, T., Public and Private Participation in the Development and Governance of the Internet. The Limits of Market Organization, Nelson, R.R (ed.), 2005, Russell Sage.

National Technology Transfer and Advancement Act of 1996, Pub. Law 104-113, 110 Stat. 775.

Neuendorf, K.A., The Content Analysis Guidebook. Thousand Oaks, CA: Sage, 2002.

Reagle, J., Why the Internet is Good. Berkman Center for Internet and Society, Harvard Law School, 1998.

Sadiq, W. and M. Orlowska. Applying graph techniques for identifying structural conflics in process models. in Proceedings of the 11th international conference on advanced information systems engineering (CAiSE '99). 1999. Heidelberg, Germany.

SOAP-Part0, SOAP Version 1.2 Part 0: Primer. 2003. http://www.w3.org/TR/soap12-part0/

SOAP-Part1, SOAP Version 1.2 Part 1: Messaging Framework. 2003. http://www.w3.org/TR/soap12-part1/.

Standards Development Organization Advancement Act of 2004, Pub. Law No: 108-237, 118 Stat. 661, (H.R. 1086).

Stemler, S (2001). An overview of content analysis. Practical Assessment, Research & Evaluation, 7(17)

Virili, F. Design, Sense-making and Negotiation Activities in the “Web Services” Standardization Process. MIS Quarterly Special Issue on Standard Making: A Critical Research Frontier for Information Systems, Seattle, December 12-14, 2003.

29

Standards Lock & Hold

W3C-Process, World Wide Web Consortium Process Document. 2004. http://www.w3.org/2004/02/Process-20040205/.

Weick, K. E., Sensemaking in organizations. Sage Publications, Newbury Park, CA, 1995.

Weiss, M.B.H., The standards development process: a view from political theory. StandardView, 1993. 1(2): p. 35-41.

Weiss, M., and Cargill, C., Consortia in the standards development process. Journal of the American Society for Information Science, 1999. 43 (8), p. 559 - 565.

West, J., The Role of Standards in the Creation and Use of Information Systems. MISQ Special Issue Workshop: Standard Making: A Critical Research Frontier for Information Systems, 2003. p. 314 - 326.

WS-Arch, Web Services Architecture. 2004. http://www.w3.org/TR/ws-arch/

WS-CDL, Web Services Choreography Description Language. 2005. http://www.w3.org/TR/ws-cdl-10/

WSDL, Web Services Description Language. 2005. http://www.w3.org/TR/wsdl

WS-Scenarios, Web Services Architecture Usage Scenarios. 2004. http://www.w3.org/TR/ws-desc-usecases/

'The Semantic Web lifts off' by Tim Berners-Lee and Eric Miller, W3C. ERCIM News No. 51, October, 2002

30