Tech spec experts seek allies to tear down ISO standards paywall Many of the almost 24,000 technical standards maintained by the International Standards Organization (ISO) are subject to copyright restrictions and are not freely available. Two weeks ago, Jon Sneyers, senior image researcher at Cloudinary and co-chair of the JPEG XL (ISO/IEC 18181) adhoc group, invited fellow technical …
ISO's budget comes mostly from the subscriptions paid by the national standards bodies and from the sale of standards so, at least in principal, if you're going to reduce the income from one source you'd have to increase the national subscriptions.
However, it's probably not unreasonable to question exactly what ISO is doing with its funding. Most of the work is done by committees of "experts" (who usually come from companies with an interest in the outcome, which is not always advantageous) so the exact nature of the ISO added value is not entirely clear.
People close to the standards process are often developing products as the standard is being written and are using drafts from committee members to guide the development so there is arguably a greater obstacle to potential future competitors: not only were they not involved in influencing the standard, but they also have to pay for the privilege of reading it.
However, since ISO has 165 national members, it's inevitably going to be heavy on bureaucracy and changing anything about it is likely to be difficult.
Of course, there are other standards-like bodies (eg the IETF) but there are too many laws and contracts that require conformance with ISO standards (or their national equivalents) for it simply to melt away.
This is a 30-year old battle to my personal knowledge, and it applies equally to ITU-T. And to IEEE standards, by the way.
As others have said, it's about money, and about not being able to fire the admin staff involved at will. Switching off these paywalls would have immediate effects on quite a lot of people that they feed and clothe.
IETF standards are free to download, on principle, but they aren't free to create. Remember the silly fuss about selling off the .org registry for a gigabuck? The main beneficiary from that would have been those free IETF standards. The people who objected to that transaction were not prepared to listen to that inconvenient fact.
... immediate effects on quite a lot of people that they feed and clothe.
Makes me wonder just how much feeding and clothing we're talking about here.
It would not be the first time we see an internationally financed body with far too many posts that have, through years of laissez-faire from those who they are supposed to work for, managed to secure succulent perks for themselves.
As a direct consequence, these naturally morphed from feeding and clothing into wining and dining, which have to be paid for.
And who checks on that aspect of the Central Secretariat* ?
O.
* Never mind, the name says it all ...
Not quite.
As has been pointed out, most of the standardisation work is done by experts who are paid by their organisation (often from a standards lobbying budget) but are not paid by ISO. The same applies, incidentally, for the sister organisations IEC and ITU as well as the ISO/IEC JTC1 where a lot of the IT-related standards have their home (AI is subcommittee 42 ... someone read their Hitchhiker's Guide, apparently, but I digress.)
The budgets of ISO, IEC and ITU are used for administration purposes. A lot of admin work is involved in managing approval processes among the national bodies, creating new committees, managing workspaces etc. I am sure there is waste, just like in any bureaucratic organisation, but the comparison with Nominet is rather unfair.
The argument for making standards freely available is solid. This means that ISO, IEC and ITU budgets will need to be funded solely by national body contributions, which in turn means that national bodies need to raise additional income (often this is a government grant). Maybe it is indeed time to do just that.
It is very difficult to teach about ISO standards when the students can't access them.
Ian Graham / Senior Lecturer / University of Edinburgh
A case of ale for this chap ---- > 8^D
---
The ISO did not immediately respond to a request for comment.
Of course they didn't.
What could the ISO Central Secretariat possibly say on their behalf?
They should all be fired and replaced with people who know what to do and how to do it.
O.
Many consumers don't care, at least for organizational purchases. Someone in the C-suite reads an article about, say, ISO 27001, and sends out a memo: "Our vendors should comply with ISO 27001!". Then it becomes a checkbox when someone needs to complete a purchasing request or RFP.
They may well never have seen the 27001 specification, or even know anything about it. That's irrelevant.
... gold, silver and bronze support from intersted companies ...
The companies that help to create the standards are generally the companies that stand to profit from products that rely on those standards. Having an inside track gives them an opportunity to shape the standards, and so is certainly an advantage. Asking those companies to support the standards body/ies and the standards process seems only fair.
For everyone else, there should be no more than a nominal charge for a download or a charge to cover the cost of printing for a hard copy.
Even a very low fee would be an obstacle, because it means the text of the standards does not get indexed in search engines, making it a lot harder to find what you're looking for if you don't already know the ISO standard number. It's also a bit of a hassle to have to enter payment details. And if the fee gets reduced by two orders of magnitude, the income ISO and NBs get from it also diminishes by 99% so it's not really going to make a difference to them to just go all the way and just make it free.
In India a high court ruling means that Indian Standards are free - it's known as the 'Disclosure to Promote the Right To Information' clause. It's only meant to be free for educational purposes, but the practical effect is that all standards are free to all. If you know the Indian equivalent to the ISO, then they are also free.
I found it somewhere else but I can't work out if it's supposed to be serious or not.
Its hard to comply with a standard if you can't see it and read it.
I've hit this a number of times over the year "blah, blah, defined by ISO standard xxxxx", spend a bit of time looking for it, hit ISO site, get to the paywall. wonder how much it costs, find out the eye watering numbers, then walk away as it wasn't *that* important.
is this drive for free access to standards also present in other areas of industry?
eg in food industry example BS ISO 3103:2019
Tea. Preparation of liquor for use in sensory tests £67 (discounted price for members)
or ISO/IEC 17025:2017
General requirements for the competence of testing and calibration laboratories.138 Swiss francs
BS Standards used to be cheap, useful and informative. Since then they seem to get 'updated' involving a trivial change but requiring an up-issue, rendering the previous version out-of-date. Or it is broken down into sub-sections, possibly for understandable reasons, but no reduction in price (As if....). They are not cheap.
Then there are BS EN standards..
Then there are BS EN ISO standards......
Perhaps we need another 'standard' standard.... cue obligatory xkcd: https://xkcd.com/927/
The main thing in favour ISO standards is that they appear to be more difficult too change.
If you want the world to use your standards, make them free, or very cheap.
"BS Standards used to be cheap, useful and informative."
Well, I'll go along with you in that certain BSI publications are useful and informative but I disagree with you on the cheap part.
I wanted a copy of BS381C for my modelling hobby. If you take a look at the BSI shop you will be amazed at the prices asked. Yes I know that making a standard colour chart is expensive but to charge £246 for a booklet with 16 pages is taking the mickey.
I have other colour standards for other air forces and they didn't cost a third as much to buy so it can be done although without the authority of an official standard. Which is probably one of the reasons these organisation feel free to charge as much as they do.
Oh, I did in the end buy BS381C, as I needed it for a particular colour reference and very nicely presented it is. But so it should be at that price.
Out of curiosity I tried to access the ISO standard printed on my bicycle trailer. After much searching all I could find related to some published tests done on one trailer. What must my trailer be capable of doing? How strong must it be? No way of knowing.
I must conclude that seeing that products meet a standard that can not be accessed makes the standard meaningless. I am not reassured of safety or efficacy. It just becomes sales fluff to put on a sticker.
To often standards (and technical papers) are behind an extortionate paywall because the owners of the standards (or journals) can do so. The problem is their business model is idiotic and based on selling paper copies. For a comparison, the ferals over here publish the 'Code of Federal Regulations' both in paper (costs money) and online (free at https://ecfr.federalregister.gov.). One can actually print the e-version, get a pdf of the paper version, etc. If an government that is not terribly competent can figure out how to make an e-copies readily accessible the standards owners (and journals) have absolutely no excuse.
On this side of the pond, that's apparently the case: see https://en.wikipedia.org/wiki/National_Electrical_Code
"In the United States, statutory law cannot be copyrighted and is freely accessible and copyable by anyone.[8] When a standards organization develops a new coding model and it is not yet accepted by any jurisdiction as law, it is still the private property of the standards organization and the reader may be restricted from downloading or printing the text for offline viewing. For that privilege, the coding model must still be purchased as either printed media or electronic format (e.g. PDF.) Once the coding model has been accepted as law, it loses copyright protection and may be freely obtained at no cost."
That hasn't stopped Georgia from trying...
https://arstechnica.com/tech-policy/2020/04/supreme-court-rules-georgia-cant-put-the-law-behind-a-paywall/
As to the NEC, it's not a law, it's a standard, developed by a private organization, and the various jurisdictions adopt it in whole or partially. You still have to pay for a copy, and it's revised frequently, so you have to keep paying. I have never found a free or accessible copy of the current version online
The British Standards Institute created the original standard for information management systems, which evolved into the international standard ISO 27001. (I remember commenting on the first drafts.) The BSI used to get most of its income from selling copies of 7799 /27001.
It would be interesting to see their accounts and just how much they rely on sales of standards and subscriptions to function.
I was also a member of a UK ISO panel (supporting the UK expert to BSI and the ISO concerning cryptographic algorithms and protocols). All unpaid work. They seem to treat it like academic publishing - get the authors to work for free, get the reviewers to work for free, then try to make a profit from the sales.
I must admit that I do feel that if you want people to comply with standards, they should be freely available. Many are the 'amateur' DES* implementations in software where there are fewer than 16 rounds of encryption. Oh well, lets hope some sort of pragmatic approach prevails.
*Strictly speaking DES - Data Encryption Standard - is an implementation of the Data Encryption Algorithm (DEA) on a silicon chip.
Part P of the UK wiring regulations, AKA "Approved documents" effectively mandates that all installations have to meet BS 7671. Almost uniquely this BS is not free to download and has to be purchased from the IET at about 100 quid a copy.
In other words the legally mandated UK requirements for any electrical installation are owned/published and maintained by a private organisation (IET) who restrict access to either their members or the public only on paying a lot of money for a frequently changing document.
Don't get me started on the Part P mafia (NICEIC and NAPIT) who act as gatekeepers to the electrical industry.
What was that comment about Regulatory Capture?
Andy
I loathe the way the whole philosophy of the ISO has gone.
The IETF approach is akin to open source - publish everything so it can be peer reviewed and tested. The ISO model is closer to closed-source - keep it private except to those who pay you enough so it's tightly controlled and flaws can be kept on the down-low.
IETF standards are generally minimalist, robust, future-proof and easy to understand. ISO ones are usually over-complicated, poorly thought out, require frequent revision and are difficult to comprehend even after you've paid to read them.
One of my two favourite ISO cluster f..ks is OSI - useless as anything other than a diagram and even that doesn't map very well onto the most common real world systems such as TCP/IP & SS#7.
The other is the self-perpetuating monster ISO9000 et al. Originally supposed to bring the benefits of Far Eastern continuous improvement quality systems to Europe & the US it has had the exact opposite effect. Provided you have documentation that you've followed your 'process' you get - for a fat fee to a B-ark consultant - a certificate that you're compliant. It doesn't matter how good or bad your process is or how inappropriate for your business provided it's documented & followed. The bureaucratic cost of changing your process means improvements are positively discouraged.
Toyota for example gave up on ISO9000 back in 2000. Unfortunately smaller companies in supply chains have to continue to pay for the farce because their idiot downstream customers do and they insist on sharing the blame.
OSI was not meant to be descriptive of other people's work, like TCP/IP, it was meant to be a common network protocol suite that all vendors could use. The Reference Model was simply a way to organize the subcommittees, and got misunderstood to be much more than that. And its errors (the existence of layers 5 and 6 outside of the application layer where the functions ended up in practice) are taken as gospel that you're supposed to accept, because they must have been smarter than you (they weren't).
But in that mess came IS 8648, Internal Organization of the Network Layer, which explains the difference between networks and internetworks, and is really useful educational material. But it's very hard to find, paywalled and downright obscure as a result. That's the kind of thing that gets lost when paywalls go up.
I've some contact with a long defunct company that tried to pin its products to the OSI model, implementing the standards. This is where I learned that they just do not work. No ifs, ands and buts. They do not work. This is why IETF standards took over -- it wasn't just some theoretical wish list from a large scale organization rooted in telephony practice, it was the product of people who had practical problems to solve.
However, like a cancer OSI still lurks in standards bodies, spreading its poison to new standards. It turns up in IEEE standards with its bitwise back to front addresses and OSI type 2 hacks to host Ethernet packets on their protocols (WiFi, for example -- that sequence starting with 0xAA, 0xAA before the Ethertype is pure, and pointless, OSI) or whenever you find the term 'profile' being used to describe end point to end point transfer of specialized data. Its all there because the non-IETF standards bodies are so detached from real life that they're unable to let go of what was once the 'one true networking'.
Same here, except I learned that ISO so-called standards are not free to access from a previous Reg article a little while ago. I'm still finding it pretty gobsmacking though. As many have commented, how are people supposed to understand "standards" if they can;t get reasonable access to them? How are small companies and start-ups supposed to compete if they have this paywall hurdle to get over?
It used to be the case that some national standards bodies published standards "aligned with", and essentially identical to, various ISO standards, for much less money. Other posters have mentioned that BSI used to do this in the UK. In the US, for another example, you could by the ANSI 1990 C standard for (IIRC) $18, which was much cheaper than ISO 9899:1990 at the time (about an order of magnitude more expensive, I think), but they had the same content.1
So in many places, many of the more-popular ISO standards were ignored because you'd just refer to the corresponding national standard instead. Even things like section numbers were the same, so you could cite the ISO standard without actually consulting it.
Alas, that is no longer the case, at least as far as ANSI is concerned. I get the impression it's not true of BSI either.
1Of course, the C90 standard was a special case, because of the existence of Schildt's book The Annotated ANSI C Standard, which reproduced the entire standard and cost less at the time than the actual standard did from ANSI. The predominant opinion on comp.std.c was that the price difference reflected the value of Schildt's annotations, but you were free to ignore those.
For many of the reasons outlined above, ETSI (the European Telecommunications Standards Institute), quite some time ago decided no longer to charge for ETSI standards. Since the participants had already, in effect, paid their people to generate the standards, why should anyone have to pay again? Much the same applies to 3GPP, which goes way beyond 3G, and to whom ETSI in effect donated the GSM standards as a get-you-started. The cost of standards themselves simply becomes an overhead on development, whose cost is ultimately paid for by customers, whether network operators or retail (and business) end users.
Not only that, but ultimately high cost items—standards, patent fees—fail in the market place.
I love the free ITU-R, ITU-T and ETSI standards. It's pretty f-ing rude for ISO to start pressuring ITU-T to stop releasing standards. IEEE standards are not too bad as they are mostly self-contained. The "choose your own adventure" journey through ISO and IEC standards is bonkers.
The New Zealand government made a good step in this area. Many (maybe most) NZ Standards that are required by legislation are available for free.
https://www.standards.govt.nz/get-standards/sponsored-standards/building-related-standards/
<blockquote>"The Ministry of Business Innovation and Employment (Building System Performance) has funded the following building standards, used for Building Code compliance, for free download. This initiative fits within Standards New Zealand’s strategy of working with regulators and industry to get more standards pre-funded, as well as enabling better access to standards that make a difference to the wellbeing of New Zealanders. This, in turn, helps grow New Zealand for all." </blockquote>
It helps that Standards New Zealand is a part of MBIE. https://www.standards.govt.nz/about/
Standards Australia is an independent organisation and so we get to pay stupid amounts of money to figure out how we should build pool fences etc. Queensland has duplicated some of the standards which is good.
Almost every previous poster has made the same point: if you can't see it, it's pointless.
In my naivety, forty years ago, I assumed that the idea of a standard was to permit interoperability while maintaining safety standards; thus, the way to get a standard used was to publish it and let people freely access it. In my old age I realise of course the purpose of a standard is to make the publisher of the standard - not the authors or reviewers of it - rich.
World-wide society has developed a fetish of data hiding.
"
The other is the self-perpetuating monster ISO9000 et al. Originally supposed to bring the benefits of Far Eastern continuous improvement quality systems to Europe & the US it has had the exact opposite effect. Provided you have documentation that you've followed your 'process' you get - for a fat fee to a B-ark consultant - a certificate that you're compliant. It doesn't matter how good or bad your process is or how inappropriate for your business provided it's documented & followed. The bureaucratic cost of changing your process means improvements are positively discouraged.
"
I was a developer at a company that decided that ISO 9000 certification was worthwhile.
My take, at the end of the process (during which we were successfully certified) was that as long a the SNAFU's were documented, you would be certified.
Not that there was any need to do anything about said SNAFU's ...
And, as for the certifying consultants - academics all - the less said the better !
The ISO bodies that write the standards often publish their working papers on the web for all to see, but aren't allowed to publish the standard once approved without ISO taking its 0.454kg of flesh.
However, the final committee draft, if you can nail down a copy, is often so close to the published standard as makes no odds.
Cheers, guys!
I hate hate hate hate hate hate hate hate hate hate hate <three pages removed> hate hate hate hate hate hate hate hate hate standards bodies. The current method of accessing standards (read: as expensive as possible, as inconvenient as conceivable) makes my and other people's work just too fucking complicated.
Scattered here and there are errors that, in some standards, are actively harmful. Temperature checks in the name of infection prevention rely on two standards, both of which have holes you could drive a truck though, with the consequence that possibly not a single product for non contact human thermometry works. The standards were implemented before either thermal imaging or those forehead scanners were figured out and now no one has bothered to stop selling and "figure it out", because they just have to say "we certify to 80601-2-59/56 and that's how you know it works". Because of this, there are two small manufacturers who did figure it out, but they're soon to be gone, because who can compete if the standards are flat out wrong.
We recently had a team working for us, a real expert on infrared systems - the sort that worked on things he could possibly not confirm or deny he had worked on before. I had these guys do an evaluation of the uncertainty in measurement taken by (expensive) infrared cameras widely used, in line with how we use them in the field.
The uncertainty budget was about +- 30 degrees C with 95% confidence. On measurements that rarely indicate anything outside of 30 to 60 degrees C.
It does not take a genius to realise that this means the process used for "safety assessment" is completely useless. It is, at best, a fig leaf, and at worst, puts people in the line of danger.
Still, we've bought the cameras at significant expense, and it makes some managers happy that they are being used for "safety checks" before commencing work. Suffice to say I'm NOT one of the happy managers.
Ignorance is bliss it seems.
Had experience of that when trying to do some code work based on ISO standards (some image processing as inbuilt image processing in C# (requirement for the project) was dismal & range of supported file types was a joke). The fees asked or all required specs were ludicrous, so we integrated some third party image processing software rather than looking at creating our own
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
