Workshop on Decision Making in Internet Standards
25 April 2017
I attended the workshop on Decision-making in Standard Developing Organisations (SDOs) for the Internet, held on 25 April 2017 in Brussels. This was organised by Alison Harcourt (University of Exeter), Seamus Simpson (University of Salford), and George Christou (University of Warwick), with funding from the UK Economic and Social Research Council. The aim of the workshop was to explore decision-making as a process, and to focus on the different approaches and actors in the different SDOs, rather than on the technical details, to understand the process by which Internet standards are developed.
The workshop started with introductory talks from Jari Arkko (former IETF chair) and Rigo Wenning (W3C legal council). These introduced and reviewed the way in which the standards process works in the IETF and W3C, and outlined the intended internal decision-making processes in those organisations. The goal here was to provide background and context for the later discussions. The speakers highlighted the role of consensus in the standards process, and there was some interesting discussion about the community needed to ensure valid consensus: how should we form and grow the standards community? How should we ensure diversity? And how do we avoid "filter bubble" effects and insularity in the community? Effective standards making requires an informed and diverse community, yet the SDOs don't have processes in place to ensure this.
Following the morning break, we split into smaller-group breakout sessions. I attended the session on the role of the state in SDO decision making. This started with short presentations from Simon Hicks (UK Dept. for Culture, Media, and Sport), Ajit Jillavenkatesa (NIST), and Thomas Reibe (European Commission), outlining their view of the role of how governments relate to, and use, standards. This was followed by some discussion.
Governments clearly have a role to play in the standards process, whether through organisation of national standards bodies (e.g., NIST in the US, BSI in the UK, and the ISO process), or through participation in other SDOs. It was noted that standards are one area where governments can influence for the public good in terms of consumer protection and to liberalisation, competition, and a level playing field for all. The difficulties that governments have in participating in the more informal, consensus driven, SDOs were mentioned - it seems the nature of government decision making and procedures is better suited to interact with SDOs via more formalised channels, than via the very informal, fast moving, discussion process adopted by many Internet SDOs. The speed of change in Internet-related standards is becoming an issue of governments to participate, and a challenge is ensuring such SDOs can effectively get input from governments, and other organisations with similar nature, while not losing the benefits of their more agile processes. These cultural differences are difficult to bridge, yet doing so is essential to ensure all stakeholders are represented: the Internet community will benefit from effective dialogue with governments as much as the governments will. The arguments from the old tussle in cyberspace paper are clearly still applicable.
After lunch, I took part in the breakout on Security and Privacy, with reviews of IETF activities by Stephen Farrell (former IETF security area director), Alexey Melnikov (IETF applications and real-time area director), Walter van Holst (Vrijschrift), and Mike O'Neill (W3C tracking protection working group). Discussion focussed on how civil society can be included in the standards process: standards have a significant impact on day-to-day life, often in more significant and immediate ways than much government legislation, yet there are few clear paths for citizens and civil society groups to influence those standards. The path by which a concerned party can lobby government is understood, but there is no such clear path to express concerns to SDOs about their work. Many SDOs are aggressively open and transparent, but in a way that's opaque to all except their intended participants. Civil rights groups understand how to interact with government, but there is an ongoing learning process for how they can interact with Internet SDOs. The IRTF Human Rights Protocol Considerations Research Group is likely one success in this space, that has been well received in the IETF community, but much more is needed.
Overall, the workshop raised some interesting questions for those involved in Internet SDOs, governments, and civil society groups. It will be interesting to see how we can broaden the community and get wider input into the standards process, to address coming concerns, without losing what made those SDOs so effective to date.