As you know, this blog does not like the over-deification of standards that many encourage. So when Mitchell asks:
The goal of is the discussion is to think about whether we can improve the setting. It's because this is so important that I want to focus on it.For example, can we encourage more openness and transparency in the creation of web standards? We've proved that openness and transparency work well for code: they encourage discussions to focus on technical merit; they allow everyone who is interested to understand the details; they encourage participation. Why not do this with the creation of web standards?
you can expect some less than positive responses. Still, much as we don't like it, it's a fair question, because whichever way you look at it, Mozo is stuck in the standards game.
Why is Standards so hard? We are up against many things here, but one view is that it is a battle of the worst of the small against the worst of the large.
Firstly, the small. Human nature is to operate in closed groups. Even in so-called open groups, most work gets done in private, and people are adept at creating motives, processes, and excuses to push things more to the closed end of the scale.
For example, many Internet security projects claim to run an open security process, but operate a closed process. They do this by various tricks: invite-only policy, closed archives, hidden names, no communications. In practice such a process reduces to a closed group, and the result of such dissonance is stagnation and mistrust, often needlessly because the people working in these groups are trying their damnest to get the job done.
What are the human processes here? People all want to be with the winning side, and for the last 10 years, "open" is the winning side. So the "open" is essential, and security groups are not immune to that.
But, when push comes to shove, being open is such a complete change for the psyche that most people can't deal with it. One minor example: how does the security director can say "I don't know" on a public list when breaches are in the air and the press is looking for blood? It's hard enough to be uncertain before your own team, not to mention that it is hard to sort things out when too many people are able to speak at once.
The business of security has more than its fair share and historical wisdom, excuses and complexities, so, human nature being what it is, we end up with a facade of openness, and real work gets done in closed session. Even in the open groups...
In between the large and the small is the economics. These might be considered to the rules of warfare in Standards. The top three influences in Standards Setting are economics, economics and economics. In that order.
Luckily, the economics is well known! By agreeing to a common standard, we achieve a benefit in common. We each individually face a higher cost. However, some of us don't have to pay the individual higher cost, and may still win from the others, because the benefit is in common.
If this sounds familiar, it is because it is a widely studied thing called The Prisoner's Dilemma.
What's the big thing about the Prisoner's Dilemma? Cheating: everyone has the incentive to cheat, but hold the other guys to honesty. If I cheat, and you all do the right thing, I win. Unfortunately if we all cheat, we all lose, which is why it is called a dilemma.
Now we get to the large: if we then add competitive pressures to this mix, we have an explosive combination that is called "cartels" in economic terms (c.f., Gary Hamel and C. K. Prahalad, who studied the economics of standards, joint ventures and industry associations). Harken back to the old Netscape days, and consider how Microsoft and others fought over the "web standard". Blackbird, W3C etc. As there's real money involved here, the end result is that people take cheating seriously, and deception is the rule, not the exception.
In such a circumstance, the Standards Business is best modelled as a battle between large corporations under Prisoner's Dilemma economics. (Other things might sound nicer, but remember that deception is the rule...) If you want to get anywhere in that battlefield, the only way is to break the economics of the Prisoner's Dilemma, and that means ... to change the reward structure. But because the Standards group is supposed to be unpaid, it has to be done with non-monetary payoffs.
Which leaves one thing: reputation.
To put the other guy's reputation on the line, you have to show that he is breaking the rules. Which means: we need rules, tough ones, and the fiercer rules the better. Here's some ideas:
For yourself,
Knowing all this doesn't mean we can avoid the Prisoner's Dilemma, as some dilemmas can't be saved. But it does put you in a better position to realise when the process is stalled through deadlock, and to spot who is really unable to contribute because deception is the only way they know. As it is an economic process, withdrawal is the ultimate defence, as your time is better spent elsewhere.
Posted by iang at January 20, 2008 01:10 PM | TrackBackYou are asking how committees can be made to work - how committees can design complex systems. It is the wrong question. Committees cannot handle anything complex. The most a committee can do is fire the guy who made the wrong decision and try to find a better replacement.
Posted by: James A. Donald at January 21, 2008 01:55 AMGood point; indeed someone mentioned they were going to standardise security UIs .... so we have another experiment coming that will tell us if standards committees can do design work. Check back in half a decade.
Posted by: Iang at January 21, 2008 07:52 AM