Hacker News new | past | comments | ask | show | jobs | submit login
ISO should make all standards Publicly Available (docs.google.com)
565 points by yegle 70 days ago | hide | past | favorite | 172 comments



What bugs me is so much of our (Australia's) government's policies over time have increasingly deferred to some ISO standard or another. These days most agencies / departments are stipulating some form of ISO27k compliance from vendors, a standard that can only be purchased from ISO.

Given we pay our taxes to the government, and I would have thought defining policy standards was one of the services we pay tax to have (what better thing for governments to do than what they're naturally geared towards - bureaucracy?), at the very least they would be able to directly and in detail outline the standards they expect and not simply handball the entire definition and auditing off to an international organisation and myriad consultancies with the stroke of a single bullet point requirement in the RFx.

The quagmire of ISO consultancies are often charging exorbitant rates to deliver essentially a set of Excel templates, when the hard work of adopting a standard really is all in-house and any company with a copy of the standards and the templates can pretty much get it all done internally then get certified.

And ultimately when it comes down to it, the standard doesn't really do much to improve quality outcomes, especially for an organisation that doesn't give a fig. A well intentioned company that's on the ball will already be following best practices, a shady company that plays cowboy will do the bare minimum to get the badge.

Anyway, just an axe I tend to grind. Standards definitely are needed and have their place but holy hell is it a mess ATM. There needs to be an independent open source standards body, ISO is a farce IMHO - the standards as they are written are actually decent but their business model and hands-off approach to auditing and verifying standard adherence is a big issue across multiple sectors I think.


I want to give a shout-out to the Indian government and whichever activists and legislators were responsible for the Right To Information laws. I was looking for IEC 60958 (the S/PDIF standard -- granted, not ISO but still proprietary) and found it available free on the Internet thanks to those laws, and presumably having been referenced in some other Indian law. The cover page [1] even includes affirmations of the right to knowledge. I wish other democracies could pull this off too.

[1] https://law.resource.org/pub/in/bis/S04/is.iec.60958.3.2003....


The worst is that the fees only cover the cost of running ISO the-organization: standard writers are not compensated by ISO for the work they put in.

My trick is to, for technical stuff, look for working groups and their mailing lists or other collaborative spaces, which are sometimes in the public, and get the latest working draft that they put out before it was turned into an official standard.

That's how I learned C in-depth in my high school days from the C9X (became C99 :)) draft standard.

Edit: clarify that ISO is not paying for the work being done on the standard, instead of that "writers usually do all the work for free".


standard writers usually do all the work for free.

My dad worked on a couple of standards, and while he wasn't paid by the standards body he didn't work for free. He was employed at a company and the company paid him his salary. Working on those standards was just another part of his day job.


Your dad also did not own the work he performed, the company he worked for owned it. It was that company which chose to donate the work (which your dad did) to the standards body.

If I donate food to a food bank, would it be fair for someone else to say “That food wasn’t donated for free! A store got paid for that food!” No, of course not.

See also: https://satwcomic.com/every-time


It was that company which chose to donate the work (which your dad did) to the standards body.

That's exactly my point. The standard _organization_ gets the work for free, but the standard _writers_ are almost always paid for their work and aren't working for free. The original comment made it sound like the standard writers where somehow being exploited or where donating their time to the standard organization.

In your analogy the writer is the food store, and the company is the person that bought the food to donate.


> The original comment made it sound like the standard writers [were] somehow being exploited or [were] donating their time to the standard organization.

No, I read it as pointing out that ISO does not need to be paid in order to pay its contributors, since ISO does not pay its contributors. The point was about ISO, not its contributors.


the standards organization's number one goal is to continue to exist, and thus, they ask people who want the standard to pay for their existence.

It's basically all a wastage, because an electronic record keeping and content management system can be cheaply administered, rather than as an organization.


makes one think why those companies are paying for something to be a standard.


Having your own data model/format/protocol become the standard makes it a lot cheaper for you to support the standard later. Everyone else has to support your stuff.


Also having your company name appear next to the name of editor or principal author of a standard is no doubt useful from a marketing point of view if part of your business is to help people implement that standard.


I was once in a company that took part in standard writing and while from a technical perspective the work was good, it certainly was in the business interest of the company to be part of the standard-defining process.


I've clarified that the point is that ISO is not compensating standard writers (iow, ISO does not need the money to create standards themselves), as teddyh correctly interpreted it.


> Edit: clarify that ISO is not paying for the work being done on the standard, instead of that "writers usually do all the work for free".

And? If the authors didn't think they got any benefits—or rather, the companies employing the authors and paying them—didn't think they got any benefit, then they wouldn't make the work on ISO standards part of their job.

Just because the benefit is non-financial does not mean there is no benefit.

People have recognized that having common standards is a general benefit to society. For a history of this see Engineering Rules: Global Standard Setting Since 1880 by Craig Murphy and JoAnne Yates (ISBN 9781421440033):

* https://jhupbooks.press.jhu.edu/title/engineering-rules

ISO has bills and overhead to cover, just like anyone else. Just because some of its work is covered by 'donated' effort doesn't mean all of it can.

(I wouldn't object to having ISO standards being freely available, it's just that I can see some reasons for why they are not.)


Imagine buying a book for $50 on Amazon. Then you find out none of that money goes to the author, and they didn't pick the price either, Amazon are the ones charging $50.

Whether the author needs that money or not is not the point, you would surely feel angry at the pricing, and would wish the author had put it on his website instead (where you could grab it for free), Amazon had priced it more fairly (paying for shipping and some overhead is fine but not $50), or the book had been authored by some GitHub organization in the open.


> you would surely feel angry at the pricing

Not if the author agreed to this arrangement ahead of time.


I'm saying nothing about the author, I'm saying me the buyer feel ripped off. Does it really matter to you whether the author or the author's company signed off on it?


Perhaps, but it does bring into question whether the fees paid are actually benefiting the standards whatsoever.


I have no knowledge of the internal workings of ISO, and whether the current arrangement is absolutely necessary or just legacy/habit from the past. Perhaps a different funding model for the organization could be done.

I'm not against the standards being freely available if it can be arranged, I just find it slightly annoying that many people seem to be acting like ISO is some moustache-twirling, evil mega-corp that is exploiting the workers because it charges a fee currently.


this discussion has been going on for decades. I've never heard any argument on the ISO side other than a blanket 'these things cost money'.

I'm sure the few people that work directly for ISO aren't feeling particularly exploited. neither are the standards authors - at least when I was doing it everyone was a well-paid engineer who enjoyed the travel and the work.

the issue is that the role of standards is best fulfilled by making them as widely available as possible. and its really not clear from an economic perspective what value ISO as an organization independent of its contributors is providing.

the IETF has a pretty reasonable track record technically, and there was never any notion about charging for standards access.

I think the burden of proof here is on ISO to show that the negative impacts of restricting distribution have any positive aspects at all.

edit: you know what, forget that. I'm pretty sure their primary cost is billing and IP enforcement. since they owe their privileged position to international treaty..its very difficult to perceive ISO as anything other than parasitic.


> * I've never heard any argument on the ISO side other than a blanket 'these things cost money'.*

2020 annual report, finances:

* https://www.iso.org/ar2020.html#section-finances

* https://www.iso.org/annual-reports.html

Expenditures were 35M CHF, income was 40M CHF, for a net result of 5M CHF. "Royalties received from members selling ISO standards" was 12M CHF.

If they can make up that money elsewhere then they could stop charging.


If you have no knowledge why are you voicing such strong opinions? You could have learned a lot about the inner workings from reading this very thread.


I don't feel my opinions are strong. More statements of fact:

* the ISO needs to pay the bills

* part of their income is charging for standards

* the folks that work to together to write the standards agree not to ask for a cut of the proceeds of the sale

* some folks want ISO standards to be free

2020 annual report, finances:

* https://www.iso.org/ar2020.html#section-finances

* https://www.iso.org/annual-reports.html

Expenditures were 35M CHF, income was 40M CHF, for a net result of 5M CHF. "Royalties received from members selling ISO standards" was 12M CHF.

If the ISO can make up that money elsewhere then they could stop charging.


I mean that's kind of how publishing works today

Authors get paid a small royalty; publishers set the price and get most of the scratch


> standard writers usually do all the work for free

this is a nonsense claim - in almost all cases they’re paid by their employers.


It's not nonsense. From the point of view of the standards body (which the comment was talking about) the work is free. The standards body doesn't pay anyone for the production of the standard.

Yes, the writer is typically employed by a relevant company. They're not working for free. But the body from which you must buy the standard is getting it for free.

This is exactly the same problem academia is facing. The big journal companies charge huge amounts for access to journals, but don't pay for their production. That's funded by universities.

In both cases, the bodies collating these documents are rent seekers making far more money than their services are worth.


> From the point of view of the standards body (which the comment was talking about) the work is free.

The standards body _is_ its members. It's not practically a separate company - it's a vehicle for the members.


That's a somewhat idealised view: there is certainly value in it, which is why members all pay a hefty membership fee (to the tune of 21M CHF last year, which is half of their revenue).

For details, check out their 2020 financials page: https://www.iso.org/ar2020.html#section-finances

I am only highlighting how proceeds from the sale of ISO standards are not being distributed to ISO members, including national standardization bodies, nor any contributors.

I'd hope that country ISO members would push for their membership fees to cover for distribution of standards for free (even if it meant increasing those fees) — that'd be a much more sensible approach IMHO. Or they could optimize slightly not to need those royalty fees in the first place.


The original comment still makes sense: none of the fees paid to access the final document go to the original authors.

To add insult to injury, some of those "employers" actually pay further fees to standardization bodies.


> The original comment still makes sense: none of the fees paid to access the final document go to the original authors.

And? If the authors didn't think they got any benefits—or rather, the companies employing the authors and paying them—didn't think they got any benefit, then they wouldn't make the work on ISO standards part of their job.

Just because the benefit is non-financial does no mean there is not benefit.

People have recognized that having common standards is a general benefit to society. For a history of this see Engineering Rules: Global Standard Setting Since 1880 by Craig Murphy and JoAnne Yates (ISBN 9781421440033):

* https://jhupbooks.press.jhu.edu/title/engineering-rules

ISO has bills and overhead to cover, just like anyone else. Just because some of its work is covered by 'donated' effort doesn't mean all of it can.

(I wouldn't object to having ISO standards being freely available, it's just that I can see some reasons for why they are not.)


> some of its work

I guess what we perceive differently is how much work is "donated": I'd say most of it is (which does not make your statement untrue, but "some" implies a lesser part of it).

Nobody is doubting the need for common standards and the need to pay for them: this is why there are membership fees, and ISO has collected half of its revenue on those — https://www.iso.org/ar2020.html#section-finances. IMHO, it should optimize in a way to make its entire operations possible on that revenue (if that involves increasing fees or becoming more frugal is up to them).


I have no knowledge of the internal workings of ISO, and whether the current arrangement is absolutely necessary or just legacy/habit from the past. Perhaps a different funding model for the organization could be done.

I'm not against the standards being freely available if it can be arranged, I just find it slightly annoying that many people seem to be acting like ISO is some moustache-twirling, evil mega-corp that is exploiting the workers because it charges a fee currently.


People are bringing up facts that ISO is heavily funded by member countries (from taxes collected from their citizens), ISO standards are written by others at no cost to ISO, and yet ISO charges not-just-nominal fee for their distribution — exactly for people who "have no knowledge of the internal workings of ISO".

Nobody is acting as if they are exploiting anyone, but many are unaware of the situation above. Whether one finds that fair is up to everyone individually, but perhaps you can allow that finding it unfair is a reasonable viewpoint as well?


> none of the fees paid to access the final document go to the original authors

Isn’t this normal in life? Most people are paid salaries or contracts for a job, not a proportion of sales.

An engineer at Google is paid to build an advert system but they don’t get a proportion of the advert fees.

> some of those "employers" actually pay further fees

Why have you put employers in scare quotes? Do you doubt they’re employing anyone?

And they don’t have to put anyone on the committee writing the standard if they don’t want to.


The original author is the company. The company doesn't get paid by ISO for making the standards, and indeed might have to pay ISO to submit the standards. ISO then pays others to view those standards. At least that's what the argument is.

The company may have employees that write the standard, that's immaterial. You're equating "Author" with "Employee" rather than "Company"


The company writes the standard because it wants the standard to exist. You're making it into a business transaction between the company and the standards body, when really it's a community interaction, beneficial in their minds for both the company and the industry. The standards body is just a facilitator for the companies which are members.

It's not supposed to be a money-making opportunity.


I find it bad because I believe they could optimize in a way to sustain the organization on membership fees itself. Eg. doubling those fees (21M CHF from membership in 2020 out of total 42M revenue) would have achieved this for 2020 without any optimization on their part.

Or they could become more frugal. Eg. simply by removing the overhead of managing *sale" of electronic documents, they could optimize at least a little bit.

Membership fees are stable, yet royalties are fluctuating. As a non-profit, they've got to end the year on 0, so they'll always spend whatever they earn.


I mean, I was ideologically outraged as a young adult when I found out that the Ontario building code must be followed by law but that it must be purchased for around $350 at the time. But I kinda get it now. Doing stuff the right way is hard. It takes big, sorta expensive books. It's not the end of the world.


Establishing laws the right way may be hard, but following them is compulsory. I don't see why being forced to pay in order not to break the law shouldn't be an outrage.


How would you feel if:

(1) The law books were pretty expensive...but some minimum number of public libraries had copies of the books in their Reference (may not be checked out) sections?

(2) The expensive law books were pretty much all in subjects that didn't concern you - building code for steel mills, regulations for operating an ocean freighter, depreciation rules for oil refineries?

(3) "The letter of the law" was freely available - but it's a muddled mess of vagueness, insider jargon, "gotta be a lawyer to understand the mental framework here", and just so hellishly long that you would have to devote your life to some sub-sub-sub-section of the law (plus the administrative regulations based on it, rulings in related court cases, etc.) to have any chance of knowing and understanding it?


(1) See my other comment, this is pretty similar to having to pay for them, except now you pay with your time, and proportional to your... geographical placement? That doesn't make a lot of sense.

(2) See my other comment.

(3) That's bad.

You seem to present this as a trilemma, when it's not.

(4) Pay for the creation in some more sensible way, e.g. the same way more pedestrian laws are created. The law that says you aren't allowed to shoot people at will was also made by someone, and that work was not free.


My point (poorly made, perhaps) was more that lots of kinda-reasonable-sounding stuff like (1), (2), and (4) doesn't much matter if the final reality of the law is often more like (3). At least in the U.S., my impression is that (3) is rather often the case.


Yeah that's how I used to think too, but we can characterize it another way if we want to. The costs of upkeeping the codes that keep us safe should be born by those that test their limits.

But in the end, to me it is much simpler than that: This is a minor annoyance at worst. Imagine losing a family member due to ignorance or recklessness of others. Or prolonged, acute illness due to a misdiagnoses and subsequent medication complication. An engagement ending without notice because you answered a question innocently and honestly and it caused them to re-think the whole thing.

These are real problems.

When life is rosy cosy a three inch thick book costing $350 may seem like an outrage, but it really isn't.


I guess another way to look at this is just another tax that you have to pay.

This tactic is underhanded though in that it favors those who don't pay the tax and take risks without knowing the code (they have more money left if they win the gamble).

EDIT: plus, a "buy this law" tax is regressive: those who do the least work subject to this tax will bear the highest tax/unit of work costs. E.g. a private person remodelling their house will pay the same 300$ as the huge construction company.

It also creates a hurdle for new entrants, who don't have any existing connections from whom they could borrow the book.

When it comes to financing the research on law, there are ways that have better properties than those above (like a tax on work done).


I mean, you also need an engineering degree and a license to practice engineering there. Where does one draw the line? There are barriers to entry and requirements in most fields.


I'd draw the line at not spreading/hiding the costs. Have the payment for the law be part of the degree (for example), instead of creating a surprise payment only after somebody already invested some time into the path.


No "[i]t's not the end of the world." But, it limits who can and cannot use those standards.

ISO standards are often mandated and required to do business. The documentation can be large portion of the certification.


Dim memory suggests that Standards Australia [0] is required by numerous pieces of legislation. SA is not only privately owned, but I believe bought out by Chinese interests. Not that I mind the Chinese part, but it just adds a delicious surrealness to the situation. I suppose it is better that they control the standards rather than the clowns in government who can't even manage standards.

[0] https://www.standards.org.au/


Standards Australia continues to exist as a non-profit industry association - you're thinking of SAI Global, which was SA's for-profit services wing that got sold off.


The ACT Legislative Assembly's Standing Committee on Justice and Community Safety has repeatedly raised the issue of access to standards, as have other state parliaments like WA. Little has been done about it, even though they're asking for something as minimal as providing access to standards via public libraries. Apparently there was a COAG working group looking at the problem but they've seemingly achieved little, and they're not even aiming very high to begin with.

https://www.parliament.act.gov.au/__data/assets/pdf_file/000...


Meta:

If anyone wants to know the history of ISO, its predecessors, and the history of writing public standards, see Engineering Rules: Global Standard Setting Since 1880 by Craig Murphy and JoAnne Yates (ISBN 9781421440033):

> Private, voluntary standards shape almost everything we use, from screw threads to shipping containers to e-readers. They have been critical to every major change in the world economy for more than a century, including the rise of global manufacturing and the ubiquity of the internet. In Engineering Rules, JoAnne Yates and Craig N. Murphy trace the standard-setting system's evolution through time, revealing a process with an astonishingly pervasive, if rarely noticed, impact on all of our lives.

> This type of standard setting was established in the 1880s, when engineers aimed to prove their status as professionals by creating useful standards that would be widely adopted by manufacturers while satisfying corporate customers. Yates and Murphy explain how these engineers' processes provided a timely way to set desirable standards that would have taken much longer to emerge from the market and that governments were rarely willing to set. By the 1920s, the standardizers began to think of themselves as critical to global prosperity and world peace. After World War II, standardizers transcended Cold War divisions to create standards that made the global economy possible. Finally, Yates and Murphy reveal how, since 1990, a new generation of standardizers has focused on supporting the internet and web while applying the same standard-setting process to regulate the potential social and environmental harms of the increasingly global economy.

* https://jhupbooks.press.jhu.edu/title/engineering-rules

Edit: Presentation from one of the co-authors:

> Craig Murphy, Betty Freyhof Johnson ’44 Professor of Political Science, gives a book talk with insights into the realm of global standard setting that has shaped global industries such as technology, trade, construction and the environment. He reveals the ways in which the committees of global stakeholders, which include manufacturers, users, and unaffiliated engineers collaborated to develop these standards of compliance, and the impact of these standards on human livelihoods worldwide.

* https://www.youtube.com/watch?v=Kg19VO7TgR8


It is not ISO then, it is the specific agency which makes them compulsory the one who should hand out the (allegedly much) money to ISO and make the documents available to those who must comply with the specific standard.

But I agree that making some proprietary standard compulsory goes against any fair law, if there is no way to obtain that information easily from the Government.


It is a standard. If it is not publically readable it should not be allowed to call itself a standard.

I am for legislation that defines standards as such. If you want a standard to be applied within the jurisdiction the first bar should be that it is publically readable.


The thing that drives me nuts in my day to day work is that the two ways you can get standards in Australia now require you to install an insane DRM plugin - it's worse than a regular 'protected' PDFs.

And I say this as a SA contributor.


> a shady company that plays cowboy will do the bare minimum to get the badge.

Isn't that part of the point of having a standard? That the bare minimum done by shady companies is actually enough to prevent adverse outcomes?


Australia seems to be trying to outdo UK with absurd dystopinism.


Off topic but I think this happens when the stratification of society becomes very stagnant. The calcification creates pipelines of protectionalist thoughts that manifest in ego driven total surveillance or lobbying that protects industries furthering the calcification.


> deliver essentially a set of Excel templates

Ironically, Excel itself being another proprietary standard that's accepted as a necessity.


Open alternative standard. Also pretty good interoperability with Excel itself. http://docs.oasis-open.org/office/v1.2/OpenDocument-v1.2.htm...


I did recently discover that the Estonian standards agency makes ISO standards available, not for free, but significantly more cheaply than other sources I found when trying to locate standards (although I didn't end up using it so don't know any more than is on the public Web site): https://www.evs.ee/en/


At least for some - I randomly picked ISO 8601-1:2019 - there is even an option to buy 24 hours of access. In this example a PDF from ISO [1] is €150, from EVS [2] €19 and 24 hours access is only €2.40.

[1] https://www.iso.org/standard/70907.html

[2] https://www.evs.ee/en/evs-iso-8601-1-2019


As an IT Operations practitioner I want to better understand SQL, so I wanted to look at the SQL standard.

What used to be one document is now over a dozen -- it seems that part 2 (SQL/Foundation) deals with the SQL language basics, which is what I need right now.

It's about USD 250 via the Estonian web site (https://www.evs.ee/en/iso-iec-9075-2-2016)

It's about USD 215 from ISO directly: https://www.iso.org/obp/ui/#iso:std:iso-iec:9075:-2:ed-5:v1:...

I am a member of the ACM and I reached out to them but it's not in their digital library.

I am looking for a legal yet economical way to obtain the standard. I am willing to pay $20 but not $200.


In most cases, the answer to your problem is "you're using it wrong".

On EVS, what you normally want to do is look up the EVS version, not the ISO/IEC version (because they also resell the original).

The EVS version is the regional version, which is for all intensive purposes identical to the original version (the topic has been covered before on HN, I'll try to find the link to the original).

But in your case it looks like unfortunately there isn't a regionalised version of 9075-2. ;-(

But just to demonstrate my point, let's take ISO9000 ...

    ISO9000:2015 at EUR197.77 [1]
    EVS-EN ISO 9000:2015 at EUR33.49 [2]

    [1] https://www.evs.ee/en/iso-9000-2015
    [2] https://www.evs.ee/en/evs-en-iso-9000-2015
Edit to add, if my understanding of the nomenclature is correct the BSI have a regionalised version (BS ISO/IEC 9075 1-4, 9-11, 13-14:2016) for GBP66 (or GBP33 for members)[3]

   [3]https://shop.bsigroup.com/products/information-technology-database-languages-sql


Understood, thank you very much! I appreciate your effort to look into this.


> intensive purposes

What



> intensive purposes > What

Just checking the resident Grammar Police Officer is awake and not eating doughnuts. ;-)


I'm not sure if this is right, but the Dutch standards body seems to have this document available [0] for free with part of it available for evaluation [1] and it seems like it's the real deal. Most other parts of the standard a shit ton of money (>€200 per part, with over 12 paid parts), but some others [2] are free as well. There are also outdated versions of the document available for free or cheap if those suit your needs, but I'm sure you can find cheaper alternatives for that as well.

I don't know if there are any requirements for access (like an address in the Netherlands, or Dutch citizenship) but it seems like you can just grab the standard from here completely legally.

[0]: https://www.nen.nl/en/nen-iso-iec-9075-2-2016-c1-2019-en-263...

[1]: https://www.nen.nl/en/norm/pdf/preview/document/263083/

[2]: https://www.nen.nl/en/nen-iso-iec-9075-9-2016-c1-2019-en-263... https://www.nen.nl/en/nen-iso-iec-9075-4-2016-c1-2019-en-263...


Thanks! But the only thing that's free is the corrigendum (corrections):

https://www.nen.nl/en/nen-iso-iec-9075-2-2016-c1-2019-en-263...

The rest is around 200 euros per part:

https://www.nen.nl/en/elasticsearch/?search=9075&sortmode=as...


Aw, shucks. I thought that was the complete version.

I'd just pirate the damn thing if you weren't doing it for professional purposes.


That's okay, I appreciate your efforts. Thank you!


> PDF from ISO [1] is €150, from EVS [2] €19

Note that to get a non-DRM PDF from EVS, you need to select a multi-user license which makes it €28 minimum (inc. tax). But the paper version is also €19 + shipping.


100% agree!

I am very angry that standards that were paid for by taxpayers around the world were then given by governments to the ISO who then charge for very minimal work done afterwards.

For example, BS3939 was created by the UK Government for electronic symbols and as far as I know, has not been updated since 1991 when an ISO document took it over. Why would they, therefore, be charging $250+ per copy for it?

I think there should be a phrase like "immoral bureaucracy" which pertains to the extraordinary amount of money a quango burns through compared to what they actually produce. Since most ISO docs are produced by experts and not by the ISO themselves and since many of these do not change frequently, the cost is immoral imho.


In case any other non-native speakers wonder about "quango" it seems to be from quasi-NGO [1], where of course NGO means a non-governmental organization. A new one for me!

[1]: https://en.m.wikipedia.org/wiki/Quango


I think that article is wrong; I think that acronym is of British origin, in the 80s, and it expanded as "Quasi-autonomous non-government organization" (which the article refers to as a "backronym"). That's the expansion I have always encountered since I first came across the acronym.

"Quasi-NGO" doesn't have anything for the 'A' (OTOH, none of the expansions offers an explanation of the 'U', I guess)

"Quasi" means "like", or "fake". It's the autonomy of a QUANGO that is fake, not its non-governmentalness.


> I think there should be a phrase like "immoral bureaucracy" which pertains to the extraordinary amount of money a quango burns through compared to what they actually produce

Rent-seeking?


JUst to correct my original comment, this example is actually the IEC, and is only around $100, and is not the ISO but I think the same argument stands!


Standards that are not available to the general public are like the law not being available to the general public. You're supposed to follow and be compliant but you are not allowed to know what to follow and be compliant with.


Not just that, but when a company or process is ISO-whatever certified, how am I supposed to know what that means? (The technical rules, not the marketing.) If I need to pay to read the criteria for it, that certification might as well be meaningless.


Yes, very frustrating this. I totally agree that all ISO standards - in fact, all standards and all laws - should be freely available. Nothing else makes sense.


The obvious solution is to simply copy the text of the standard into the legislation that relies on it.

But many standards that people need to be able to refer to are not referenced in legislation; this includes many standards that are needed for interoperability. In that respect, ISO is providing big companies with an anti-competition 'moat'.


I would've expected sci-hub to have a complete collection of ISO standards.


When you buy an ISO standard, it is marked by the buyer ID.

To make it publicly available, you need to strip it. That means the file must be modified, and the tampered copy must be stored somewhere.

Sci-hub has a different model: it is decentralized because it lends credentials to download protected articles. It does not store them. It cannot remain decentralized if it stored or cached the content.

I looked into it to write a QR-code tool. Getting the standard was a bullshit process and I wasn't going to pay that much for a side-project. I did not write the tool as a result, even though I'm not happy with the one existing on linux (though, thanks a lot to its author, who did so using the standard at personal cost for public benefit).

The solution I found was to buy it properly, but go through eastern-Europe countries, to make it cheaper. Still bullshit to have to buy a standard for common tooling necessary to interact with everyday life.


Sci-hub does in fact cache and store everything. They have articles available that are no longer available from the original source.


Indeed! I was working with false assumptions, thanks for correcting them.


> I looked into it to write a QR-code tool.

> Getting the standard was a bullshit process and I wasn't going to pay that much for a side-project.

I was once in a similar situation. Needed the document in order to understand QR codes so I could contribute to the zbar project. Was forced to use some outdated draft I found online.

I simply don't understand the point of this gatekeeping. IETF RFCs are how things should be done.


$$$$$


Are they really making that much money? The audience for these documents is as niche as it gets.


Very niche for sure. But it's like the rest of the publishing industry. They have something you need and are the only ones that have it, so they can charge anything they want.

If $500 for a copy on an iso about home network security is true (as another commenter pointed out), I'm sure they charge similar if not more for the popular ones companies rely on.


Unfortunately not. Unfortunately libgen also never has the recent ones


there's a torrent on ru-tracker with the complete iso standards.


libgen used to have a section for searching for scientific standards, but it seems to have been removed.


I had to just buy a new version of a standard/paper… $250, out of pocket, and it was mostly typos and clarifications that make the :2020 version better than the :2016 version. I had to pay to find out nothing really changed.

Yes. They should be free. No. They never will be.


The $XXX a business would spend on standards is insignificant compared to $XXXXX+ it has to give consultants in return for understanding how to actually comply with those impenetrable walls of text enough to pass an audit.


That's exactly the point: Any business that can afford to spend on standards doesn't want to change any of this, because it helps keep out disruptors.


My point was that (1) standards aren’t well-written if reading them is not enough to understand how to implement them in your business, (2) this benefits consultants (some of whom are involved with ISO, I’m not sure if possible conflicts of interest are taken care of), and (3) the proposal of this public letter does nothing to address the status quo.


As a consultant who is getting $XXXX+ for implementing the $XXX standards: most institutions could do without my consulting, but they don't because it is not the expertise they lack but the time and manpower, plus I implement this standards for a living and thus have a higher proficiency which reduces the project time by a factor of 2 + I can get some assistance on the job.

But you can easily pass an audit if you actually READ the standards...


> But you can easily pass an audit if you actually READ the standards...

I worked in automotive manufacturing at one point. We had to follow an automotive specific extension (ISO/TS 16949 at the time) to the ISO 9001 standard in addition to a set of AIAG Automotive Core Tools (a set of 5 books). Our auditor was being audited by one of the people who was on the extension work group and the Core Tools work group. We definitely read the standards and were found to have 13 major non-conformances. We were told there are courses the working group offers to "teach the proper way to read the documents."

Maybe it's different in other industries, but my experience is you have to buy the documents, buy the courses to learn to read the documents, buy the courses to learn how to do internal audits, and then maybe you'll have the knowledge to complete the certification. But as you say, it will be quicker to use a consultant, so you add on consulting fees after all of those other expenses. Then you pay annually to be audited so you can maintain the license.

It's the cost of doing business and definitely had a huge ROI where I worked.


Yes, the TS16949 that's a tough one. Also depends on the auditor. Sounds like yours wanted to show you how much more he knows about the Standard than you do. But Auditors is where all this Standards fall short: they have private interpretations of the Standards and sometimes you have to get back to the letters of the Standard with them... You definitely don't do that on your first audits or as an organisation which just wants to pass. As a consultant you can get a talk with the auditor and straight some things out - in the end the customer pays the bill and is able to change the auditor or the whole auditing organisation.

Oh man I love this audits where you can get all nitty-gritty over the interpretation of the Standard...but most of them are straight forward. I am sorry that you had such a hard time with yours


Our auditor had to show that because he was being audited on his approach and representing his company to the AIAG auditor.

It was a good experience for me. I went through some seriously easy audits and then one when the book was thrown at us, so to speak.


I'm not saying ISO shouldn't make standards freely available, but I think there might be a misunderstanding here:

1. it's not necessarily ISO themselves who insist on fees; rather, often times it used to be spec authors who negotiate rights to publish standard text as a book with much needed commentary beyond the bare spec text, as a way to get any financial compensation at all for experts in the field. The conflict here being a high price for standards pushing buyers into purchasing the book instead.

2. ISO, ITU-T, etc. are delicate international agreements between national standard bodies, (former) national telecoms, non-profits, etc. with diverse legal status and legacy. Reaching consensus through any process involving as many parties is easier said than done; our self-acclaimed "standardization bodies" in IT/Web aren't exactly examples of progress, participation, and representation, to say the least, given that we've reached a stadium of defacto monopolization and stagnation


So they're essentially the TicketMaster of standards. Everyone pretends to hate them, but it's only really the end users who suffer them.


Here is a piece of ISO insanity - how to secure your *home* network - 499USD.

https://webstore.ansi.org/Standards/ISO/ISOIEC3010027001Home...


Looking at the (publicly available) introduction of ISO/IEC 30100-1[0], ISO/IEC 30100 is about how to ensure secure interoperability of devices and software intended for home networks, not for individuals managing their own network.

[0] https://www.iso.org/obp/ui/#iso:std:iso-iec:30100:-1:ed-1:v1...


IMO a "standard" that isn't publicly available free of charge (like the laws) should have no legal standing (i.e. national bodies and laws should never defer to such standards or demand compliance). Otherwise it's just an opaque law that only the rich get to read.

Now if companies want to make gentleman's agreements to follow each others' paywalled standards.. by all means. But they don't get to complain if others violate these standards left and right.


agreed!


Google Docs will eventually be overloaded with all the people accessing the doc. Linking to the [Preview] version helps, because it doesn't have to load the multi-user edit interface.

[Preview]: https://docs.google.com/document/d/12Gmy2s4Nmkw6VDv2B6b5K1DL...


this is the non-vandalized version of the doc if anyone's looking for it


Microsoft corruption of ISO to buy its own standard for OOXML:

https://noooxml.wikidot.com/ http://noooxml.wdfiles.com/local--files/banners/ISO-Discredi...


I'm not sure whether that is a viable option: after all ISO is a company. But it always stroke me as a paradox the fact that in order to be compliant to standards, one should buy their specifications. Certainly, removing such financial barrier will positively contribute to a quicker adoption and convergence of/to standards.

At the same time, I don't buy in the narrative that sees the ISO organization not wanting precisely that. Therefore I suspect that the current way of promoting standards is unfortunately the best system we've came up to achieve such goal.


The standards organisation costs money. This particular standards organisation, ISO, exclusively has members which are sovereign entities (technically, the national standards organisations of those sovereign entities)

So if you want the documents to be free, the sovereign entities are going to have to pay for that. In practice, I can already tell you that if they were supposed to pay for this the United States will have some excuse for why it doesn't want to pay or its fees will always be late. But even if you aren't a US citizen, this is something your government chooses not to pay for.


This was started by Jon Sneyers, co-chair of the JPEG XL (ISO/IEC 18181) group. He said: "Specifically for JPEG XL (or codecs in general), a free spec makes it a lot easier for external enthusiasts to make an alternative implementation"

https://www.theregister.com/2021/07/31/iso_paywall_battle/


Yeah, this is something that so many of the comments here seem to miss. Simply having to pay for the standard is an enormous barrier to access for anyone doing anything of a non-professional nature with the information. It almost doesn't even matter what the price tag is. Just the fact that you can't say "read the spec, here's a link" to someone with casual interest in a forum post is enough.


Standards, building codes, especially residential building codes. Any time violating code is effectively violating the law, codes should be free (online) or very very low cost (hard copy).


I don't get how a standard behind a paywall is even considered a standard. Imagine you had to pay to find out what a meter is.


The SI system is a interesting one because it is actually not just free, but released under a CC license.

https://www.bipm.org/en/publications/si-brochure/


You do have to. The more accurate you want, the bigger money you have to pay too.


I mean the definition is public. "The metre is currently defined as the length of the path travelled by light in a vacuum in 1/299 792 458 of a second." You don't go through a paywall to find the definition.

Of course that definition might not be particularly convenient for someone who just wants to measure a meter accurately.


Yeah, that's what I meant.

> that definition might not be particularly convenient

The same way the standard for MPEG wouldn't be useful for someone who just wants to watch a video :)



> The metre is currently defined as the length of the path travelled by light in a vacuum in 1/299 792 458 of a second.

There, that's free.

I understand yours is likely just a joke, but you're paying for the tool, not the definition.


It was… a serious joke.

GP: "Imagine you had to pay to find out what a meter is." I posted a link to a device that'll tell you whether something is a meter, or more, or less. Now, that wasn't what GP had in mind, but it matches the words. So what did GP have in mind?

Perhaps something more like a definition? Wikipedia supplies that (and wants you to pay, there's a promiment banner at the top of the page). Britannica supplies a definition (and requires you to pay). Your school books supplied a definition (and the school paid for that, and for the teacher who made you read it, and more). ISO supplies that, and requires you to pay, like all the others.

I like free stuff as much as the next guy, but having to pay isn't "imagine that", it's the normal case. In the case of ISO the readers pay around half the cost and the writers pay the other half. You can argue that the the costs should be split differently, but please not by saying "imagine that".


In all your examples you are paying someone to print something.

Wikipedia asks you to pay for hosting, staff and further development (if you want to).

But no one has copyright on the definition of a metre.

You are free to type it on a paper and give it to as many people as you'd like.

That's what free means.

Can I copy ISO standards freely?


It is indeed true that in all of my examples, someone's paid to print something. Printing is part of the cost.

In the case of Wikipedia, people sit in offices and print letters, for example its lawyers who respond every time someone sues the foundation. I don't believe that printing letters to the courts forms a major part of fighting those lawsuits, though. Britannica itself hasn't been published on paper for almost ten years now, but even when it was, printing was a small part of the cost. The editors cost much more. The school paid for the school books and the teachers, and again, the actual printing of the school books is a minor part. The teacher's salary is much, much more, and even the school book publisher's authors and editors are paid more than the printers.

Focusing on some minor cost and insisting that it's unreasonable, and therefore the whole is unreasonable, is stupid.


You seem to be missing the point.

Britannica or Wikipedia or any publisher of most facts/definitions/similar don't actually own those facts or definitions, you pay them for their work in packaging it and, I guess, phrasing.

The definition of a metre, to circle back, is free, and yet people seem to still pay for it in various ways, by your own account. People can still be paid for work.

Edit: Seen another way, if I paid someone specifically for the definition of a metre, anyone could produce a product for me, but in this case only ISO can (at least with current phrasing, layout, etc). I imagine the cost for the metre definition wouldn't be very high, and there would probably be accurate enough open information alternatives. We don't even have to imagine.

Hopefully clarifies my OP.

=== Opinion section ===

Locking standards/laws/facts behind paywalls and copyrighting it breeds a society with even more inequality where the haves and have-nots have different access to basic information we all have to adher to.

Standards are a type of information where if you have to adher to it it should be open to any to use as they need.

> Focusing on some minor cost and insisting that it's unreasonable, and therefore the whole is unreasonable, is stupid.

No cost is minor for everyone, especially not in aggregate with all other "small costs".

But to clarify, the argument is regarding what we pay for, not my stance on how it should be (which might be too prominent).


I'm not missing it, I think it's unimportant. It's a small portion of the cost, why argue about it instead of the large parts?

ISO needs to pay its costs. The licensing it has chosen delivers about 50% of the necessary income. The copying is cheap, that's true, but ISO needs to pay all of its costs, not just the copying.


That you dismiss the distinction out of opinion on its' importance proves you indeed missed it.

Whether or not ISO needs to be paid for the work it does or not is irrelevant to the discussion on whether their standards are free (they're not) and the definition of a metre is (it is).

Opinion:

If governments use them for eg regulation, maybe they should be funded by governments and be a non-profit.


Yes, well... I've both written actual standards and worked professionally on software that many non-users insisted should be licensed differently, and I suppose I've heard these arguments too often over the years and have become numb.

Someone's intention is that something should be free (in some way in which it is not), the effect of the proposed change would be to stop the work to produce that something. It's a good intention every time, but I'm tired of having it stop there. Wake me up when the proposal is one that doesn't disrupt the funding. And remember that when any one stakeholder thinks two things are related, then they effectively are.


This probably sounds as if I'm ignoring you, perhaps rudely. That's not entirely false. I heard so many people insist that some part of our business plan was irrelevant to the rest, it's really difficult to still really pay attention.

The lesson from that is that if you want to change ISO's ways, you have to not sound like n previous people and trigger that reflex. Because ISO employs people who are much more polite than I am, but they too will stop listening if you sound like too many people they've rejected before, because that's a human reflex.


Purely technical drawings and textual descriptions are not considered works here, unless you e.g wrap it in a poem. And regardless of the copyright status, actual information content itself can't be copyrighted so standards could at least in theory rewritten as a crowsourced effort.


> a device that'll tell you whether something is a meter, or more, or less. Now, that wasn't what GP had in mind, but it matches the words.

IMO, it doesn’t. OP asked for what a meter is, not for what object is a meter. The latter has an implied “long” or “in size”.


> I don't get how a standard behind a paywall is even considered a standard.

What makes something a standard is when people agree to use it and design against it.

If no one uses it, even if it's openly available, is it really a (practical) standard?

Things don't even have to be written down, they're simply "the way we do things":

* https://en.wikipedia.org/wiki/Standard_operating_procedure


Paying for standards is acceptable in a context where you are given a requirement to conform to some industry standard. But that is rarely how it works in software and networking. Instead of being told what specific standards are needed, often it is a process of exploration and discovery to learn what standards may be relevant to certain aspects of a system you are developing.

For example, I might read parts of a dozen different cross-referenced IETF RFCs just to decide what flavor of URL syntax I should accept in my API. At other times I might not even know whether a relevant standard already exists, so I skim a bunch of standards just to confirm it is necessary to invent a new thing. This would be very expensive in ISO Land, and the reality would be that the standards are never used.

Non-free standards for software and networking impede innovation. I can't imagine what the internet would look like today if the IETF and W3C charged for access to standards.


The doc has been hacked with NSFW content :( how can it be reported?


It wasn't hacked, people just abused the option to comment and add suggestions. I had to make the document read-only to stop these immature trolls. Unfortunately there doesn't seem to be a setting in Google docs to allow only non-anonymous comments (and to revoke permission to comment to abusing accounts).


Since I can't make a suggested edit, I'll make my suggestion here: please explain CHF as Swiss francs; unlike most other countries, the two letter code is not enough to guess the country name. Looking it up, it seems to be the country's name in Latin, which led me into a Wikipedia rabbit hole that ended say the Spanish Reconquista before I realized what I was doing.

The PDF standard is another standard that is locked up, despite the earlier versions being fully open before Adobe gave it up.


Why is a standard not freely available?


I'd go so far as to say: How can it be a standard, if not freely available?


> […] How can it be a standard […]

Because people agree to use it and design against it.


Yeah, it should be free for everyone, but in that situation the ISO company won't get the same amount of money. They are an NGO, but AFAIK they aren't non-profit.


Does anybody remember back in the early 2000's when ISO attempted a passive-aggressive coup on the TIA/ANSI standard for Category Ethernet cabling? For Years the TIA ( Telecommunications Industry Association) was evolving "Category Cable" standards, then one day the ISO declared a new category cable with a sequential number bump of the previous TIA standard, which was cat-6. ISO called their so-called new standard Cat-7. I write so-called because there was already preliminary draft work on the same technology by members of the incumbent standards body (TIA). Pretty much ISO modified the TIA's existing draft with a certain member company's ideological opinion on new cable connectors, and rushed it out.

I won't say which ISO member company was pushing hard for their concept of Cat-7, but it was a large European technology company in-and-around Germany, and they had an idea to introduce new cable connectors for which they owned the patent. The new connectors improved interference, and thus improved bandwidth, etc... but were not the backwards compatible traditional RJ-45 style connector the Americans in the TIA were keen to preserve.

This was the most down-played and suppressed drama of all time. Both parties played it very diplomatically, and made absolutely zero public fuss about the issue of ISO attempting to assert itself into another standards body's domain. You may have noticed one or two belligerent nerds on IRC chatting pedantically about this topic every few years. Mostly one clueful nerd saying there is no such thing as Category-7 cable, as if to say that if the TIA doesn't make the standard for cable, it doesn't exist, etc... while another would say that any standards body can make a standard, etc... implying that they didn't care who makes the standard. Regardless, it was well outside the zeitgeist of Networking professionals in the industry, meaning your average network administrators. That is why the ISO thought they could get away with the scandal.

Ultimately the issue was resolved when the TIA established Cat-6a, and then Cat-8, thereby re-establishing their line in the row of category cables. Cat-7 was simultaneously ignored by most-all the members of the TIA member companies, and not certified by many vendors for interoperability. That said, Cat-7 was interoperable using RJ-45 style connectors. It was a sort of industry wide scarlet-letter, the TIA was going to make Cat-7 irrelevant by having the previous standard adopt sub-categories, E.G. cat-6a, cat-6b, etc... And of course reasserting itself sequentially in the versioning scheme they themselves created.

Finally, the ISO was going to do the same thing to networking cables, lock the standard away behind closed doors, but they had misappropriated the technology from an open standard. It's probably unethical, or at least shady. To them it was a new potential revenue stream, and pursing the interests of one of their committee member. All around it stank of collusion, conspiracy, and cronyism.


It is not that I am against Open Standard or even Open Source. But someone has to somehow put food on the table. Without a sustainable source of income or a business model it is a lot of wishful thinking.

We dont have a policy problem. We have a business problem. Or a Go to market problem ( so to speak ). And this document doesn't seems to outline any solution.


Whose food are you talking about? The people who write standards are usually paid by their employers (I've seen a few volunteers / enthusiasts too). They have food on the table, and the companies benefit from funding that work. After the work is done, distributing the result is virtually free. There's no need to extort hundreds of dollars for a 30-page PDF whose contents were written two decades ago by salaried employees.

It's reality for IETF (and many other organizations) and I don't see why it couldn't work elsewhere. Somehow we need to find a way to upset the status quo, the same way Let's Encrypt has done for TLS certs and the way open journals are slowly gaining mindshare over extortionist publications.

The challenge with standards is that they remain useful for a long time and you need interoperability (unlike with certs that you renew every year or three and which you can get from any number of CAs). Everyone wants to use the existing and established standards instead of reinventing the wheel, and we can't just copy the existing standards (though maybe we could "recreate" fully compatible standards because you can't copyright facts?). This is not a business problem, this is an entrenchment problem. And I guess there are some (big) companies that benefit from entrenchment and regulatory capture so it's in their interest to maintain the status quo. Naturally, everyone on ISO/IEC/IPC/etc payroll has an interest in maintaining the status quo.


>Whose food are you talking about? The people who write standards are usually paid by their employers

People directly employed by ISO ?


The purpose of a standard is to aid the betterment of all users of it. The development of a standard should be supported by the funds which would be saved by the existence of a standard.

Note that those who benefit from the existence of a standard is not only the participating companies, but also often the public at large, over a long period of time. This is why the government should contribute to the funds necessary to develop those standards.

If there are standards which would not save enough money for either the companies involved or the public at large, those standards have no business being developed.


I wholeheartedly agree. But the moment we get to government, we ran into politics. And this isn't local government either but International level. And navigating government and politics is about hundreds times harder than getting companies to together and donate. Which in itself is no small feat.

On one hand I wish a single government, EU or US will fund the whole thing and be proud and say it is such a pathetic small amount of money for so much good we are doing it anyway. Gets point for some international recognition or political power or whatever politicians wants.

On the other hand you know this wont happen.


And maybe we should have to navigate the legitimately elected international governments over standards that almost always slant the field.


I would add that sometimes you would want to know what actual tests are made on something in order to classify it according to the relevant ISO norm.

Here is an example for fire resistant classification:

https://news.ycombinator.com/item?id=17587770


As any unlimitedly editable documents this one has been vandalized :( there is no more point to visit it.


If you click view mode in the top right the original is shown. Suggestion mode, not edit mode is enabled.

Edit: I scrolled down and saw a picture of a very young child (clothed thankfully) and a decapitated penis. I would suggest people avoid the document


Cleaned it up. Sigh.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: