Past Issues of Government Technology

What is Government's Role in IT Standards?

State and local governments must set standards to best utilize information technology. But setting these standards is more than just finding "the one best way."

by / May 31, 1996 0
In his recent book entitled The Road Ahead, Microsoft Chairman Bill Gates argued that government should get out of the standards setting business. He states, "Sometimes governments or committees set standards intended to promote compatibility. These are called 'de jure' standards and have the force of law. Many of the most successful standards, however, are 'de facto': ones the market discovers ... they work, and most customers will stick with those standards unless something dramatically better comes along."

Are Gates' points correct? Should standards be driven by de facto processes, where consumers choose the winners? Or conversely, is there a role for de jure standards, where standards-setting bodies like the IEEE and ANSI establish protocols and practices around which a variety of organizations can develop systems?

In rapidly changing information technology, it has most often been the case that standards have followed innovation, in a process akin to Gates' de facto model. However, within organizations struggling to adopt and utilize information technology, a de facto model may not be most efficient. Nor may it be possible, given resource constraints, to decentralize decision making about information technology.

The following explores some of the uses and reasons for internal organization and enterprisewide standards and policies, and discusses standards within a broader context.

ENTERPRISEWIDE IRM STANDARDS
By settling on a limited number of standards based on open systems principles, states can move agencies and partners toward an environment where information can be easily shared and manipulated across traditional agency boundaries. Within agencies, standards can also assist in information exchange, as well as helping develop key infrastructures such as e-mail and communications networks necessary to support intra-agency communications. In addition, standardization can improve the purchasing power of government and decrease governmental costs in the procurement arena, since requests for proposals can be streamlined and mass purchases negotiated based on established standards.

On the other hand, standardization without constant monitoring and modification to respond to the rapidly changing landscape of information technology can leave the enterprise in a backwater created by overly rigid standards. For instance, the Connecticut strategic plan references the Government Open Systems Interconnection Profile (GOSIP) as an example of federal government standards which support interconnectivity. Unfortunately, the GOSIP standard was mandated for adoption by federal government agencies and then hastily withdrawn when it was determined that full support of GOSIP would entail significant additional costs for government agencies and vendors.

To deal with the problem of balancing standardization and change, some states have identified levels of standardization such as Present Standards, Interim Standards and Strategic Directions. This recognizes the distinction between standards which have "stood the test of time" and are well embedded in products and information architectures, and those developing standards toward which the industry is moving.

ENTERPRISEWIDE IRM POLICIES
The establishment of a strategic direction for information resource management involves more than the standardization of information technology architectures. It also requires clear policies for the management, use and sharing of information.

Information policies can cover a broad range of information resource management issues including implementation, business and management activities, access to information, software control, Internet security, network connectivity and project management software standards. In New York, the state Archives and Records Administration's record retention policies, advisory documents regarding the legal admissibility of electronic records, and proposed e-mail standards serve as excellent models of enterprisewide policies.

Like IT standards, policies vary depending on the level to which agencies are required to adhere to their strictures. For instance, legislation might mandate certain policies (such as freedom of information requirements). Certain standards may also be mandated by the actions of policy-setting bodies. On the other hand, policies for which there is no current consensus as to the appropriateness for general applicability can be labeled as "advisory," or "guidelines," similar to the establishment of different standards levels.

Key determining factors in the establishment of enterprisewide policies should be:

Is such a policy required to meet legal mandates?
Do the benefits (with respect to more efficient, effective and/or equitable management of information) outweigh the costs (implementation and loss of agency-level flexibility) required to standardize the activities across government?
Are the policy makers getting sufficient input from those affected to avoid hidden costs and other unintended negative effects?
SEPARATING OPERATIONS AND REGULATION
As indicated above, a compelling argument can be made for the development of flexible standards and policies within agencies and enterprises like New York's state and local government network. But what of government's larger role, as regulator of the information technology marketplace? Bill Gates' comments notwithstanding, is there a role for governmental and other standard making bodies? How organizations respond to this question often hinges on their ability to control a segment of the marketplace.

From one perspective, Gates' view is understandable. Since Microsoft controls a large portion of microcomputer-based operating systems, any government attempt to apply open standards in this area would potentially lead to a diminution of Microsoft's control of the operating system layer of microcomputer architecture. This in turn would decrease Microsoft's ability to control the direction of innovation.

Ann Senn, in her book Open Systems for Better Business, argues that there are three key groups of players in industrywide standard setting. They are:

Standard Creators: Open organizations which define and approve standards through consensus-building processes that may vary in time from 12 months to several years, depending on the relative strengths of various vendors in the area under standards review, the level of detail required for standards adoption, and the level of contention due to competing standards in a particular area.
Standards Adopters/Integrators: Organizations made up of technology manufacturers and suppliers, which work to adopt, endorse and commission standards. The job of these bodies is to integrate standards development across different architectural layers, and to ensure that efforts do not conflict.
Standards Influencers: Technology manufacturers, suppliers or users who have a stake in standards development. These may include large organizations with a commanding position in a particular segment of the market, small organizations supporting vendor-neutral standards to level the market's "playing field," or large users such as governments or industry groups with significant stakes in the development of standards.
The interplay between these three groups leads to the development of industry standards. As can be gathered by the large number of stakeholders, standard setting cannot be viewed as a simple process of finding "the one best way," but as a political process where different needs are negotiated. In fact, the process often leads to the development of one of three types of standards: those that are minimal and embody only the areas of easy agreement; compromise standards which arise from competing interests but which are viewed as useful across all implementations; and maximal standards, which build upon existing products to develop a new standard that exceeds the capabilities of all existing methods.

As indicated above, the role of government may most often be that of a large, influential user. This would leave government outside the standard-setting area, except for the following cases:

Monopoly: A single vendor's standard threatens to establish an unbreakable monopoly in one or more areas, basically canceling out market mechanisms.
Equity and Access: A standard limits access to information services to a particular segment of the public.
Government as Technology Developer: In some cases, government agencies may have expertise or interest equal or superior to other organizations in a particular application or technology area, making the government agency a key definer of a particular standard.
National Security and Law Enforcement: The establishment or change to particular standards may positively or negatively affect governmental security and law enforcement capabilities. The recent deliberations over Clipper chips and encryption standards were examples of this.
The issue of how and why government should be involved with information standards and policies is not straightforward, and may vary depending on a person's view of the rightful place of government in the marketplace. While Bill Gates makes a persuasive argument for being wary of governmental over-involvement in standards setting, governments must carefully balance their role as customer for information technology against their potentially more powerful and arguably less appropriate role as standards arbiter.

This article was reprinted with permission from the January 1996 issue of Open Forum, a regular publication of the NYS Forum for Information Resource Management. For further information, contact Executive Director Terrence A. Maxwell at 518/443-5001.


*