Behind the ISO Curtain

When people ask me what I do at Microsoft, in the style of one of “the Bobs” in Office Space posing the question “What would you say ya do here?”, I point them to things like the SDL, the SDL Pro Network, which I manage, or MSVR, which I founded and is now managed by Adrian Stone over in MSRC.  Someday, in the next 2-3 years, I’ll also be able to point to an ISO standard. Never in my 9 lives would I have expected to say that at all, let alone with such passion and enthusiasm.

To my friends who have known me for many years, via hacker-spaces, hacker cons, soldering a Theremin in the desert, and marching with penguins, this may come as a shock. Even the fact that I came to work at Microsoft was less shocking than this.  Katie (AKA k8e), turned policy wonk?!  No way!! 


Working with ISO has been one of the most exciting (yes, you heard me) things I’ve done in my career.  Seriously.

One may think it’s boring, poring over standards drafts, looking up arcane directives about formatting terms and definitions (okay, that last part *is* a total snooze-fest), but the fact that I get to help pen part of what will be adopted as The Way to Do Things for many people around the world is exciting in and of itself.  Even that micro-slice of influence is nothing compared to the excitement of actually being there, in the twice-annual ISO meetings, hosted by rotating member nations around the world. This last meeting was hosted by the US and held at the Microsoft Conference Center, a convenient commute for me.  The previous two meetings took me to Beijing, China this past May and Limassol, Cyprus in October 2008 – the latter while 35 weeks pregnant. (Note to self: No more traveling in the form and shape of a manatee. I was thrice thrown whole raw fish, which was just a waste since pregnant women are not supposed to consume sushi, and once nearly captured and relocated by helicopter airlift to a cove in the Mediterranean to wallow in freakish misery with other large sea mammals.)

ISO meetings themselves are actually gripping microcosms of humanity.  Subtract the long sonorous stretches of Old Men Yelling at Clouds and you have yourself, as one friend put it, the UN of geeks.  It was beautiful and terrible, full of quiet riots, politics and poetry, kindness and cunning.  The real human drama that goes on has enough juice from which to squeeze a best-selling novel (working title: Bombasts and Bloviates – Policy Poetry and Pugnacious Punditry).  And yet there is a true heart to all of this; an unmistakable human element in what an outsider may otherwise assume is all sterile and businesslike in its formality of process.  We observed a somber and sincere minute of silence at the start of our working group plenary session to mark the passing of a dear friend and colleague who had been involved in SC27 since the beginning, an act clearly demonstrating how these people have really formed a community not only of experts, but of friends.

Over the past two years since joining Microsoft, I have been providing technical comments to an ISO draft standard on Responsible Vulnerability Disclosure.  I have made friends across nations and across companies in my service as a subject matter expert for this topic in the international meetings on behalf of the US National Body.  This past meeting, I was suddenly, unexpectedly asked to do much more.  The editor was indisposed due to illness and on Tuesday morning, day two of the ISO meeting and two hours before the ad hoc editing sessions began, I was asked to fill in as acting editor on the draft.

Suddenly being an acting editor for an ISO draft is like being thrown from a plane with a sufficient amount of silk thread to weave a parachute.  While success is a remote possibility, the sheer amount of work you have to do before you hit the ground (i.e. run out of time before the working group takes a vote at the end of the week) is astronomical.

We had roughly 245 comments to wade through, mostly technical, spanning nearly 80 pages on a standards draft that is a scant 12 pages including annexes.  New countries that had never provided comments on the two working drafts prior to this third draft had emerged as major players in the discussion. At its peak volume, around 15 experts from about 8 different national bodies attended the editing sessions – twice as many individuals as had ever participated in person before — and they all had an opinion. 

Herding cats would have been easier.  We had to get consensus or at least majority agreement on everything from major concepts at the heart of disclosure, to the structure of the draft, to minute wording and definitions.  Somehow, likely because I was a merciless taskmaster who forced them all to show up early, stay late, and work through lunch, we got through all 245 comments in time for the working group vote. My heartfelt thanks go to all the participants, even those who argued the most.  Though we may not all be birds of a feather, we couldn’t have produced something as balanced and truly international without all of us there.

My work for this meeting done, I handed over the disposition of comments (the document that serves as the editor’s instructions on the changes that were agreed upon by all participating national bodies for the next iteration of the standard draft) to the editor, who was feeling much better.  I felt relief and pride that I had been able to wade through such a pungent mix of policy and personality to create something I can point to one day and say: I helped make that.  

For the ISO participants, see you all in Malaysia next spring.  I’ll be coming in hot, fresh from my trial by fire immersion in the ISO experience.  For the rest of you who may have been (or may never have been) curious about what really happens at ISO, now you know.  Standards themselves may be a dry subject, but standards meetings are anything but boring.