Standards & Technology

A Look Behind the Scenes

How to Validate Information

The almost ephemeral nature of information that exists only electronically makes validating it a thorny issue.

By Carl Cargill

In the July issue, I discussed the idea that standardization in the operating system arena is generally completed and that momentum--subtle for the moment--is moving away from technologies such as operating systems to the "use of information." Although I am not sure exactly how this standardization activity is going to be accomplished, I believe that several scenarios are definitely not going to be viable candidates.

To begin with, the idea of standardization of the use of information is loaded with cultural baggage, bringing up shades of censorship and thought control. Yet the concept is much simpler than that. Essentially, the principle is that there has to be a way to validate data before you use it. People do this constantly now; however, it is done instinctively and, usually, intuitively. People tend to trust encyclopedias and dictionaries more than tabloid newspapers. At the same time, everyone remembers writing term papers in which you disguised a source or made up a quote, reasoning that even if a person hadn't said such a thing, they should have. All of this is part of the process of judging the value of information.

The reason that this issue now comes to the forefront of the standardization arena is that, with the advent of the Internet, intranets and the World Wide Web, we have the ability to "make up quotes" that can impact not only a term paper but the entire world, if told boldly enough. In The Count of Monte Cristo, Alexandre Dumas described how the count bribed a semaphore operator to change a message, indicating that Spain had revolted. By manipulating the transmission of the data, the count managed to manipulate the information that was derived from the data. This corrupted the "knowledge base" of the Baron Danglers, an old rival of the count's, whom the count knew had "inside sources." This, in turn, led to Danglers' losing several million francs in the ensuing momentary panic and market correction.

Standardizing Processes

I cite this story here not only because it is one of my favorites but because it is a theme that has been repeated endlessly over several millennia. However, earlier times did not have the Internet, over 30,000 Usenet groups and some fantastic number of Web sites. (The only parallel is probably the invention of movable type and the incredible growth in books that occurred in the century from 1450 to 1550 in Europe. While this was a century of intellectual growth, the century following this saw the Inquisition, the Thirty Years' War, the Reformation and the Counter-Reformation.)

The problem with the Web, the Internet and intranets is that there is no ability to judge the validity of the information that is being offered. With printed material, one feels that at least somebody in authority had to review it. A similar assurance does not exist with electronic information, which may go straight to the Net from the originator's keyboard or another unregulated source.

Thus, the question becomes, How do you validate information on the Web? People typically have looked to a "standard" of some type for this kind of assurance. The medieval guilds--some of the first standardization organizations--put "hallmarks" on merchandise that met guild specifications for quality. Or in today's world, ISO 9000 is a form of information standardization. The ISO 9000 certificate tells the user of a product or service that the organization owning the certificate has passed a series of tests that are generally indicative of an organization that has a quality program in place. It is a statement of "ostensible conformance"; it doesn't really guarantee anything.

In my January column, I mentioned a possible future standardization activity in Europe--the standardization of services. It is one of the many standardization initiatives that looks at a process, not a product. Fundamentally, the ISO 9000 and the ISO 14000 are about the standardization of management processes. Information is the ultimate raison d'être for management and, one would assume, given the European predilection for creating standards as an adjunct to regulation, a simple step for a standardization activity.

Information Use Standards

Before there is a chorus of "He's quite mad, you know," look at the fears of "fraudulent" Web sites and the negative impact that this could have on Web commerce. There is already talk of a Better Business Bureau type of arrangement, in which sites doing commerce on the Web would display a "seal of approval" that would give users of the site confidence that they are doing business with a "respectable" firm. This is, in effect, a form of information use standardization, as it would require standardization to structure exactly what the requirements for obtaining the "seal" would be. (It could also be regarded as a form of censorship and regulation, but one that sites impose upon themselves for the sake of commerce.)

Extending the idea only slightly, it would not be hard to imagine that information providers might want the same type of seal of authenticity that would follow their work, providing a sort of imprimatur that guarantees the quality of their work and allows them to charge a premium for it. Consultants already know and exploit this principle; a report from a consultant usually has higher perceived value than a superior analysis done by an in-house expert merely because the consultant has "branded" his information.

So, if this type of standardization is about to begin, where will it happen? To begin with, it probably won't happen in any of the extant groups. The Open Group is composed of providers who are looking at technology, not content. The Internet Engineering Task Force does not feel that the actual use is a special concern, except as it impacts the capability or capacity of the Internet. The World Wide Web Consortium is looking at usage, the technology and other things, but with a staff of less than 20 it is too small to effectively manage such a process. CommerceNet might try, but it's just in the process of redefining itself. ISO moves too slowly. So, before the regulatory bodies can act, the problem will probably be solved.

Standardization activities in the quality of information (the first step in standardizing the use of information) will probably be benign at first--something like the Good Housekeeping Seal of Approval, which was established by Good Housekeeping magazine to validate the advertisements that appeared in it. Rather than have "Mikey's Seal of Approval," the market will probably seek something like "Informatics Association Approved," indicating that the originating organization had a degree of rigor in creating its information. (With the ability to cross-reference sites on the Web, it would be rather simple to prevent extensive fraud.) The validation process would be interesting at first--probably a signed pledge card or something--but market pressures will force a higher and higher ante in this game.

The most interesting thing about the organization that creates these standards is that it will not be a creature of the information technology industry but rather a creation of businesses who need the assurances that this type of organization can bring. It represents a shift from being technology focused to activity focused, and the activity of information management is the core competency for many businesses. Validating the essential feedstock of the business is a basic requirement, and the breeding place for standardization is almost always at the lowest level in the event chain. Look for the Informatics Association Seal of Approval to appear on Web sites sometime--probably a lot sooner than most people had hoped. It's a new growth industry, and it will be owned by the first people who can determine how to standardize it.

Carl Cargill is standards program manager at Netscape Communications in Mountain View, CA. He can be reached at