Beleaguered ISO speaker William Levinson is making a fuss over a parody graphic we ran some time ago, which commented on ISO’s impossible-to-comply-with copyright policies, while mashing it up with a Microsoft ad that was running abound the same time. He’s demanding that ISO have me prosecuted, and he’s opened up an entire website in the Bahamas dedicated to trying to have other people arrest and sue me. (Yes, it’s ironic that Levinson is literally violating international trademark and copyright laws by engaging in bad faith “cybersquatting” of an Oxebridge domain name, all while trying to pose as an expert on international trademark and copyright law. But that will all get sorted soon enough.)

(UPDATE 3/21: the Bahamas-based site is now down, immediately after my posting this article, and he’s moved it to a different domain name. Doesn’t matter, since the original site existed and it’s still registered by him, but he will find that out shortly. Whenever someone acts as their own copyright attorney, it’s always fun to watch them self-immolate.)

(UPDATE 4/4: The replacement Levinson site is now blank, too.)

Here’s the graphic which has Levinson’s arteries in full-blown overpump mode:

Levinson claims that this graphic induces people to steal ISO standards, and as a result I should be sued or arrested or catwhipped or something, even though the graphic says nothing of the sort. Nor did the accompanying article in which it appeared. Ignoring Levinson’s utter inability to parse humor, it’s worth further discussion because in reality, 100% of the customers ISO has ever had have violated their copyright policy because — wait for it — it’s batshit.

You see, ISO thinks that by typing the words  “single user license only – copying and networking prohibited” in the footer of a purchased standard they have invoked some sort of legal protections. The problem is that legal protections only work when they are, in fact, legal, and have a realistic chance of being complied with by normal people intending to remain within the law. You can’t, for example, sell a canned product under rules that say “you may not open this can.”  Or imagine a toothpaste that said “don’t use this to brush your teeth,” or gasoline that said “for drinking purposes only.”  These would be ignored routinely, and if the manufacturer challenged it in court, they’d lose, because the restriction contradicts the purpose of the product.

ISO sells its products online, and allows clients to download an official, licensed copy, which is what you have to do to stay legal. But it does so under these ridiculous claims that once you’ve downloaded it, you can’t “network” it, which just shows how little ISO knows about copyright as well as how computers work.

You see, the minute you’ve downloaded the file to your computer, you’ve violated their copyright policy. That’s because in order to download anything, it has to travel through a “network” of servers to get to you. This means it must move out of ISO’s servers, through a nest of IP addresses potentially traveling through a host of countries, until it finally gets to the servers within your internet service provider (ISP). Then, your ISP has to deliver the file from its servers to yours, so it appears on your computer. All of that happens within seconds, of course, but the speed doesn’t negate the fact that it happens.

Furthermore, the typical user of ISO 9001 is a business — it’s a management system standard, after all — which means that it’s likely being purchased by a company employee for company purposes. That means that it will end up on your computer, sure, but your computer is part of your company’s client-server internal network, and subject to the company’s security protocols. Those security protocols likely include automatic backup of not only the files on your local drive, but also your email data file, such as your Outlook PST file. Then there’s the browser cache, which includes a copy of all your downloaded files, until such time as they are overwritten, which can be never. Any single backup, whether intentional or not, whether automatically scheduled or not, creates an unauthorized “copy” of the ISO standard on the “network,” thus violating ISO’s copyright policy.

Now imagine an entirely innocent use case. During an audit, you and your registrar auditor are sitting in the conference room and he asks to see if you’ve bought a copy of ISO 9001, something they actually do. So you fire up the conference room computer, and log into your desktop and show him your legally-purchased standard. The problem is, by doing just that simple task, you violated the copyright policy, because what you’re viewing is not the actual copy you purchased, it’s a copy that has been replicated on the conference room computer, and now resides inside that computer’s RAM and various other Windows caches. You have accidentally “copied and networked” the standard, while trying to prove you didn’t. Sure, the cache clears when the system is rebooted, but even if you reboot immediately after showing the auditor, you still made a copy, even if it only existed for a few minutes. ISO doesn’t allow for any exceptions.

It gets even more ironic. ISO sells multiple standards on information technology security, including its most famous ISO 27000 standard, most of which discuss “backups” as a viable and important tool in the information security arsenal. But according to Geneva, the second you legally purchase a copy of ISO 27001 and try to implement it, you’ve violated ISO copyright policy. No, ISO 27001 doesn’t include a disclaimer “if you follow the requirements of this standard, you will violate international copyright law.” They missed that part.

Heck, even ISO 9001 discusses the need to protect “documented information,” which includes external documents!

ISO has a funny relationship with copyright and trademark, much of it apparently brought on by Holger Gehring, their “Legal Advisor” who — at least in my interaction with him — has a fundamental misunderstanding of how these things work. (I’m still trying to find out if Gehring even went to law school.) For one, he and ISO adopt a “selective enforcement” policy, only enforcing their copyright and trademark against those that they don’t like, or those that criticize ISO, while ignoring enforcement among the vast sea of those they either aren’t aware of, or those they support. Take a look, for example, of how SP Management Solutions openly uses the ISO logo on their website without a peep from Gehring or Geneva. Ditto for thousands of other websites, and it’s been this way for decades. Yet ISO has tried to prevent Oxebridge not only from using its logo in protected “fair use” cases (such as reporting) but also for parody, which is protected free speech upheld by multiple US Supreme Court rulings. ISO’s attorneys even went so far as to try and claim that every single instance of “ISO 9001” must be followed by the revision (such as “ISO 9001:2015”) or it was a trademark violation, even though ISO never actually trademarked it. Any person can see within 30 seconds of online glancing that everyone uses the term “ISO 9001” casually, and that ISO has no argument on this.

This is why, by the way, ISO lost both its attempts against Oxebridge to have us remove parody versions of their logos, and to only reference ISO 9001 with the full verbiage. Mr. Levinson, along with trolls Daryl Guberman and “John Peachfarm” of the Elsmar gang, have made great hay out of a 2013 PDF Annual Report issued by ISO’s law firm, which incorrectly stated they were “successful” against Oxebridge, but they fail to mention that the report was withdrawn after Oxebridge raised complaints with the firm and the NY Bar Association. I’m waiting for my retraction and apology, trolls.

It’s not like there’s no solution for ISO. Companies have been distributing software under license for decades — remember shareware? —  and while the endless “terms of service” are painful, they tend to protect the company better than a poorly worded footer statement that won’t hold up in any court of law, anywhere.

So the point of the graphic was to show just how insane ISO’s copyright policy is, in the (perhaps pointless) hope that they’ll get their shit together and come up with an actual policy that works for both itself and its customers. Because the current one is so restrictive, so impossible to comply with, it’s doing no one any good. And that includes ISO itself.

Oxebridge copyright policy for this article: ISO may not reproduce this article in any way whatsoever, including and not limited to, entering it in evidence in any court proceeding, because Oxebridge willed it thus, and then furthermore typed words in a disclaimer, thus establishing a rock-hard legal argument that no lawyer, anywhere, could ever argue, and which no judge, ever, could rule against. Also, Oxebridge declares puppies to the be the national animal of the State of Pennsylvania.


    About Christopher Paris

    Christopher Paris is the founder and VP Operations of Oxebridge. He has over 25 years' experience implementing ISO 9001 and AS9100 systems, and is a vocal advocate for the development and use of standards from the point of view of actual users. He is the author of Surviving ISO 9001:2015. He reviews wines for the irreverent wine blog, Winepisser.