IETF subpoena processes update and a request

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Occasionally the IETF is served with a subpoena, typically to assist
finding prior art, documents and list discussions, in an effort to 
resolve patent disputes. We encourage everyone to just use our 
publicly available resources instead of formal requests, but we 
do get a few subpoenas every year. The IETF charges a fee 
for the service. The IETF makes these civil subpoenas and 
the primary response public at [1].

The IAOC Legal Committee has identified two issues with the 
existing procedures [2]. First off, practices have evolved somewhat
since the procedures were last updated in 2007, and are out of 
date. For instance, the subpoenas are today handled by IETF Legal
Counsel, the Legal Committee Chair, the IAD and record custodians
such as the Secretariat and the RFC Publisher. Others, such as the
IETF Chair are not usually involved, despite what the existing 
procedures say.

Secondly, due to a recent request that we received, we now
realize that the existing procedures for the publication of 
subpoenas do not address situations where we might be 
ordered or requested by law enforcement authorities to not 
post the subpoena and response. These may include cases
where a subpoena identifies a person or a company. These
are criminal rather than civil cases. We do not think it is 
necessarily obvious what we should do here. For instance, 
it might not be the right thing from the privacy point to 
post details of requests that identify a person. There are
more cases, and some tradeoffs to consider.

Large Internet companies that hold user data have developed
policies to deal with some of these issues. The IETF’s situation
is of course somewhat different. For instance, most data that
the IETF has is publicly visible anyway. There’s some additional
data of course, and even for the public data our ability to vouch
for the authenticity of, e.g., an Internet-Draft from a given year
can be important. And of course, unlike the large Internet
companies, our legal department consists of much smaller
force, at least in terms of number of people :-)

The IAOC legal committee believes that we need two things.
First, we need an update of the procedures in general, which
is largely an internal organisational matter. Secondly, we need
to develop a policy to answer the cases where confidentiality
is either requested by law enforcement authorities or is 
otherwise the right thing. This is a policy question which we
believe is best answered through community opinion, and
obviously also careful legal review.

The plan is for the Legal committee to do two things this
spring. First develop and post the general update, which we
post to the community for information and feedback. Second,
develop an initial approach regarding an answer to the policy
question and post it to the community for discussion. Please
participate in that discussion — we’ll send details about where
and how when we post the initial proposal. Once the community
discussion comes to a conclusion, we will adopt the policy as
defined by the community and the legal situation. If anyone
has input on this topic, let us know. It is also fine to send
suggestions before the proposal is posted.

Jari Arkko, IETF Chair

[1] https://iaoc.ietf.org/subpoenas.html
[2] https://iaoc.ietf.org/subpoena-procedures.html




[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux