--On Wednesday, September 1, 2021 16:56 +0200 JORDI PALET MARTINEZ <jordi.palet=40consulintel.es@xxxxxxxxxxxxxx> wrote: > Hi Michael, > > I don't think your view point is the right one. Let me try to > explain and formulate the questions in a different way. > > If any participant from an US company has their own rules > regarding insurance, they may opt to not travel to an meeting > in a given country *regardless* of being IETF or something > else. > > What I heard in previous discussions, is that the IETF is > subjected to rules about insurance that mandate following the > US CDC listings. > > The question is very simple: > > 1) If that's correct, can the LLC point to exact US laws that > say that? > 2) If that's not correct, and it is due to insurance > rules, can it be justified that there are no other insurance > options? 3) If either 1 or 2 are the responses to this, shall > we consider an alternative jurisdiction for the LLC? And, this > is the key question after all: > 4) If we have a hosting country/venue that is not listed as > "acceptable" and this specific criteria is not matched, will > be the meeting taking place or not? Jordi, I was hoping someone else would respond to the more general part of this question, but no, so here goes. I don't think any of what follows is inconsistent with Michael's response to your note quotes above; just a different perspective on the same issue. IANAL, but I have spent some time dealing with insurance companies, including special risk underwriters, and trying to understand the statistical risk assessments on which willingness to insure and rates are ultimately based. While neither RFC 8717 nor 8718 appear to mention insurance among the criteria, I suppose it is safe to assume that, were an insurer come to the IETF and say, e.g., "if one of your meetings turns into a superspreader event, there will be no coverage for either the LLC or individual IESG or LLC Board members being sued over the irresponsible decision", there would be no f2f meeting. Let me try to move this up a level from "one country is better than another" discussions. It may be worth putting the questions of what governments do aside and concentrate on the insurance companies. The latter may be driven by political and economic considerations (judging from the last 18 months, some more than others, but maybe not consistently). The insurance companies are fairly rational and predictable -- staying in business depends on getting risk assessments and cost of losses right. First, they are in the business of assessing risk and writing policies and charging fees that reflect those risks and allow them to make sufficient profits to stay in business in the long run. Unsurprisingly, there is normally a fair amount of uniformity among insurance companies who offer to cover similar risks under similar conditions for similar prices. There is also a matter of assessing whether a particular potential insurer is solvent enough and honest enough that they will actually pay if there is a loss, but I hope we can agree that Jay is almost certainly better at making that assessment than either of us. One can typically get, for example, much higher risk situations covered, but, again typically, at very exciting prices. Now, there may or may not be specific US rules that said "insurance companies can't write policies unless the policy holder agrees to follow CDC guidelines". I suspect that such laws or regulations do not exist but it really makes no difference. The insurers are still going to write policies that require the insured to behave in a way that is consistent with generally available guidelines in the country(ies) in which the insured, the insurer, or both operate because, from the standpoint of protecting themselves from the risk of losses and potential expensive litigation over them, it just makes statistical sense. Could one find a special risks insurer who would write a policy that would protect the IETF LLC and all the the IETF leadership even if such advice were ignored? Probably, but I would assume, based on a bit of experience dealing with special risk underwriters long ago, that Jay and the LLC Board would take one look at the price quote and decide it was impossible (I have no idea whether they would decide that the community needed to be consulted about that decision, but I'd be surprised if the answer was different either way). The same issues would apply to US companies including MS unless the IETF were indemnifying them, and non-US companies considering having employees attend IETF meetings (you will note that I did not say "IETF meetings in the US") at least unless those companies did no business and had no representatives in the US. The questions for their insurers are about what the risks are and how they protect themselves. So, now consider moving the LLC out of the US and into some other country. I don't even know how to estimate how hard that would be but assume it would be very difficult. For starters, remember that the establishment of the LLC involved what amounted to legal incorporation in the US as an ISOC entity (however arms-length). ISOC itself is incorporated and chartered in the US (that is probably not the exact legal terminology, but I'm confident it is close enough). Could it be done? Possibly but I'd guess it would be complicated, would require new legal documentation and agreements, including agreements from ISOC, and might require going through an IASA2bis process to make sure document provisions and terminology were all still aligned. Very expensive, including in the costs of the IETF not getting technical work done, and I think we would really have to be convinced that the real, substantive, benefits --not just escaping some US rules on principle-- would be considerable and would outweigh any risks of large contributors going away. Remember, for example, that contributions to organizations considered non-profits in the US generally have tax benefits to US-based companies while donations to foreign entities generally do not (there are important exceptions, but they might re-entangle one with US regulations and risks). I think a realistic guess is "not going to happen". But suppose it did. Then we would find out that every country has its own rules or lack thereof and, even if we just look at the last year, those rules change over time ...maybe in ways that can be predicted and maybe not. From what I read in the news, the EU is making different recommendations now than they made six months ago. So is WHO. And individual countries are adapting their rules in different ways. Lockdowns and rules about international travel (who gets to come in and or leave and under what restrictions) come and go. Could we see some national rules and guidelines about how many doses (or even what vaccines) count, change over the next year? Noting that different countries have different vaccines available and may not recognize some that they do not use as valid, we are partway there already. I hope things won't get worse and more complicated, but I would not want to bet against it. And, even if one wants to ignore governments or brand some as even less reasonable than others, that brings me back to those insurance companies. For obvious reasons, they don't like risks they cannot quantify or constrain and will try to protect themselves by either inventing restrictive rules of their own or picking one or more sets of rules to follow. And the worst nightmare for those wanting f2f meetings in particular locations is not that they pick one set of onerous national rules but that they decide to someone combine many sets of national rules together, making the most restrictive choices where rules conflict or overlap. That brings me back to a variation on Brian's comment. COVID-19 is likely to be with us for a long time. Barring some really major breakthroughs that will stop it (perhaps ones that do not even require a cure for stupidity), Delta may be succeeded by even more virulent (perhaps on different dimensions) Epsilon, Zeta, or Eta. Given that, I think we, sooner or later, either abandon the idea of f2f meetings entirely rather than going through the motions of "nope, not the next one either" for each scheduled meeting. Or we make a possibly-arbitrary decision to move today meetings with a large fraction of participants online (whether we call them hybrid or not) and, in all likelihood, a shifting population of those who attend f2f based on applicable national company and national recommendations and the ebb and flow of infections and countermeasures. best, john . > > Tks!