Hi,
I have some comments on the list of principles and their ordering:
2. To preserve, as far as is possible, the integrity of the standards process.
I would very much like to see this saying:
2. To preserve, as far as is possible, the integrity and openness of the standards process.
because we cannot tolerate anything that damages our open process.
In fact, there is a strong case for raising transparency (#5) to #2. Related
to that, there is an ambiguity here:
* Where identifying an individual being acted against is considered likely to
lead to an escalation of their harassment.
Does that means harassment of the individual by some other party, or harassment
of some other party by the indvidual? Either way, this would be a conflict between
transparency and privacy. I think that you need to subdivide #5 to make this
conflict easier to identify:
5a. To be fully transparent with the IETF community about the action taken, and
the reasons why.
5b. To be fully transparent with the IETF community about who is affected.
You could then safely put #5a as #2. You would end up with this:
1. To comply with the law and mitigate any serious legal risk to the IETF.
2. To be fully transparent with the IETF community about the action taken, and
the reasons why.
3. To preserve, as far as is possible, the integrity and openness of the
standards process.
4. To not require individuals to disclose or prove their identity.
5. To be fully transparent with the IETF community about who is affected.
6. To only act as necessary to mitigate the serious legal risk and to avoid any
over-reach.
Regards
Brian Carpenter
On 12-Oct-22 00:58, IETF Chair wrote:
Based on the IETF LLC consultation on restricting participant access to IETF
systems [1], the IESG has reviewed the draft policy produced by the IETF LLC.
Implementation of this policy would take the form of publishing an IESG
statement. The text of this proposed IESG statement is included below.
The IESG plans to make a decision in the next few weeks, and solicits final
comments on this statement. Please send substantive comments to the IESG at
iesg@xxxxxxxx by 2022-11-25.
Lars Eggert
IETF Chair, on behalf of the IESG
[1] https://mailarchive.ietf.org/arch/msg/ietf-announce/_wXvXf0Datm4PFckr51_VXCJCvc
--
Statement on Restricting Access (Draft)
In discussions with IETF counsel, a number of potential circumstances have been
identified under which the IESG will be advised by counsel to restrict an
individual from using IETF IT systems and/or from participating in an IETF
meeting, as not doing so would expose the IETF to serious legal risk.
The IESG expects that it will follow the advice of counsel and restrict access
and/or restrict participation, and provides this statement to set out in advance
the principles and procedural guidelines it will follow in taking such an
action.
The circumstances currently identified under which such legal advice may be
provided are as follows. This is not an exhaustive list and this statement will
apply under any circumstance where legal advice of this nature is received:
1. When ordered to do so by a court that has jurisdiction over the IETF.
2. If an individual concerned is using those systems or meetings to threaten or
otherwise seriously harass someone.
3. If an individual repeatedly shares copyrighted material through IETF IT
systems or at IETF meetings that they do not have authority to share.
The principles that the IESG will aim to maintain from the outset are as
follows. These principles are listed in order of priority and where a conflict
between them arises, the higher priority principle will take precedence:
1. To comply with the law and mitigate any serious legal risk to the IETF.
2. To preserve, as far as is possible, the integrity of the standards process.
3. To not require individuals to disclose or prove their identity.
4. To only act as necessary to mitigate the serious legal risk and to avoid any
over-reach.
5. To be fully transparent with the IETF community about the action taken, the
reasons why, and who is affected.
Some examples of a conflict between the principles are:
* Where a court order instructs us to keep an action secret.
* Where identifying an individual being acted against is considered likely to
lead to an escalation of their harassment.
The following procedural guidelines will be used when action is taken, unless
overridden by the principles above:
1. The IESG will consult with other parts of the IETF as needed, including the
Ombudsteam, the IRTF Chair, IETF LLC or any affected participants.
2. If the identity of an individual is reasonably well established, then the
restriction will be against the individual, but if it is not, the restriction
will be limited to their identifiers (e.g., usernames or email addresses).
3. If the restriction can reasonably be limited to one or more IT systems and/or
forms of participation, then it will be, unless there is an expectation that
broader restrictions will inevitably be required.
4. An individual will be notified of the IESG action by counsel and is expected
to only correspond with counsel, not the IESG or others, on this matter.
5. An action will be announced to the ietf-announce mailing list and a public
record will be kept on the IETF website.
In addition, in order to ensure that the IETF is protected by the Safe Harbor
regime of the US DMCA, the IETF website will include a page with the following
warning alongside the specific contact information required by the DMCA:
The IETF reserves the right to terminate the use of IETF IT systems by IETF
participants who violate the law by repeat copyright infringement. For full
details, see the IESG Statement on Restricting Access. [link to be added].
_______________________________________________
IETF-Announce mailing list
IETF-Announce@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf-announce
