1. IESG/*:
> 3. To not require individuals to disclose or prove their identity.
This is interesting. I like it, but i was not aware we had this principle so
far, and i worry how we would be able to exercise any restricted access methods
in face of this goal. So would love to understand it better.
2. Stephen:
Fully support your goal on this one, but could you please consider
to suggest (like Brian did) text that would solve your requiremment ?
for example "restrict an individual from using IETF IT systems beyond use permitted anonymously."
...would imho potentially prohibit explicit filtering of sender addresses for emails - i fear.
I'd imagine our IETF toolset wouldn't be different than that of other online platforms:
a) first remove content upon request or advise by legal - after the fact
(USA Safe-Harbor, Notice-and-Takedown etc. pp.)
b) Proactively block content creation by known problematic originating
network identities (email addresses)
c) File lawsuits against John Doe when a) and b) do not suffice because
the attacker constantly changes network identities.
(to protect platform against lawsuits itself).
If we would agree on the toolset of actions that legal recommends us to apply,
it would be a lot easier to vet if/how the proposed principles are keeping that
toolset feasible - instead of making it infeasible.
Cheers
Toerless
On Tue, Oct 11, 2022 at 09:11:35PM +0100, Stephen Farrell wrote:
>
> Hi,
>
> I've a question about the meaning of "restrict an individual
> from using IETF IT systems."
>
> The question: does unauthenticated read access to the web
> site constitute using an IETF IT system?
>
> Can I be assured the ability to restrict some person will
> not require changes (such as tracking) that affect other
> persons? IOW, I'd like reassurance that this won't cause
> vast swathes of the IETF web sites to require authentication
> or to attempt user identification via other means.
>
> I'd prefer if this were clear(er) in the text.
>
> Thanks,
> S.
>
> On 11/10/2022 12:58, IETF Chair wrote:
> > Based on the IETF LLC consultation on restricting participant access to IETF
> > systems [1], the IESG has reviewed the draft policy produced by the IETF LLC.
> > Implementation of this policy would take the form of publishing an IESG
> > statement. The text of this proposed IESG statement is included below.
> >
> > The IESG plans to make a decision in the next few weeks, and solicits final
> > comments on this statement. Please send substantive comments to the IESG at
> > iesg@xxxxxxxx by 2022-11-25.
> >
> > Lars Eggert
> > IETF Chair, on behalf of the IESG
> >
> > [1] https://mailarchive.ietf.org/arch/msg/ietf-announce/_wXvXf0Datm4PFckr51_VXCJCvc
> >
> > --
> >
> > Statement on Restricting Access (Draft)
> >
> > In discussions with IETF counsel, a number of potential circumstances have been
> > identified under which the IESG will be advised by counsel to restrict an
> > individual from using IETF IT systems and/or from participating in an IETF
> > meeting, as not doing so would expose the IETF to serious legal risk.
> >
> > The IESG expects that it will follow the advice of counsel and restrict access
> > and/or restrict participation, and provides this statement to set out in advance
> > the principles and procedural guidelines it will follow in taking such an
> > action.
> >
> > The circumstances currently identified under which such legal advice may be
> > provided are as follows. This is not an exhaustive list and this statement will
> > apply under any circumstance where legal advice of this nature is received:
> >
> > 1. When ordered to do so by a court that has jurisdiction over the IETF.
> >
> > 2. If an individual concerned is using those systems or meetings to threaten or
> > otherwise seriously harass someone.
> >
> > 3. If an individual repeatedly shares copyrighted material through IETF IT
> > systems or at IETF meetings that they do not have authority to share.
> >
> > The principles that the IESG will aim to maintain from the outset are as
> > follows. These principles are listed in order of priority and where a conflict
> > between them arises, the higher priority principle will take precedence:
> >
> > 1. To comply with the law and mitigate any serious legal risk to the IETF.
> >
> > 2. To preserve, as far as is possible, the integrity of the standards process.
> >
> > 3. To not require individuals to disclose or prove their identity.
> >
> > 4. To only act as necessary to mitigate the serious legal risk and to avoid any
> > over-reach.
> >
> > 5. To be fully transparent with the IETF community about the action taken, the
> > reasons why, and who is affected.
> >
> > Some examples of a conflict between the principles are:
> >
> > * Where a court order instructs us to keep an action secret.
> >
> > * Where identifying an individual being acted against is considered likely to
> > lead to an escalation of their harassment.
> >
> > The following procedural guidelines will be used when action is taken, unless
> > overridden by the principles above:
> >
> > 1. The IESG will consult with other parts of the IETF as needed, including the
> > Ombudsteam, the IRTF Chair, IETF LLC or any affected participants.
> >
> > 2. If the identity of an individual is reasonably well established, then the
> > restriction will be against the individual, but if it is not, the restriction
> > will be limited to their identifiers (e.g., usernames or email addresses).
> >
> > 3. If the restriction can reasonably be limited to one or more IT systems and/or
> > forms of participation, then it will be, unless there is an expectation that
> > broader restrictions will inevitably be required.
> >
> > 4. An individual will be notified of the IESG action by counsel and is expected
> > to only correspond with counsel, not the IESG or others, on this matter.
> >
> > 5. An action will be announced to the ietf-announce mailing list and a public
> > record will be kept on the IETF website.
> >
> > In addition, in order to ensure that the IETF is protected by the Safe Harbor
> > regime of the US DMCA, the IETF website will include a page with the following
> > warning alongside the specific contact information required by the DMCA:
> >
> > The IETF reserves the right to terminate the use of IETF IT systems by IETF
> > participants who violate the law by repeat copyright infringement. For full
> > details, see the IESG Statement on Restricting Access. [link to be added].
> > _______________________________________________
> > IETF-Announce mailing list
> > IETF-Announce@xxxxxxxx
> > https://www.ietf.org/mailman/listinfo/ietf-announce
--
---
tte@xxxxxxxxx
