While agreeing with most of what John wrote, I think it is necessary to revisit what actually happened in the Dell patent case that motivates a lot of 'Note Well'.
The FTC suit and subsequent settlement was based on conduct much more egregious than a Dell employee merely being present. The whole point of VESA-Local bus was to find a way round the patented IBM Microchannel architecture. And by the time Dell settled, Intel had come out with the Pentium which made VL-bus unviable as it was tied to peculiarities of the 486.
The patent exposure that comes up most often is entirely unconnected persons making claims over IETF technologies. But another worrying set is cases arising from companies who have built up 'defensive' patent portfolios being liquidated or selling off the portfolio for ready cash.
I am really not at all convinced a judge is going to find the mere attendance of one employee at an IETF meeting to be evidence that the Dell precedent applies. Of course, demonstrating attendance might be the first step in a case.
But the real point of Note Well isn't to provide a remedy if someone tries to take a patented technology and bury it in an IETF standard as a requirement. The real point is to strongly discourage anyone from trying. And that is a slightly different issue because if NastiCorp tells Fred to do that sort of thing, Fred is likely to consider how long he is likely to remain at NastiCorp and what the effect of following the order is likely to have on his prospects of getting his next job.
On Wed, Aug 2, 2023 at 12:18 PM John C Klensin <john-ietf@xxxxxxx> wrote:
(copying the IETF list, and changing the subject line to make
more sense there, per Jay's comment about 117attendees@xxxxxxxx
shutting down)
Jordi,
Independent of the legal niceties and hair-splitting (and Jay's
response is more useful than anything I could stay on those
subjects), it seems to me that your note pushes us toward
another problem: unlike, e.g., the RIRs, one of the IETF's main
functions is to produce standards whose adoption is voluntary.
In practice, that adoption depends on the IETF's credibility as
representing broad perspective as well as doing deep and
balanced technical work. Those considerations cannot be
evaluated without knowing who is participating and, indeed, any
affiliations they might have (such as the identify of employers
who are supporting their participation).
Noting that you said "attendees" and I said "participants" but
that some of the things the Note Well refers to blurs whatever
the difference might be under other circumstances, that gives
the IETF some real reasons for insisting on a public participant
list. If those who are participating can be secret, then it
because impossible to evaluate what might, other than technical
value and correctness, have influenced a particular
specification. That is particularly important when a WG is
faced with choices among a pair of options that are equally
plausible technically but where the choice might affect company
interests differently.
So, your idea (and Vittorio's) about check boxes might be
useful, but perhaps in form closer to the Note Well, i.e., "by
deciding to participate, I recognize, accept, and agreed to, the
IETF's legitimate interest in making a complete list of
attendees public". In other words, if one wants or needs one's
participation to be private/secret, don't come.
That, in turn, raises a number of other questions that I think
we have been circling around for years. Maybe it is time to
address them via an open community discussion leading to a
consensus document rather than avoiding them or nibbling at them
via administrative decisions (such a language on a registration
forms). Things on my list of questions that have come up
directly or indirectly in the last year or so and that we might
try to ask and resolve include:
(1) If one registers to attend an IETF meeting in person, is one
allowed to opt out of the public participants list? If so, is
one allowed to be anonymous in other ways, such as having one's
name obscured on a badge or wearing a hood that covers one's
head and face?
(2) Especially if people are not allowed to attend in-person
IETF meetings anonymously (or without being recorded as being
present), does the same principle apply to online meetings
(including --or not-- remote participation in those in-person
meetings)?
(3) If having one's identity published on a public list is a
condition for in-person attendance, do we need a mechanism for
anonymously attending/ observing meetings remotely in real time?
The current answer to the latter question has been "no, people
wanting to hide their identities that way can always watch the
YouTube videos" but I am not confident that position has
community consensus.
(4) Do we allow Internet-Drafts with anonymous authors? Authors
who provide a working email address but whose identities are
concealed?
(5) Do we allow anonymous participation on IETF mailing lists,
including making comments during IETF Last Call? "Allow" in
this context implies intentionally, not what people might be
able to trick the datatracker login/account process into
accepting. In other words, there is a difference between being
anonymous and participating under an obvious alias, such as of
the "M. Mouse" variety and the questions of whether the latter
is allowed, and how obvious the alias needs to be, are separate
ones.
(6) If someone is entitled to remove their names from public
attendance lists, is someone (else) who captures the participant
list for a particular meeting by screen-scraping the Meetecho
(or other) participant list breaking any rules? Note that,
while registering in Meetecho for a particular session at an
in-person meeting is required (but not enforced), remote
participants have not options other than registering under some
name.
(7) Should we be more or less aggressive about capturing, and
perhaps publishing, affiliations as well as names? Are we
willing to exclude people who have employer or client agreements
that bar them from disclosing that information? If so, when
none of those relationships involve current or plausible IETF
work, would a disclosure of that type be sufficient, or does the
IETF offer potential participants a choice between violating
those agreements and participating (generally or in specific
activities)?
(8) I have deliberately conflated "anonymous" with "do not
desire to have names published or made public" above, but are
there reasons to make distinctions in that area?
thanks,
john
(3) Is the IETF allowed to exclude people from its meetings and
by what mechanism? Can a Posting Rights ban extend to a meeting
participation ban?
--On Wednesday, August 2, 2023 15:38 +0200
"jordi.palet@xxxxxxxxxxxxxxxxxx"
<jordi.palet=40theipv6company.com@xxxxxxxxxxxxxx> wrote:
> Yes (I know that), and not, it all depend on how the data is
> processed …
>
> And anyway, I understand that the attendee list is public, but
> should not be (even if we lose transparency). If I understand
> GDPR nits correctly, attendees should have the right to
> opt-out to the public list. There is also something called
> "right to be forgotten" that imply that an attendee, in
> the future may wish to "vanish".
>
> If I recall correctly, several organizations, that also aim
> for transparency (and I recall some RIRs), have already
> decided to offer the choice, when registering, to appear in
> public or not.
>
> We really should work in that (I'm personally fine being in
> the public list - at least today), because the Data Protection
> Agencies work not only based on claims but also by their own
> decision, so even if there is no bad faith in what we do …
> we can get punished.
>
>
> Regards,
> Jordi
>
> @jordipalet
>
>
>> El 2 ago 2023, a las 15:29, Ted Lemon <mellon@xxxxxxxxx>
>> escribió:
>>
>> The IETF attendee list is public, so it is at least
>> technically possible that this was done without any GDPR
>> violations.
>>
>> Op wo 2 aug 2023 om 06:26 schreef Christian Hopps
>> <chopps@xxxxxxxxxx <mailto:chopps@xxxxxxxxxx>>
>>>
>>> Andrew Newton <andy@xxxxxx <mailto:andy@xxxxxx>> writes:
>>>
>>>
>>> > No good deed goes unpunished.
>>>
>>> Jeez, no kidding.
>>>
>>> Chris.
>>>
>>> > On Wed, Aug 2, 2023 at 8:29 AM
>>> > jordi.palet@xxxxxxxxxxxxxxxxxx
>>> > <mailto:jordi.palet@xxxxxxxxxxxxxxxxxx>
>>> > <jordi.palet=40theipv6company.com@xxxxxxxxxxxxxx
>>> > <mailto:40theipv6company.com@xxxxxxxxxxxxxx>> wrote:
>>> >>
>>> >> wow … that's a clear violation of privacy at least in
>>> >> front of the GDPR for EU citizens and residents. I can
>>> >> mean up to 20 million euros fine for Hilton and IETF,
>>> >> really we want to risk for that?
>>> >>
>>> >> Regards,
>>> >> Jordi
>>> >>
>>> >> @jordipalet
>>> >>
>>> >>
>>> >> El 2 ago 2023, a las 14:24, Jay Daley
>>> >> <exec-director@xxxxxxxx <mailto:exec-director@xxxxxxxx>>
>>> >> escribió:
>>> >>
>>> >>
>>> >>
>>> >> On 2 Aug 2023, at 12:58, jordi.palet@xxxxxxxxxxxxxxxxxx
>>> >> <mailto:jordi.palet@xxxxxxxxxxxxxxxxxx>
>>> >> <jordi.palet=40theipv6company.com@xxxxxxxxxxxxxx
>>> >> <mailto:40theipv6company.com@xxxxxxxxxxxxxx>> wrote:
>>> >>
>>> >> Hi Jay,
>>> >>
>>> >> I'm not sure to understand this part:
>>> >>
>>> >> "any rooms booked at the cheaper rate would still count
>>> >> towards our room block"
>>> >>
>>> >> So even non-IETF participants counted for the IETF block?
>>> >>
>>> >>
>>> >> I don't know the precise process, but in essence our
>>> >> team sat down with the hotel to look through the list of
>>> >> non-IETF bookings that were for the week of the meeting
>>> >> and identified which ones were for our participants based
>>> >> on a match of registered names.
>>>
>>> --
>>> 117attendees mailing list
>>> 117attendees@xxxxxxxx <mailto:117attendees@xxxxxxxx>
>>> https://www.ietf.org/mailman/listinfo/117attendees
>> --
>> 117attendees mailing list
>> 117attendees@xxxxxxxx
>> https://www.ietf.org/mailman/listinfo/117attendees
>
>
>
> **********************************************
> IPv4 is over
> Are you ready for the new Internet ?
> http://www.theipv6company.com
> The IPv6 Company
>
> This electronic message contains information which may be
> privileged or confidential. The information is intended to be
> for the exclusive use of the individual(s) named above and
> further non-explicilty authorized disclosure, copying,
> distribution or use of the contents of this information, even
> if partially, including attached files, is strictly prohibited
> and will be considered a criminal offense. If you are not the
> intended recipient be aware that any disclosure, copying,
> distribution or use of the contents of this information, even
> if partially, including attached files, is strictly
> prohibited, will be considered a criminal offense, so you must
> reply to the original sender to inform about this
> communication and delete it.
>
