Re: [IAOC] I know I am dumb stupid but I am also dumb stubborn [was IETF Trust license is too restricted]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



At 04:08 09/12/2005, Lucy E. Lynch wrote:
On Fri, 9 Dec 2005, JFC (Jefsey) Morfin wrote:
<snip>
> NB1: I fully understand that people from the darkwing are jealous
> from those living on the brightside. :-)

channeling Lord Vader ... "The force is with you young Skywalker, but
you are not a Jedi yet."

Dear Lucy,
even billions years ago, by my network age, I am more Qui-Gon Jefsey :-)

> NB2: I still wait for my response concerning the legal responsibility
> of the Trust.

I believe that once the IETF Trust is signed, the Trustees will take
on the duties outlined in sec. 7, and , because the trustees are the
members of the IAOC, they will be answerable to the IETF community
under the provisions outlined in BCP 101 - is that the answer you're
looking for? Additional duties can be added by the community idf the
need arises.

No. "Legal" does not mean answerable to the community. It means answerable to the Law. I will detail the response because I think it is important. Very important for the network stability - where would we go if the IETF was blocked.

Let be practical. The IETF, after approval of the IESG and the review of the IAB, produces texts. It is therefore an author. An author has legal responsibilities for the content of his texts. In addition this publication is assumed by an editor (the RFC -Editor) the IAOC shares into the organisation. Editors have legal responsibility. The more an author has authority in his area, the more he has duties. This is a cooperative work the rules of which underline (RFC 3935) the obligations of competence and responsibility. This is a serious published claim of trustability any Judge will consider.

In addition the IETF claims (RFC 3935) that its mission is to "influence" those who "design, use and manage" the Internet. This Internet is no more conceived as the user's adherence to the IETF documents, what implied the necessary acceptance of the IETF doctrine, solutions and authority, but as the common digital ecosystem of the world, something co-own by everyone independently from the IETF.

This means that the IETF, its editorial committee the IESG, its review committee the IAB, its editor the RFC -Editor, its management the IAOC and the Trustees of its IPRs share responsibilities in the incitations published and in the influences seek by its authors.

Let consider the case of an RFC (wearing the diamond logo, IETF name, etc.) where the IESG has accepted Security Considerations which do not document an important risk. Someone (at this level it is likely that that someone is an important entity or a Government) suffer or wants to protects users from that risk, and sues the "IETF" for its dangerous incitation and its responsibility by influence. Who is legally responsible?

In the confusion of the IETF/IESG/IAB/IAOC/ISOC in the area of responsibilities, IANAL but common sense is to think that legal, ethic and financial responsibility will be found where is the IPR claim. It is also likely that the WG members, the IESG and the IAB members, and the authors will be individually or collectively prosecuted if the case if of enough importance.

1. what is different about IETF from other SSDOs?

- the IETF wants to be partly binding (influencing) to the users of an operational system its users co-own without reference to the IETF - the IETF obliges itself to competence and responsibility in what it says and in the most efficient use of that system - the IETF is a loosely organized structure with no clearly identified legal core and no adhesion statement waiving its/or its participants' responsibilities. - the waiver included in the Internet standard document cannot cover the incitations these documents may contain nor the use the IETF itself wants to make of them as an influence tool conforming to its very mission. - the IETF debates are supposed transparent and therefore show to what extent and with which seriousness legal rights and societal and political consequences have been considered, as well as the attention brought to each country, community, individual interest. - the IETF is a private entity protected by no international mandate, with no official representation assuming responsibility in front of national and international law. Its only protection is the claim that the USG refused on its behalf (as the initial investor) the UN form of international protection offered by the international community (http://usinfo.state.gov/eur/Archive/2005/Nov/16-685260.html). I am not competent enough to know how, when and if such a protection could be really obtained. - however the concept that "the constitution is in the code", i.e. in the standard, is a well known and accepted concept which makes the IETF the source of an increasingly important part of the world's constitution. However the IETF has not a structure to consider the societal, political, sovereignty, economical, privacy, etc. impact of its technical decisions.

2. what are possible cases the IETF can be sued for?

- the way an RFC disfavors economical, societal, national interests. This is a well known issue. The IETF fully acknowledges it through its appeal procedure. But the IETF interrupt the appeal possibility to the IAB. As long as the issue concerns an IETF document, endorsed by the IESG and reviewed by the IAB this is OK. But when the content has a legal or political aspect beyond the authorship authority of the IETF, what is the escalation against a biased decision of the IAB? - the IETF is an open house. It has studied its own financing and functioning and the way it can be used by biased interests (RFC 3774 and RFC 3869). This shows that there are cases against biased dominance, disloyal practices, etc. where the IETF can be considered as an accomplice on a case per case basis, or for not having structurally corrected a known situation. - incitations is an important area. There are attitudes and positions that the IETF considers as normal or even claim to politically support however they are not technical. This may hurt national laws. The way the IETF addresses the lingual issues can easily be construed as an actual violation of the human rights. The lack of warning about the possibilities permitted or increased by RFCs concerning privacy violations, personal profiling over racial, cultural, religious aspects, etc. are criminal by themselves. - more generally, since 9/11 nations have documented the "nuclear equivalent" risks the Internet represents for their citizens (in particular the USA were the first to publish an analysis and to build a set of requirements I often quote as fundamental, and I do not feel meany read: http://whitehouse.gov/pcipb). Should such a risk transform into a realty, as we all are conscious [from other technology developments] it will at some stage, the prosecution and the public opinion(s) will investigate the responsibility of the self-proclaimed collective influencing authority having sponsored the originating technical failure.

I note that in this I only consider the legal responsibility. But the self chosen moral individual or collective responsibility is enormous while the IETF offers no protection to its members. Should someone propose something which can be misused or wrong with a deadly direct or indirect impact, the "consensus" process of the IETF offers no serious warranty that this will be corrected by the IETF collective mechanic.

This is only a quick and dirty response, to give you a rough picture. Lawyers and politics could build a much more precise one. I note that in front of a major privacy/racial information violation (as RFC 3066 bis prepares), or of a large number of foreseen deaths (as considered by the White House document) legal theories do not hold much even if they permit a posthumous victory. The Internet is more and more part of everyone life. It MUST be protected from this kind of issues.

Tunis has accepted that for a short while this would be kept under the responsibility of the USA through the current status quo. This is a BIG responsibility on voluntary individuals and on a confuse structure. At least this structure is to seriously consider its protection and fuses. ICANN is currently protected by the GAC and the USG/NTIA in case of a country suing them over a ccTLD delegation, but it is commonly sued for it other decisions. What does protect the IETF? All the more than RFC 3935 describes a non-consensual, non-transparent IETF decision mechanism: who is legally responsible for these decisions. What is the financial protection scheme signed for the IAB and IESG members?

If I only take the case of the RFC 3066 bis I know well, there is a very impressive number of reasons to legally assign the IETF, the IESG, the members of the WG-ltru. We all know that today the point in an assignation is not to win but to proceed. What is the use to be right when one is dead? I know there are cheaper ways to kill the IETF and to force a technology change or a status quo protection or even only to block a competitive choice. But not everyone knows it: the most common way we know everyone knows is to sue.

jfc


_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]