Flaw in the design of NoteWell makes Notewell Not Well.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



By the way all and Jorge, you should take this as a formal challenge to
refute - I don't think you can.  I found what I think is a massive flaw (AKA
a "Catch 22") in NoteWell as to how it applies to corporate participants ad
unfortunately, I think it means that the IETF's processes IP induction
process need to be shut down until NOTEWELL can be formally fixed since it
by my take its broken and solicits fraud's in a large number of the IP's it
claims "it owns based" on email submissions.

This email constitutes formal notice
--------------------------
If Jorge, the IETF's Advisory or General Counsel as a licensed attorney
wants to pop up and formally for the record say this analysis of the
NoteWell Process ISN'T TRUE then the rest of this post can be ignored, BUT
otherwise this memo constitutes a formal notice of my concerns about the
IETF's Participation Agreement. A very complex contract spread across
numerous documents  which I characterize as "unenforceable based on numerous
frauds it forces Participants who are using their Company Email services and
the ownership of the IP submitted, which must be represented to it through
its design";

So Jorge please formally advise your client as to whether this is true or
not, and instruct them appropriately. I.e. If this post is accurate and
these concerns are real then please instruct your client to immediately
cease any NoteWell type assignment's to the IETF until this matter is
resolved. By the way this also eliminates any submissions to the Editor too
for the same reasons through Corporate Email Gateway's,

Let me explain:

Corporate Entities and their AUP's
--------------------------
Corporate Entities who are public or constrained by civil 'standard of care'
laws like SOX or other legislation generally all have a formal HR rule that
each and every employee signs an IT AUP agreement.  Think back folks - did
you sign one of these? The reason is that usually these AUP's contain an
Email specific agreement that says "that the Company owns any and all emails
emanating through their email system" & you folks who are sponsored by some
third party who is constrained under commercial law all probably signed one
of these.

The AUP you signed
-----------------------------
If you did, I suggest that you READ IT CAREFULLY. If the AUP says the
company/entity owns all the IP that flows through its email gateway then YOU
cannot legally speaking assign those rights to the IETF since YOU DONT OWN
THEM. That means without specific agreements between the Your Sponsor, a
Public Entity, and the IETF, as well as an amended AUP between you as an
Employee  and your Employer, you (the Employee) should not be posting from
the Work address/domain  or system. That also means that without some
specific agreement between the Employer and the IETF there can be no
transfer of IP rights into the IETF.

The IETF's faking this by creating boilerplate which claims that you also
must represent to the IETF that you have these legal capabilities is also an
inducement to commit fraud IMHO since it is very likely that any and all
management of the IETF signed one or more of these IP and AUP controlling
agreements with their sponsors.


NoteWell's Failing
-------------------------
NoteWell as it stands today has a statement that any and all email sent to
the IETF becomes the property of the IETF. So then the problem is that the
person sending IP to the IETF through the Corporate GW doesn't own that IP
to assign it to the IETF. Only the Sponsoring Entity could do that.

Knowing that this is true and continuing to violate the agreement may be
fraud by wire
-------------------------
This is where it gets messy; the current boiler plate says that to
participate you have to turn over IP you don't own... and per the agreement
you likely signed with your corporate sponsor, to participate in the IETF
through the employer's Email GW you have to convey IP that you NO LONGER
have formal rights to. Further, to protect the IETF you MUST represent to
the IETF that you have this contractual authority; which as it turns out
only very few if any actually do and the misrepresentation of may be a
federal crime.


NoteWell - Private Company's and their IETF participation
-------------------------
This makes the IETF's NoteWell provisions ineffective because no matter what
the "Sponsored Employee or Contractor" says once they sign that AUP they
would then  need another specific agreement/exemption to set aside the
claims of the Sponsor to those IP's they were to contribute to the IETF.

No one would issue such a Email Release
-------------------------
No one in their right mind would issue such a release against their Email
servers. It would make the internal IP much more difficult to protect.
Likewise, no company sending staff to participate in the IETF except those
that have formal Standards Practices would likely have any assignment of
rights provisions for their Standards Practice Staff to be excluded from
other IP controls within that Employer's Operations.


The IETF mandates that its participants all formally hold an Enduring Power
of Attorney
-------------------------
The problem is that NO COMPANY with possible exclusion of its formal
Standards Initiative Staff have actually given those staff members real
releases to represent their interests. I.e. without specific and particular
Employee Management Policies there is likely no conveyance whether NoteWell
says there is or not, further most Corporate Sponsors realize that their
Internal IP becomes at risk with any other policies in place... so the
provisions to allow one to use the Email GW for conveying property to the
IETF are very iffy at best.

Does this make a Fraud? - I say YES.
-------------------------
The IETF is aware of these constraints and it has built technical practice
models to sidestep the law herein. That is very probably technically illegal
under US Law then to operate the IETF in this manner and is arguably a fraud
by wire between the IETF and the Participant with the Sponsor as the victim.

You can blow this off as a technical "oh well" but I don't think this is
going to go away... So my claim is that NoteWell doesn't work from Corporate
Email Gateways IMHO as it sits now.

Jorge if you want to argue differently please do, but I don't think you can.

Todd Glassey




_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]