Question for the two lists -
Since many of the IETF's operations are physically located in the US those
laws constrain the operations of the IETF pretty much... So let me ask this,
Since the new Digital Evidence requirements in the US now mandate a much
stronger set of management processes, how do these effect the IETF's mailing
lists and how are the content of them protected? I was perusing the
operating document's and couldn't find anything about these newly emerged
needs in anything we have done before so I thought that it would be fun to
toss this out
Is there any guidance to the List Operator's about their responsibilities
and potentially their liabilities for failing to meet these requirement's?
For instance, if a company in the US were to operate an IETF mailing list
from one of their internal servers' it would be subject to their normal
retention policies one would think. Since it *(the actions of the IETF)
pertain to the development of IP, one would want to maintain the full record
or all actions and processes for at least seven years one would think. Also
there is a key requirement for the data integrity of the management of those
records both here and in the EU.
Also how would this be audited? 'cause that is also necessary.
Kinda scary but seems like running mailing lists in the IETF just got more
expensive.
Todd Glassey
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf