On Jan 15, 2009, at 9:29 AM, Theodore Tso wrote:
On Thu, Jan 15, 2009 at 08:24:08AM -0500, Marshall Eubanks wrote:
On Jan 15, 2009, at 7:09 AM, John C Klensin wrote:
If someone stood up in a WG prior to whenever 5378 was
effective* and made a suggestion of some length, or made a
lengthy textual suggestion on a mailing list, and I copied that
suggestion into a draft without any paraphrasing, a plain-sense
John, I am not a lawyer, you are (AFAIK) not a lawyer, and if the
IETF counsel says otherwise, I would just let this one lie.
The reason why I do not agree with this reasoning is that these
rights are claimed through authorship. If I do not claim authorship
in your draft because you use my text, when I have ample opportunity
to do so, then I have (in my opinion) effectively lost them,
especially in this context (where there is a note well, an
assumption of joint contributions, etc.).
So it's a problem if every single I-D and RFC author is going to have
to consult their own counsel before deciding that won't get into legal
trouble when guaranteeing that all of their text is appropriately
licensed.
This is an IETF list, to discuss matters of relevance to the IETF.
Whether or
not you need to consult counsel is not really on topic, and for sure
you should not
make that decision based on what anyone (especially me!) says on this
list.
If, on the other hand, you do obtain advice of counsel on this matter
I would be curious to
learn what they say.
So whether or not I am I lawyer, and whether or not the Berne
Convention very clearly states that copyright rights are automatically
enforced, and do not need to be explicitly claimed, and whether or not
the Note Well is enough to override the Berne Convention, John's
position that he wants to be conservative enough not to make
guarantees that might expose him to legal liability is a reasonable
one.
I don't think it's fair to say, "I'm not a lawyer, and you're not a
lawyer" so you should do something which you fear exposes you to legal
risk --- especially when all of the IP training many of us have gotten
have basically told us that the Berne Convention explicitly states
that you don't have to claim copyright to get copyright
protections....
Yes, I am sure that there are corner cases here, but one thing
I have found about legal affairs is that there are always corner
cases.
No legal matter is ever sewn up 100%, and judges actually do take
into
consideration when things are done "on advise of counsel." We have
it,
we should use it.
Has the IETF Counsel actually given explicit legal advice to all IETF
contributors (which would have legal liability implications for the
IETF Trust if said advice was wrong, as I understand things) that the
Note Well to guarantee the transfer of RFC 5378 rights for text taken
from IETF mailing list discussions or at an IETF meeting?
Better yet would be if the IETF Trust was willing to ***indemnify***
I-D and RFC authors that they are on firm legal ground for asserting
that they have all RFC 5378 rights when they take text from an IETF
mailing list discussion or IETF face-to-face meeting, on the basis of
the Note Well. After all, it is the IETF Trust which is requiring I-D
and RFC authors to make this legal guarantee, so one might assert that
in a fair world they should take the legal risks associated with that
guarantee.
Consider the threat model here.
This threat applies ONLY to material that the Trust licenses to third
parties (such as, say,
the IEEE) for inclusion and modification in their standards. (Just
reprinting or translating an RFC is not at issue.)
Suppose that you author an RFC today, and use pre-5378 material, and
warrant (in good faith) that the Trust has a license for that
material, or apply a legend from the Trust that says that these rights
are not obtainable by you, and it happens that the original author of
that earlier material disagrees with this license to a third party.
Note that these earlier author's (and their companies) agreed to
freely use this material in the IETF process (the note well, etc.),
and so you have no risk just by publishing the RFC as long as it is
not licensed to other parties.
The Trust would be the party that would be licensing this material to
third parties, so clearly
the Trust would be the major party at risk. What is your risk ?
There is a theoretical risk that the Trust might sue you. That is one
thing that the work-around is intended to remove.
There is an actual risk that a third party might sue you and the Trust
- specifically, that the original author or their heirs, etc., might
sue. They can only do this if there is infringing use, and that would
have to be based on a license from the Trust.
If the Trust does NOT license your material to third parties, then
there is no infringement, no one with standing to sue, and no risk to
authors. It may be necessary for the Trust to state that they will not
assume 5378 to be in place for this purpose until there is a
replacement. (In that case, if the IEEE or some other body wants to
take over an RFC and modify it, they will have to get explicit
permission from all authors until there is a replacement for 5378 in
place, just as they did before 5378 as put into place.) My
understanding is that the Trust is responsible for these licenses, and
so they could just (in their best judgement) refuse to issue them
without further conditions.
These requests are very infrequent (less than 1 RFC per year is my
understanding) and doing this would NOT stop the work of the IETF. I
am beginning to feel that this may be a necessary step.
What about going forward ? Should we (the IETF, through the Trust)
indemnify authors ?
Indemnification in practice translates to insurance. The Trust has
insurance for its activities.
I personally think it would be wise for the Trust to investigate
whether it could obtain insurance
for all authors _of materials licensed to others_ (post 5378 or post
some later RFC), what it would cost, and whether the insurers would
want changes in our procedures. (I would feel more comfortable if we
just learned that
our processes were insurable, even if we did not actually get
insurance.)
Given that the Trust is insured for its handling of ALL IETF work, and
this extra insurance would be for maybe 1 RFC per year, the cost to do
this might be very reasonable. I don't know, but I would urge the
Trust to find out.
Or (and this is my opinion), maybe the authors should only warrant
_their work_ as being subject to such licenses, and put the burden on
the Trust to obtain any necessary approvals from other parties, only
alerting the Trust to the extent they know of such prior authorship.
My understanding is that this would require a 5378bis.
Again, please note that I am trying to discuss what the Trust and the
IETF should do, not what you or other individuals should do.
- Ted
Regards
Marshall
_______________________________________________
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf