--On Tuesday, October 22, 2013 00:32 +0800 Jari Arkko <jari.arkko@xxxxxxxxx> wrote: > Thanks for the excellent feedback so far. Let me first add to the other comments that I think the draft is an entirely reasonably first cut. > > I wanted to point out one thing in the continuing discussion. > Despite the best intentions and us being engineers and all, it > may not actually be possible to write a full spec that > accurately defines what is and what is not harassing > behaviour. E.g. photography. I think Don had it right in the > case that he described, but it would have been hard to write > that down before even hearing about such a case. Similar comments would apply to the mini-tempest about photographing the in-room participants at a WG meeting to record those who had (or had not) volunteered for a particular task. We need to be clear that things, including photography and other image-recording methods, can be privacy issues without being harassment and vice versa. Keeping them separated may be hard, but it will be necessary. > Hence judgment needs to be applied by the ombudsperson & the > rest of the IETF management. Yep. And they should expect whatever judgments they make to be very unpopular with someone. Two additional observations: (1) These kinds of policies are going to run into some of the same issues as our IPR policies. In particular, if someone really has bad intentions (as distinct from being careless, indifferent, accidentally ignorant or stupid), we could be headed into another rat hole about who the policies actually apply to and whether particular individuals have agreed to them. It is my understanding that a voluntary organization's trying to enforce a policy that may involve career-damaging punishments on people who can't be demonstrated to have agreed to it can get very messy. So, like others, I would encourage having Counsel take a careful look, both at the policy and at the potential interactions between it and our "no membership" policies. (2) With the understanding that this is a purely hypothetical problem, any policy of this type also provides the opportunity for spurious claims and other sorts of DoS attacks. Equally important, it provides the opportunity for some entity to claim externally that the IETF or some of its participants harassed it in violation of the policy, did nothing about it, and therefore that our standards should be ignored and the organization punished. Those sorts of threats are certainly not a reason to avoid establishing policies of this sort, but we should be aware of possible misuses. It is probably also useful to think, not only about what measures can be imposed if bad behavior doesn't stop, but also about how to ensure that someone complaining has skin in the game. In particular, it would be really unattractive to have a harassment complaint brought against figures in the IETF for repeatedly saying something unpleasant about, e.g., a government that was restricting access to the Internet. best, john