--On Friday, March 24, 2017 08:49 -0500 Randy Bush <randy@xxxxxxx> wrote: >>> in what legal juristiction is the ietf? in what >>> juristiction is the subpoena served? how does an american >>> (for example) gag order apply to a nebulous entity such as >>> the ietf? >> >> all good questions - any suggested answers? > > IANAL, IANAL, IANAL, IANAL, IANAL, IANAL, IANAL, IANAL, IANAL, > IANAL > > the ietf does not exist, but has a service address in the > states. the latter could easily be changed, e.g. to genevé. > > "is an organized activity of" seems vague and could be > interpreted as the ietf is, for legal purposes, subsumed by > isoc. this was likely not an accident. > > i assume the subpoena with the gag order was in the states, > and the server wore a brown shirt. >... Randy, IANAL either, but it seems to me that Jari's note suggests a more basic question that is almost independent of jurisdictional issues. Suppose the IETF (or whomever) receives a subpoena that names individuals or companies in a way that might be unfortunate, contain implicit accusations that might be completely unfounded, or even, in the opinion of those parties if they knew, were libelous, and suppose it directs IETF to not disclose the subpoena in any way. Without offering anything resembling a legal opinion, it probably makes a difference whether the subpoena is associated with a law enforcement action rather than the civil actions for which I think the policies were designed. Whether we are in a position to ignore or fight the subpoena or not and independent of what we think about the alleged law enforcement entities involved (including their choice of shirt covers), it seems to me that a policy of posting subpoenas raises several issues (with Jari's note explicitly identifying the first). "Lawyer" in parentheses identifies a question that I think we need advice about if I'm not the only one who thinks it is relevant but that would probably not be profitable to debate on this list, at least before we have that advice. I believe that many of the issues below would apply also to a subpoena in a law enforcement action directed against an individual or company (rather than, e.g., asking for authenticated documents) even if it contained no demand for confidentiality (again, IANAL). (1) If the subpoena names an individual or company, is it consistent with our privacy policies to disclose those names? (2) If we think the answer is to avoid disclosing names by posting the subpoena in redacted form (e.g., to eliminate names), does the community want the IETF Trustees (or a committee appointed by them and with membership and parties consulted sometimes being less than transparent) to go into the redaction business? Does it make a difference if any attorney-client confidentiality provisions apply only to ISOC or the IAOC/IETF Trustees and not the community? Would that constitute a different sort of privacy or transparency problem by encouraging members of the community to keep secrets from each other? (3) (Lawyer) If the subpoena's content, or even the fact that it has been issued and served, implies things that the named person or company would consider libelous if disclosed, does the IETF become a party to the libel by making the subpoena public (whether or not told to not do that)? (4) (Lawyer) I believe, but people with applicable professional legal credentials and experience should confirm, that, if we want to base the answers to any of these questions (including whether the subpoena should be resisted if that is a possibility) on knowing what sort of action is involved, based on what laws, etc., we should get over it because a subpoena may not disclose that information. (5) (Lawyer) I understand that it is generally harder to serve civil subpoenas across international boundaries than criminal (or other law enforcement-initiated ones although there are variations even within those categories. If a criminal (or other law enforcement) action is involved, how much protection would "move to Iceland / Geneva/ somewhere else" provide. Of course, most, if not all, of those places have their own legal systems and processes and moving there (if even if were possible) might provide more protection from the processes of the US but obviously less from those of the new host country. (6) (Lawyer) Assuming the IETF (or IETF Trust) were to establish some sort of locus/ HQ in Iceland / Geneva/ Lower Slobbovia and claim that subpoenas need to be served there, would that provide any significant protection, especially from subpoenas initiated by law enforcement, or would they just treat whatever we would say about where to serve the subpoenas and instead seek out ISOC or AMS offices or particular named individuals in a convenient country, serve them, and make the international issues their problem. I note in that regard that, while Finland may be a good place to live, the ISOC Chair, AMS officers and HQ, and incoming IETF Chair are all based in the US. I have no reason to believe that those are all of the questions that should be asked, but they are a start. john