Hi Andrew, please see inline. On 5/11/17, 05:14, "ietf on behalf of Andrew Sullivan" <ietf-bounces@xxxxxxxx on behalf of ajs@xxxxxxxxxxxxxxxxxx> wrote: >On Wed, May 10, 2017 at 07:47:20PM +0000, Stephan Wenger wrote: >> >> I’m in favor of validating the address, for example by sending some form of credential to it; without the credential, only listening/reading access is granted. Doesn’t have to be bullet-proof, but using example@xxxxxxxxxxx shouldn’t work. This is obviously in order to obtain one semi-traceable record of the participant. >> > > >We don't do that for in-person participants, because we no longer even >collect the email address on the blue sheets. (We do it for meeting >registration, of course, but we don't have a way to pair that with >participation in any given part of the meeting, so the IPR issue is >harder to argue by analogy here.) The question is not whether we collect email addresses. The question is whether we collect the identification of the individual and its employer, bother with reasonable certainty. IIRC, one reason for the change from email address to company name was made because, today, many people use non-employer email for IETF work even if they do the work mostly on behalf of their employer and as part of their job, and tracking down the participant’s employer from the email address for things like Noncom eligibility and also IPR related issues didn’t work anymore (if it ever did). (there were also other motivations, including the handy creation of a SPAM list from IETF archival material such as the proceedings). For an in-person meeting, we (or a court) have many ways to identify a person who influences the decision process. For an external person, especially when there is no video, we are more limited. A non-verified email address is certainly easier to fake than the recollection of a roomful of people during a physical meeting. > >> And 5) click-through of the Note Well (unless that’s done in some other phase of the remote participation, like when signing-in to meetecho). Again for--I hope obvious--IPR related reasons. >> > >We _certainly_ don't do that for in-person meetings. We put the Note >Well up and assume that anyone who is in the room and who makes a >Contribution in any way is aware of it. Joining the meeting virtually >has the same property, no? Actually, No. In an in-person meeting, the hurdle of missing a note well is pretty high. When you are at a physical meeting and get bombarded with a Note Well not only during registration time, but also daily several times at the begin of WG sessions, you and your lawyer would have a hard time to argue that you were not aware of it (and therefore perhaps free of certain obligations you otherwise have per policy). OTOH, assuming no click-through or similar, a good lawyer could conceivably make the case that his client was not aware of the Note Well and associated policy when influencing an IETF decision process of a certain document, especially if that person is not an IETF regular and dials in only for one WG session (and perhaps a bit late to that). Then, the good lawyer could conceivably argue that certain obligations (such as the obligation to disclose patents) were not known to that client of his. And finally, the lawyer could argue that, therefore, the obligations do not apply. (Note that I didn’t include the word “successful” in the last sentence.) There has been one fairly prominent case where a company choose to send undercover participants to standards meetings, in order to (so the court found IIRC) circumvent obligations by the standards committee. We should not facilitate such behavior. That case and ours are not directly comparable, but IMO not dissimilar in their nature. Stephan > >A > >-- >Andrew Sullivan >ajs@xxxxxxxxxxxxxxxxxx >