1. It is ok to photograph large groups of attendees at gatherings around the registration area, hackathon, BnB, socials, and plenaries where individuals are not the subject of the photograph 2. It is ok to take photos of individuals who do not display the ?Please no photography? indicator.
And this largely reflects the current state of copyright law in many jurisdictions. For (2), the laws usually state that an individual who is the clear focus of the composition must consent to any use of that reproduction (regardless of whether they receive any compensation). So a crowd shot of the entire hackathon room would be okay, but a picture of a small group of people at single table would require their permission for the use of that shot. (Where the line is drawn varies. There is plenty of case law that can be looked up online if you want to see how the courts make that determination.)
I don't know if the current IETF registration contains an explicit photography release clause (I haven't attended an IETF in many years now; I don't recall seeing anything about that when I did attend regularly, but that could just be old age setting in), but if it doesn't, and it's not clear to people they are agreeing to one, the IETF is technically violating copyright law in many countries if they publish pictures under (2) without explicit consent.
If people had the option of wearing a "no photography" badge, they would be clearly stating their status under existing copyright laws. If there is a dispute, it becomes a matter of civil law, which might help serve to isolate the IETF as an organization from potential liability.
As much as the IETF can avoid making policy on this, and instead defer to existing laws, the better off it is, IMO. Whatever happens at a particular meeting will ultimately be subject to the copyright and privacy (and other) laws of the hosting jurisdiction, so any "policy" would be moot in that regard.
I think the best path is to allow for a "no pictures" badge, and refer meeting registrants to a general statement on the applicability of copyright and privacy laws towards photography. Preferably with the standard caveat of "when in doubt, don't."
But I would support one policy, that being that anyone presenting at a plenary or other multi-WG or general meeting explicitly consent to being photographed. This is for purely practical considerations. In such a large group, there's simply no way to ensure it won't happen, and the IETF shouldn't be put in a position of liability for not being able to enforce a "no photography" policy.
--lyndon
