--On Sunday, 05 May, 2019 14:14 +1200 Brian E Carpenter <brian.e.carpenter@xxxxxxxxx> wrote: > I have to agree with John. NDAs are rife in our industry. > Generally, the NDAs signed by academics or researchers are > less onerous than the normal conditions of employment for > staff of vendors and operators. So conflicts of interest about > confidential material are essentially standard operating > procedure for many, if not most, IETF participants. I'm not > saying that NomCom appointees (or NomCom members) shouldn't be > expected to disclose CoI, but if we try to make it other than > a SHOULD, or to make it a binary gating factor, we'll find the > volunteer pools exceedingly small. > > I don't think we need to worry about financial CoI. That's a > standard problem that the LLC can handle in a standard way. > (Someone mentioned the IETF Trust too. Since it doesn't handle > the budget, see above.) Brian has identified one other useful distinction. Across the board (for both LLC roles and roles with more technical impact), I'm far less concerned about financially-based conflicts than I am about undisclosed situations in which, e.g., someone or their organization is involved in a product or service design that might benefit from some IETF decisions or actions or be impeded by others. I note that, unless an obvious connection can be drawn between financial benefits to the individuals involved, those types of issues are not covered by any sort of mandatory financial disclosure regulations of which I'm aware and consequently that "do what the regulations require and no more" arguments simply don't apply. I think, or at least hope, that we've done reasonably well on having those relationships disclosed just on the basis of the personal integrity of those involved. However, as we face more tradeoffs, e.g., between the efficiency and sometimes privacy advantages of increased concentration and the risks that concentration can cause to other methods and by creating single points of failure (DoH comes to mind as one design approach that involves those tradeoffs), it is going to become ever more important that the community understand --and make decisions that consider-- where someone's support is coming from and what they are working on in day jobs that might be affected even if the nature of the support would not fall into a category that assorted laws affect and for which they require disclosure. I note that an incident that may have affected many participants in the IETF (as well as the broader Internet community) in the last 48 hours can be interpreted as an illustration of the difficulty of making those tradeoffs correctly. This is a very broad set of issues. If I've done consulting for an architectural firm that has done design work for a particular hotel chain and I've been involved in that work and am proud it it, the IETF community probably doesn't want me involved in meeting site decisions without rather full disclosure, even if my compensation is not affected at all by the historic designs or any future ones. However, that "no affect on compensation" criteria (and some similar ones) means that the financial regulators do not consider the relationship a COI from a financial standpoint, much less one requiring disclosure. I don't see that as a problem that needs to be solved in the short term for the LLC to function and move forward. I don't see it as involving decisions that LLC Board, rather than the IETF community, should be making either. But it may be the elephant in the large COI room and one that should not be accidentally dismissed by "if the law doesn't require it, it is ok", allusions to Caesar's role, etc. best, john
