BCP 39 makes it fairly clear that the IAB does not need a separate COI policy. This text was inserted on legal advice from Jorge Contreras, as the IETF's pro bono counsel at the time, who said it was intended to 'protect IAB members from personal liability for IAB decisions (particularly in view of the last paragraph, stating that they serve as "individuals")':Members of the IAB shall serve as individuals, and not as representatives of any company, agency, or other organization. Members of the IAB shall owe no fiduciary duty of loyalty or care to IAB, IETF, IRTF or IESG.The last sentence in particular seems to make a formal COI policy unnecessary and possibly harmful. Wouldn't such a policy nullify that protection that IAB members have had since May 2000?
Brian, it is not obvious that this paragraph in RFC2850/BCP39 implies that "a formal COI policy is unnecessary and possibly harmful". I understand why you would say that, but it requires some level of reading between the lines.
You are implicitly suggesting that the current attempt at writing
a COI policy for the IAB be scrapped. That may well be very good
advice. After all, we might say that what is expected from members
of the IAB is exactly the same as what is expected from
participants in the IETF in general. But, however well founded
that advice may be, we will need some more explanation.
Can we see the legal advice that led to the current proposal?
Similarly, if the text in RFC 2850 comes from past debates in the IAB, can you point us to the minutes of these debates?
-- Christian Huitema
