I have done a little digging around on the questions I asked and
thought I might summarize some of the responses I got back to my email.
More inline .... Note all the comments below do not refer to the
"Special Administrative Regions". I strongly support Ted's suggestion
that running the meeting in one of theses zones would eliminate the
concerns I have raised.
On Sep 23, 2009, at 9:45 PM, Cullen Jennings (fluffy) wrote:
I'm trying to understand what is political speech in China. The
Geopriv WG deals with protecting users' location privacy. The policies
of more than one country have come up in geopriv meetings in very
derogatory terms. There have been very derogatory comments made by
people about the US's wiretap policy. Unless someone can point me at
specifics of what is or is not OK, I would find this very concerning.
We also regularly discuss issues around Taiwan/China, cryptography,
wiretap, DNS root server location, reverse engineering, and so on.
Clearly most the people involved with IETF would never want to break
the laws of the country they are visiting but the question is do we
actually understand the laws and what impact do they have on our
technical work? To help us make informed decision about whether these
terms are issues or not:
1) What is political speech in China? And can we explain that to IETF
participants well enough that they know what is OK and what is not.
Got a few reposes to this - none very solid but they seemed generally
along the lines of "If you are looking for something crisp, forget it"
2) Are there any special rules about publishing and broadcasting? I
note that the IETF, unlike most other groups having meetings,
broadcasts the meetings live over the internet, which will be both
publishing the material and exporting it outside of the PRC.
Got answer from non legal person of yes you need a license for this
but they could not point me to the actually regulations. Still hoping
to get a better answer. Hs the IAOC got legal advice on this?
3) Are there any rules around discussion, publication, or export of of
cryptography algorithms and technology? publishing weaknesses of
national crypto algorithms?
The advice I got was that unless we got a license if the IETF
developed crypto in China and we exported it out, then this would be
illegal in PRC. It was pointed out PRC is not part of Wassenaar
Arrangement. I was advised our broadcasts of and export of minutes
from meetings would be "Deemed Export". It seems pretty hard to argue
that the IETF does not develop any crypto. Has the IAOC received any
legal advice on this?
4) Many of our participants use communications products (like jabber
clients) that they helped develop and include strong cryptography. Do
they need permission to use these in China?
One person with what I view as a reasonable background in PRC law told
me this would be illegal and violate State Council Order No. 273,
"Commercial Use Password Management Regulations" among other things.
The "clarification letter" does not seem to change this. It seems this
would be illegal there without a license. Has the IAOC received legal
advice on how this impacts us.
Still gathering data on this one. If you know something, let me know.
I heard a rumor that on our registration form, when we asked what
country you are from, we would not be allowed to ask Taiwan or PRC.
Does anyone know any truth value to this rumor?
5) When discussing what I think of as technical issues, many
participants regularly treat Taiwan and PRC as two different countries
and currently recognize both of them as separate countries in their
own right. I'd actually venture a guess that there is strong IETF
consensus they should be treated this way. Could any discussions like
this be viewed as political speech? What are the rules on this?
6) It is not core to IETF work but some of us do some interop of
running code for IETF protocols under development sometimes at IETF.
This would be about the right timing for running P2PSIP code, but that
requires us to to run a local CA. Is any special permission needed to
run a CA in China?
A license is needed to run a CA in PRC. What we normally do would be
7) Would we be OK running a BOF on techniques for firewall advancement
in general and in particular on getting around any firewalls China
runs? [Seriously, you know someone will propose this BOF, the
questions is could we run it or not?]
Answer I got was discussion of security policies of PRC's firewall and
methods to get around it would definitely not be OK to discuss. Two of
the many problems would be:
1) this is defamatory towards the state agency that run the firewalls
2) this could be considered release of state secrets
Answer seemed pretty solid that this topic was not one that most
people would consider a really bad idea to discuss in PRC.
8) Given the Chairs for WG set the agendas and such, I am assuming
that a reasonable person would consider all the presentation done by
presenters at the front of the room to be things that are under
control of the client. Is this the assumption the IAOC is working
9) What is the IETF's potential liability here. If the meeting was
canceled on Monday, everyone checked out of hotels early and paid a
one day change fee, would the IETF be responsible for the hotel's loss
of revenue for the Wednesday through Friday nights?
10) If the meeting is canceled, will the IETF be reimbursing the
11) Given the IETF would be depending on the actions of the
participants of the meeting to meet the contract, it would seem very
prudent to me to make sure that each participant agreed to this. Will
you be asking each participant to sign an agreement agreeing to these
Really love to hear the IAOC thoughts on this one ....
As an interesting side note, it seems that some people think that many
of these things are officially illegal but they are fine to do anyway
because other meetings are doing them etc. This is not a position I
share and more importantly, it is not a position where I am willing to
ask our WG Chairs, authors, and other volunteers to do something
illegal because it will all be fine. Even if there are no short term
consequences, I can imagine a case where 10 years later someone is
seeking security clearance and this comes back to bite them.
12) Do you all feel like you need a beer yet?
I'm trying to get to the bottom about what is legal and what is not in
the PRC. Ignorance is not an excuse for the law in any country and
when I don't know if something is legal or not, I don't do it.
now I am looking for input from knowledgeable people on these
questions. I imagine the IAOC has looked into many of these and would
appreciate understanding what you have found.
The answer I have got are very disturbing from a legal point of view.
I believe the IAOC has received requirements front the IESG around the
minimum things needed for a meeting. For the IAOC to understand if
they can meet these requirements, I believe IAOC needs to get legal
advice from a PRC lawyer around if the questions I am asking about
certain discussions being legal or not in PRC and make the results of
that advice public. Anything less would be in my view a failure of
their fiduciary responsibilities. The advice I have gotten so far has
not been advice from definite experts that I am sure is correct so I
am hesitant to rely on it too strongly but so far it has indicated
that some of these things all are not legal in the PRC but clearly
the IAOC should get to the bottom of this before making a decision and
inform the community of what they learn so that individual can make
informed decisions about their own attendance.
Ietf mailing list