Bob,
thank you for your note!
Some comments to some particular points in your message:
It was recently pointed out that issues concerning confidentiality of
information may not have been adequately addressed; patent submissions
may also place additional constraints and restrictions on what
individuals or organizations may do with certain information or material
for IETF purposes. Indeed, this is but one aspect of a much larger topic
that has not been discussed in any real depth. There are other important
issues that merit attention in this context, insurance, clear indication
of who has signature authority and for what actions, ownership of
copyright claims in IETF documentation -- to name a few.
The issues of copyrights and patents as they relate to Internet standards
are the purview of the IPR working group. Issues have been raised recently
that the IETF currently does not get enough rights from authors of Internet
standards to give permissions it needs to others - this is a topic of some
complexity, and I invite anyone who wants to discuss it to go to the IPR
WG's mailing list.
The IETF has traditionally largely refused to deal with confidential
information as part of its standards process.
Although CNRI has been responsible for all aspects of the IETF
Secretariat for over sixteen years, and, prior to 1998, provided
technical leadership to the IETF as well, since then the provision of
IETF Secretariat services has been carried out by Foretec Seminars, Inc.
under contract to CNRI. CNRI continues to provide the IETF Secretariat
function, and maintains the oversight of the IETF Secretariat services
provided by Foretec. These CNRI activities are the province of many of
the topics discussed in connection with the IASA activity and the IAOC in
particular. One of the aspects of this oversight activity is quality
control of not only the services provided in support of the IETF, but
policies and procedures to govern the contribution and use of information
or material that may be subject to patents, copyright or other rights or
interests (?intellectual property?).
I believe that the IETF has set its own procedures for this. See RFC 3667,
RFC 3668. I do not know that we have ever had an IPR issue raised that
related to documents outside those used in the standards process.
Among the issues to consider is (if CNRI does not provide the IETF
Secretariat function) who will be responsible for administration and
quality control over the use of trademarks, and how will that
responsibility be carried out; who will be responsible for managing
confidential and/or proprietary information or materials developed for or
contributed to the IETF and its other constituent bodies such as the IETF
Secretariat; and how can intellectual property rights or interests in
such information or material best be transferred to other parties in the
event a transition is required.
It would be desirable to start a discussion on these topics prior to
concluding on the BCP, recognizing that all the long-term issues will
undoubtedly not be resolved up front.
The current relevant text in the draft BCP (-05) is:
The IASA is responsible for undertaking any and all required actions
that involve trademarks on behalf of the IETF.
As you say, it's unlikely that all the long-term issues will be resolved up
front....
CNRI has made the IETF leadership aware of the fact that CNRI may have
substantial objections to certain of the proposed roles for ISOC going
forward. While none of the issues raised to date appear to be such that
they cannot be resolved by the parties, subject to the adoption of
appropriate resolutions by both the CNRI Board of Directors and the ISOC
Board of Directors, to date, the discussions leading to any resolution of
this matter have not taken place. The time is ripe to deal with these
issues and not to put this discussion off to some future time.
Absent any other arrangement, CNRI intends to continue to hold the
IETF-related assets, including intellectual property rights or interests
therein, that have been developed over many years; however, we are
willing to consider transferring these assets in a trust arrangement for
use by the IETF in the future, subject to oversight by IAOC acting as
trustees for the IETF in the public interest.
I am not certain how such an arrangement would hang together. The IAOC as
constituted is not a separate legal entity, but an oversight body for the
IASA function.
I believe that the IASA could do most, if not all, of the functions you
outline below, without any modification to the current (-05) version of the
BCP draft.
Specifically, in order to
enable the IAOC to assume such trust responsibility, it is important to
add this task to the list of IAOC responsibilities in the draft IASA
(proposed BCP 04), section 3.2 as follows:
Proposed Additional IAOC Responsibilities:
* Serve as Trustees for IETF-related patent, copyright, trademark and
other rights or interests in IETF assets, as appropriate, where such
assets are placed in trust for the IETF, and coordinate with the IESG and
IAB, as appropriate, on such management arrangements. Where appropriate,
take appropriate steps to prosecute and maintain rights in any such
assets.
I believe the IAD could do the practical functions (steps to prosecute and
so on). I do not understand much of what being a "Trustee" would entail, so
I have no comment on that part.
* Enter into agreements with ISOC and others for the transfer of any
right, title or interest ISOC and others may claim in existing IETF
assets to a newly formed trust arrangement set up to hold any copyrights,
patents, trademark or other rights or interests owned or claimed by the
IETF, such agreements to provide, in particular, that all future
copyright claims related to Internet Drafts, Requests for Comment or
other documents or other works created for the IETF, whether by the IAD
or other persons or organizations providing support services for the
IETF, include a copyright notice in the name of the IETF. Where
appropriate, contracts with support providers should provide that any
work performed for the IETF is work for hire, or, to the extent it may
not be deemed work for hire, require that any such provider grant and
assign, and agree to grant and assign all right, title and interest in
any copyright, patent, trademark or other rights or interests arising in
the performance of work for the IETF back to the IETF trust entity
established to hold IETF assets in the public interest.
The IAOC, not being a separate legal entity, would not be able to enter
into agreements. I believe that the functions you outline are mostly
covered by the BCP's section 3.1, which state, among other things:
The IAD negotiates service contracts, with input, as appropriate,
from other bodies, including legal advice, and with review, as
appropriate, by the IAOC. The IAOC should establish guidelines for
what level of review is expected based on contract type, size, cost,
or duration. ISOC executes contracts on behalf of the IASA, after
whatever review ISOC requires to ensure that the contracts meet
ISOC's legal and financial requirements.
If a contract entered into by ISOC on behalf of IASA and/or the IETF
(an "IASA Contract") provides for the creation, development,
modification or storage of any data (including, without limitation,
any data relating to IETF membership, documents, archives, mailing
lists, correspondence, financial records, personnel records and the
like) ("Data"), then the IAD shall ensure that such contract grants
to ISOC the perpetual, irrevocable right, on behalf of IASA and IETF,
to use, display, distribute, reproduce, modify and create derivatives
of such Data. ISOC will permit IASA and its designee(s) to have sole
control and custodianship of such Data, and ISOC will not utilize or
access such Data in connection with any ISOC function other than IETF
without the written consent of the IAD.
* To maintain protection for IETF-related trademarks, develop quality
of service standards for the use of such trademarks, and establish
procedures for the licensing of such trademarks by IAOC to all providers
of IETF support services, including in particular ISOC, as employer of
the IAD, and any successor entity selected to manage any aspect of the
IAD?s activities. The IAOC should also determine under what
circumstances ISOC, the IAD or any other party is authorized to
sublicense the use of any IETF-related trademarks. If the IAOC determines
that a service provider fails to meet such standards, the IAOC should
make a recommendation to the IETF leadership on how best to proceed.
I believe this is what the IAD is supposed to do. Given that work would be
done under contract, there seems to be little need for a second type of
control through the licensing of trademarks.
* Provide guidance to the IAD and other parties, as appropriate, with
respect to the administration of the IETF policies and procedures
established for the contribution, collection, retention and use of
information or material for IETF purposes that may be subject to
copyright, patent or other rights or interests. Work with the IESG and
IAB to establish guidelines to be followed by the IAD and IETF
leadership, as well as any IETF support providers, covering the
collection and retention of personally identifiable information and other
data that may be subject to confidentiality obligations or data
protection laws and regulations in order to ensure compliance by the IETF
with any such obligations or restrictions.
Another point that got added to version -05 was this:
The IAD shall ensure that personal data collected for legitimate
purposes of the IASA are protected appropriately; at minimum, such
data must be protected to a degree consistent with relevant
legislation.
* Meet with the IETF leadership at regular intervals to review the
existing IETF policies and procedures governing confidential and/or
proprietary information or material to determine whether the existing
policies and procedures meet the needs of the IETF community.
I certainly expect this to happen, but it is a level of detail that I do
not think belongs in the BCP.
* Provide guidance to the IAD in entering into appropriate insurance
agreements on behalf of the IETF, including coverage for the IAD, IAOC,
IESG, IAB, IETF Area Directors and other persons who play leadership
roles in the IETF, and, to the extent required, review the costs of
relevant premiums. In addition, as part of any arrangement with ISOC,
require ISOC to provide appropriate employment and workplace-related
insurance for the IAD; and provide oversight with respect to
insurance-related requirements to be placed on IETF support providers by
the IAD and others, such as insurance to cover injuries or loss suffered
in connection with IETF meetings. Provide specific signature authority
to the IAD to enable the IAD to enter into and maintain the necessary
insurance policies on behalf of the IETF and the IETF leadership.
The question of insurance was mentioned in version -00:
If ISOC directly funds any other IETF expenses, such as the IETF
share of ISOC's liability insurance premium, this will be documented
together with the other IASA accounts.
It was removed because comments indicated that this was at a level of
detail inappropriate for the BCP. I think the provision of insurance for
the IETF officers was always thought to be part of the remit of the IAD;
whether this is best done as a single policy joint with ISOC D&O insurance
or a separate policy is a matter I believe the IAD should have discretion
to decide.
* In consultation with the IESG and IAB, retain independent legal
counsel, where appropriate or required, to represent the rights and
interests of the IAOC, IESG, IAB or IETF, and, to the extent that either
ISOC or the IAD is not the party giving rise to the need for counsel,
work with ISOC and/or IAD to determine how best to cover the costs of any
such legal services.
This was raised in issue #822. Comments were that it's probably a good
idea, and certainly in some cases, but that the BCP did not prevent it, so
it did not need to be mentioned there.
Again, it's a question of what level of detail this (hard-to-change)
document needs to go into.
Harald
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf