[Top] [All Lists]

Nomcom process realities of "confidentiality"

2008-03-19 10:12:36

The current discussion about Nomcom activities has been sufficiently 
professional and constructive in tone to prompt me to raise a particularly 
delicate point:

    Just how realistic is our belief in confidentiality for the process?

It will be trivial to turn my query into an unintended attack on personal 
integrity.  That's not what I intend and I hope it is not what anyone does. 
Indeed, I won't participate in any exchanges that are of that type.

My view is that any problems are with unrealistic expectations, rather than 
personal failings.  (Or rather, that personal failings occur in all of us and 
need to make sure our institutional processes factor them in realistically.)

Assumptions about confidentiality are at the core of many difficulties 
surrounding the Nomcom process.  They restrict what information Nomcom gets and 
they restrict what information it gives. They also seem to introduce 
in decision-making, as well as tensions.

That makes it worth ensuring that our expectations for confidentiality along 
process match the reality.

For example,

    I was on a Nomcom that considered whether to renew someone and chose not 
  Input to Nomcom was extensive as was Nomcom's consideration.  The two 
I've been on included a wide range of equally-experienced and assertive IETF 
folk.  The affected person later communicated to me that they had been told 
I directed the outcome.

    Someone within the committee talked to them about details of internal 
discussions.  That they got the information seriously wrong merely underscores 
the danger of inaccurate assumptions about confidentiality.  (Factor in 
assessment might be made of my range of behaviors and one still has to be left 
with the view that the idea of my controlling any outcome of either Nomcom is 
simply silly.)

    Were things more open, the person might have had access to more than one 
channel of description and might have been able to get a more accurate sense of 
what took place.  Were things less open, then some sources of distortion might 
have been eliminated.

    To be clear, as a non-Nomcom community participant, I have at various other 
times interacted with Nomcom members who drew very, very strict lines around 
information they would (not) share with me.  Indeed my sense over the years is 
that everyone takes the requirement extremely seriously.  But taking the 
requirement seriously is different from never violating it.

    This was merely an example that I have first-hand knowledge about.

To have a realistic model of confidentiality, we need a realistic model of IETF 
social processes.

For example, many of the people in the IETF management pool are at least very 
close friends.  Liaisons are present during all Nomcom discussions.  The strain 
on a liaison who is party to highly critical discussions about a very close 
friend strikes me as excessive: It is not reasonable to expect them to maintain 
confidentiality. And I repeat that I am offering this merely as an example. And 
note that the challenge is not only present for liaisons.

Add to this the fact that a) we have no detailed rules for confidentiality but 
rather treat the word as having implicit-but-total effect on behavior, b) we 
have no enforcement powers over violations, and c) Nomcom members, IAB members, 
IESG members and ISOC members typically do not have any background in 
maintaining confidentialities of these types.

(On item c), if you think that there is no need for training or experience, 
please think again.  Organization personnel matters are peculiar processes.)

The concept of Nomcom was a creative solution to the challenge of making formal 
community decisions in the absence of formal community membership.  That said, 
the conduct of Nomcom processes tends towards pretty classic personnel 
assessment, but with people typically lacking classic personnel training or 
experience.  Coupled with a lack of institutional specification for the 
construct or enforcement against "violations" and we are certain to get 
distorted processes.

I've been taught that any good security structure begins by limiting what needs 
to be secure and who security is expected from.

We ought to consider extremely carefully exactly what confidentialities are 
essential and exactly who needs to maintain them.

By way of example, I'll raise a question about Harald's proposal to make 
nominations for Nomcom consideration public but not who agrees to be 
   In the current IETF and Nomcom reality, I've offered a +1 for the proposal. 
This note does not change my support of it.  Rather, it's helped me to reflect 
on the larger issues.

In terms of overall process effectiveness and confidentiality, is the proposal 
realistic?  The idea behind the proposal's distinction is that keeping the 
set of interested nominees confidential will protect a nominee from, for 
example, concerns that a competing candidate who is already holding the 
will find out.

Does anyone seriously believe that someone sitting within IETF management will 
not know who is running against them?  Please consider just how tightly-knit 
IETF management community is.  (And again, that's not a complaint; it's a 
reality, and I don't see that it can, or maybe even should, change.)

In the face of sensitivities, it is convenient to seek to avoid them.  Invoking 
"confidentiality" can be the convenient mechanism for this convenient avoidance.

But convenience is not the same as utility.

Let me suggest that we at least discuss a model that begins by allowing 
everything to be open, and then imposes restrictions only when there is 
agreement on a compelling need for it, and that the restriction be defined on 
the smallest possible group of people.


   Dave Crocker
   Brandenburg InternetWorking
IETF mailing list