ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: RFC 5378 "contributions"

2009-01-15 11:51:35
from [Marshall Eubanks] [Permanent Link] 

On Jan 15, 2009, at 9:29 AM, Theodore Tso wrote:


On Thu, Jan 15, 2009 at 08:24:08AM -0500, Marshall Eubanks wrote:

On Jan 15, 2009, at 7:09 AM, John C Klensin wrote:


If someone stood up in a WG prior to whenever 5378 was
effective* and made a suggestion of some length, or made a
lengthy textual suggestion on a mailing list, and I copied that
suggestion into a draft without any paraphrasing, a plain-sense


John, I am not a lawyer, you are (AFAIK) not a lawyer, and if the
IETF counsel says otherwise, I would just let this one lie.

The reason why I do not agree with this reasoning is that these
rights are claimed through authorship. If I do not claim authorship
in your draft because you use my text, when I have ample opportunity
to do so, then I have (in my opinion) effectively lost them,
especially in this context (where there is a note well, an
assumption of joint contributions, etc.).


So it's a problem if every single I-D and RFC author is going to have
to consult their own counsel before deciding that won't get into legal
trouble when guaranteeing that all of their text is appropriately
licensed.
This is an IETF list, to discuss matters of relevance to the IETF. Whether or not you need to consult counsel is not really on topic, and for sure you should not make that decision based on what anyone (especially me!) says on this list.
If, on the other hand, you do obtain advice of counsel on this matter I would be curious to 
learn what they say.


So whether or not I am I lawyer, and whether or not the Berne
Convention very clearly states that copyright rights are automatically

enforced, and do not need to be explicitly claimed, and whether or not
the Note Well is enough to override the Berne Convention, John's
position that he wants to be conservative enough not to make
guarantees that might expose him to legal liability is a reasonable one. 

I don't think it's fair to say, "I'm not a lawyer, and you're not a
lawyer" so you should do something which you fear exposes you to legal
risk --- especially when all of the IP training many of us have gotten
have basically told us that the Berne Convention explicitly states
that you don't have to claim copyright to get copyright protections.... 


Yes, I am sure that there are corner cases here, but one thing
I have found about legal affairs is that there are always corner cases. No legal matter is ever sewn up 100%, and judges actually do take into consideration when things are done "on advise of counsel." We have it, 
we should use it.


Has the IETF Counsel actually given explicit legal advice to all IETF
contributors (which would have legal liability implications for the
IETF Trust if said advice was wrong, as I understand things) that the
Note Well to guarantee the transfer of RFC 5378 rights for text taken
from IETF mailing list discussions or at an IETF meeting?

Better yet would be if the IETF Trust was willing to ***indemnify***
I-D and RFC authors that they are on firm legal ground for asserting
that they have all RFC 5378 rights when they take text from an IETF
mailing list discussion or IETF face-to-face meeting, on the basis of
the Note Well.  After all, it is the IETF Trust which is requiring I-D
and RFC authors to make this legal guarantee, so one might assert that
in a fair world they should take the legal risks associated with that
guarantee.



Consider the threat model here.
This threat applies ONLY to material that the Trust licenses to third parties (such as, say, the IEEE) for inclusion and modification in their standards. (Just reprinting or translating an RFC is not at issue.)
Suppose that you author an RFC today, and use pre-5378 material, and warrant (in good faith) that the Trust has a license for that material, or apply a legend from the Trust that says that these rights are not obtainable by you, and it happens that the original author of that earlier material disagrees with this license to a third party. Note that these earlier author's (and their companies) agreed to freely use this material in the IETF process (the note well, etc.), and so you have no risk just by publishing the RFC as long as it is not licensed to other parties.
The Trust would be the party that would be licensing this material to third parties, so clearly 
the Trust would be the major party at risk. What is your risk ?
There is a theoretical risk that the Trust might sue you. That is one thing that the work-around is intended to remove.
There is an actual risk that a third party might sue you and the Trust - specifically, that the original author or their heirs, etc., might sue. They can only do this if there is infringing use, and that would have to be based on a license from the Trust.
If the Trust does NOT license your material to third parties, then there is no infringement, no one with standing to sue, and no risk to authors. It may be necessary for the Trust to state that they will not assume 5378 to be in place for this purpose until there is a replacement. (In that case, if the IEEE or some other body wants to take over an RFC and modify it, they will have to get explicit permission from all authors until there is a replacement for 5378 in place, just as they did before 5378 as put into place.) My understanding is that the Trust is responsible for these licenses, and so they could just (in their best judgement) refuse to issue them without further conditions.
These requests are very infrequent (less than 1 RFC per year is my understanding) and doing this would NOT stop the work of the IETF. I am beginning to feel that this may be a necessary step.
What about going forward ? Should we (the IETF, through the Trust) indemnify authors ?
Indemnification in practice translates to insurance. The Trust has insurance for its activities. I personally think it would be wise for the Trust to investigate whether it could obtain insurance for all authors _of materials licensed to others_ (post 5378 or post some later RFC), what it would cost, and whether the insurers would want changes in our procedures. (I would feel more comfortable if we just learned that our processes were insurable, even if we did not actually get insurance.)
Given that the Trust is insured for its handling of ALL IETF work, and this extra insurance would be for maybe 1 RFC per year, the cost to do this might be very reasonable. I don't know, but I would urge the Trust to find out.
Or (and this is my opinion), maybe the authors should only warrant _their work_ as being subject to such licenses, and put the burden on the Trust to obtain any necessary approvals from other parties, only alerting the Trust to the extent they know of such prior authorship. My understanding is that this would require a 5378bis.
Again, please note that I am trying to discuss what the Trust and the IETF should do, not what you or other individuals should do. 


                                                - Ted


Regards
Marshall
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: RFC 5378 "contributions", John Levine
Next by Date:  Re: RFC 5378 "contributions", TSG
Previous by Thread:  Re: RFC 5378 "contributions", Theodore Tso
Next by Thread:  Re: RFC 5378 "contributions", TSG
Indexes:  [Date] [Thread] [Top] [All Lists]