On Sep 12, 2009, at 2:31 PM, Doug Ewell wrote:
Ole Jacobsen <ole at cisco dot com> wrote:
I am also not sure what value there is in knowing that
3478273983421 spent 10 minutes in trill and then moved on to behave
(pun intended).
To amplify, I'm not sure why the security risks of being tracked
while attending these meetings are considered so much greater than
the risks of posting messages on mailing lists, signed with one's
real name, and having those messages archived for years on publicly
accessible Web sites.
Well, I for one don't want people to know that I'm actually showing up
for the first ten minutes of each meeting I chair, replacing myself
with an inflatable dummy, and then going off to the bar. It would be
revealing that I'm too stupid to remove my RFID tag and attach it to
the dummy, and that would be a blow to my professional credibility.
Seriously, it does have major implications for intellectual property
lawsuits.
Let's say JoeBob attends a meeting of the FRILL working group, then
goes home to patent a nifty new innovation in FRILL, which is then
bought for $1 by a patent troll when JoeBob's company goes broke
because his board of directors blew their investment capital on
stocking their break room with headcheese. Said patent troll then sues
some defendant, whose legal team later notices that said FRILL-
enhancement had been discussed at IETF 211 while JoeBob, the inventor,
was in the room, thereby invalidating the patent (and making JoeBob
look like a doofus).
Okay, so that's not an example with too many negatives, unless JoeBob
decides to sue us for making him look like a doofus.
Now let's presume that some people remember (and that some other
people don't remember) JoeBob being in the room during the discussion,
but IETF"s RFID tracker log shows that JoeBob was hanging out with me
in the bar. Does IETF's failure to maintain the record that
invalidates the patent make us liable to the defendant?
Or worse yet, IETF can't produce the RFID logs in response to a court
order, because somebody goofed and deleted them. Was this a conspiracy
to protect the patent troll? Who got bribed to make it happen? How
many hundreds of thousands of euros we would like to spend on the
paperwork related to the various discovery motions we might have to
endure?
In other words, any retained information increases liability, both for
the accuracy of the retained information and for the preservation of
the retained information. That's why we must both have a policy about
how that information is obtained and preserved, and we must live up to
that policy, whatever it says.
Of course, the easiest policy is to retain no information. But even
that has its consequences. For example, is deliberate ignorance
consistent with industry best-practices? How does this interact with
the Sarbanes-Oxley requirements of our sponsors? And why would a
startup company stock its break room with headcheese anyhow?
--
Dean
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf