ietf
[Top] [All Lists]

Re: IETF subpoena processes update and a request

2017-03-24 11:27:51


--On Friday, March 24, 2017 08:49 -0500 Randy Bush
<randy(_at_)psg(_dot_)com> wrote:

in what legal juristiction is the ietf?  in what
juristiction is the subpoena served?  how does an american
(for example) gag order apply to a nebulous entity such as
the ietf?

all good questions - any suggested answers?

IANAL, IANAL, IANAL, IANAL, IANAL, IANAL, IANAL, IANAL, IANAL,
IANAL

the ietf does not exist, but has a service address in the
states.  the latter could easily be changed, e.g. to genevé.

"is an organized activity of" seems vague and could be
interpreted as the ietf is, for legal purposes, subsumed by
isoc.  this was likely not an accident.

i assume the subpoena with the gag order was in the states,
and the server wore a brown shirt.
...

Randy,

IANAL either, but it seems to me that Jari's note suggests a
more basic question that is almost independent of jurisdictional
issues.  Suppose the IETF (or whomever) receives a subpoena that
names individuals or companies in a way that might be
unfortunate, contain implicit accusations that might be
completely unfounded,  or even, in the opinion of those parties
if they knew, were libelous, and suppose it directs IETF to not
disclose the subpoena in any way.  Without offering anything
resembling a legal opinion, it probably makes a difference
whether the subpoena is associated with a law enforcement action
rather than the civil actions for which I think the policies
were designed.

Whether we are in a position to ignore or fight the subpoena or
not and independent of what we think about the alleged law
enforcement entities involved (including their choice of shirt
covers), it seems to me that a policy of posting subpoenas
raises several issues (with Jari's note explicitly identifying
the first).   "Lawyer" in parentheses identifies a question that
I think we need advice about if I'm not the only one who thinks
it is relevant but that would probably not be profitable to
debate on this list, at least before we have that advice.

I believe that many of the issues below would apply also to a
subpoena in a law enforcement action directed against an
individual or company (rather than, e.g., asking for
authenticated documents) even if it contained no demand for
confidentiality (again, IANAL).

(1) If the subpoena names an individual or company, is it
consistent with our privacy policies to disclose those names?

(2) If we think the answer is to avoid disclosing names by
posting the subpoena in redacted form (e.g., to eliminate
names), does the community want the IETF Trustees (or a
committee appointed by them and with membership and parties
consulted sometimes being less than transparent) to go into the
redaction business?  Does it make a difference if any
attorney-client confidentiality provisions apply only to ISOC or
the IAOC/IETF Trustees and not the community?  Would that
constitute a different sort of privacy or transparency problem
by encouraging members of the community to keep secrets from
each other?

(3) (Lawyer) If the subpoena's content, or even the fact that it
has been issued and served, implies things that the named person
or company would consider libelous if disclosed, does the IETF
become a party to the libel by making the subpoena public
(whether or not told to not do that)?

(4) (Lawyer)  I believe, but people with applicable professional
legal credentials and experience should confirm, that, if we
want to base the answers to any of these questions (including
whether the subpoena should be resisted if that is a
possibility) on knowing what sort of action is involved, based
on what laws, etc., we should get over it because a subpoena may
not disclose that information. 

(5) (Lawyer) I understand that it is generally harder to serve
civil subpoenas across international boundaries than criminal
(or other law enforcement-initiated ones although there are
variations even within those categories.  If a criminal (or
other law enforcement) action is involved, how much protection
would "move to Iceland / Geneva/ somewhere else" provide.   Of
course, most, if not all, of those places have their own legal
systems and processes and moving there (if even if were
possible) might provide more protection from the processes of
the US but obviously less from those of the new host country.

(6) (Lawyer) Assuming the IETF (or IETF Trust) were to establish
some sort of locus/ HQ in Iceland / Geneva/ Lower Slobbovia and
claim that subpoenas need to be served there, would that provide
any significant protection, especially from subpoenas initiated
by law enforcement, or would they just treat whatever we would
say about where to serve the subpoenas and instead seek out ISOC
or AMS offices or particular named individuals in a convenient
country, serve them, and make the international issues their
problem.  I note in that regard that, while Finland may be a
good place to live, the ISOC Chair, AMS officers and HQ, and
incoming IETF Chair are all based in the US.

I have no reason to believe that those are all of the questions
that should be asked, but they are a start.

   john