Re: IETF subpoena processes update and a request

On 24 Mar 2017, at 19:50, John R Levine wrote:

You've been on the IESG and I haven't, but I'm still scratching myhead about why this process needs to change to give the IESG even alittle more work after it's been working OK for over a decade.

First of all, this whole discussion started because of something that isnot working (or at least wasn't anticipated and there are concernsabout): Dealing with gag orders and the like. My contention was (is)that in addressing that, it would help to be absolutely clear in ourprocedure documents that IETF leadership, who will inevitably consist ofpeople from different nations under different laws, will have fullaccess to any subpoena, in the way that the officers of any organizationwould have access to any legal documents.

Second, I would be perfectly OK (and would not at all be surprised) ifthe IESG were to say to legal counsel, for example, "While you shouldsupply the IESG with all subpoenas through our normal procedure, anysubpoena that simply asks for certified blue sheets you should simplysatisfy such a subpoena, since blue sheets are public informationanyway." The addition of any "process" is only to ensure that subpoenasare visible to leadership, not because any particular kind of subpoenaneeds review.

Whenever someone says, "there's no need for you to know thisinformation", when not preceded by a long explanation of anadditional harm one is incurring by simply knowing the piece ofinformation, particularly when "you" is the leadership of anorganization, it sends up a giant red flag for me.
See Klensin's previous message. The chance of reputation damage tosomeone named in a subpoena is significant, and the IESG has no legalexpertise.

The IESG has legal expertise in the form of a legal advisor, the sameway the Board of Directors of any corporation does, and the same way Ido with my personal attorney. And it would behoove any and all of us tofollow that legal advice and make ourselves aware of what should andshould not be publicized. And an AD who goes blabbing about the contentsof any legal document without talking to counsel is not suited to be anAD.

...judge who asks why we show criminal subpoenas to a bunch of nerdswith no legal experience rather than having our lawyer handle it like
everyone else does.

That's insulting of the intelligence and integrity of the IESG, and Ithink it's the height of hubris on your part. Any judge who asks whycriminal subpoenas are shown to a "bunch of idiots" on the Board ofDirectors of a corporation who have "no legal experience" should be toldto piss off; they are the people responsible for the corporation, andthey can look at any legal document served on the company, and they havethe eventual responsibility for any information that goes out the door.I can tell you that the day my attorney supplies my documents inresponse to a subpoena without asking me, or without having priorinstructions on particular documents that they can supply, and saysanything close to, "You don't need to know what's in the subpoena", isthe day my attorney gets fired.

And please, do consider the case where the subpoena is from an authorityin <<insert country that you're not impressed with>> and the subpoena isfor all of the server logs in order to discover whether John, a citizenof said country, has been reading messages from a particular WG thatsaid the authorities in this country deem to be talking about tools ofsedition like encryption. I'd like to think that our leadership mightweigh in on such a request.

Again, I am fine if the IESG wants to delegate the authority to answercertain (or even most) subpoenas. But I want our procedures to be clearthat they can look at them and everyone to be on notice about what thatimplies. What I absolutely do not want is a contractor or advisor who isnot answerable to the community having the power to withhold informationfrom our chosen leadership.


pr
--
Pete Resnick <http://www.qualcomm.com/~presnick/>
Qualcomm Technologies, Inc. - +1 (858)651-4478