Hi Andrew, please see inline.
On 5/11/17, 05:14, "ietf on behalf of Andrew Sullivan"
<ietf-bounces(_at_)ietf(_dot_)org on behalf of
ajs(_at_)anvilwalrusden(_dot_)com> wrote:
On Wed, May 10, 2017 at 07:47:20PM +0000, Stephan Wenger wrote:
I’m in favor of validating the address, for example by sending some form of
credential to it; without the credential, only listening/reading access is
granted. Doesn’t have to be bullet-proof, but using
example(_at_)example(_dot_)com shouldn’t work. This is obviously in order
to obtain one semi-traceable record of the participant.
We don't do that for in-person participants, because we no longer even
collect the email address on the blue sheets. (We do it for meeting
registration, of course, but we don't have a way to pair that with
participation in any given part of the meeting, so the IPR issue is
harder to argue by analogy here.)
The question is not whether we collect email addresses. The question is
whether we collect the identification of the individual and its employer,
bother with reasonable certainty. IIRC, one reason for the change from email
address to company name was made because, today, many people use non-employer
email for IETF work even if they do the work mostly on behalf of their employer
and as part of their job, and tracking down the participant’s employer from the
email address for things like Noncom eligibility and also IPR related issues
didn’t work anymore (if it ever did). (there were also other motivations,
including the handy creation of a SPAM list from IETF archival material such as
the proceedings).
For an in-person meeting, we (or a court) have many ways to identify a person
who influences the decision process. For an external person, especially when
there is no video, we are more limited. A non-verified email address is
certainly easier to fake than the recollection of a roomful of people during a
physical meeting.
And 5) click-through of the Note Well (unless that’s done in some other
phase of the remote participation, like when signing-in to meetecho). Again
for--I hope obvious--IPR related reasons.
We _certainly_ don't do that for in-person meetings. We put the Note
Well up and assume that anyone who is in the room and who makes a
Contribution in any way is aware of it. Joining the meeting virtually
has the same property, no?
Actually, No. In an in-person meeting, the hurdle of missing a note well is
pretty high. When you are at a physical meeting and get bombarded with a Note
Well not only during registration time, but also daily several times at the
begin of WG sessions, you and your lawyer would have a hard time to argue that
you were not aware of it (and therefore perhaps free of certain obligations you
otherwise have per policy). OTOH, assuming no click-through or similar, a good
lawyer could conceivably make the case that his client was not aware of the
Note Well and associated policy when influencing an IETF decision process of a
certain document, especially if that person is not an IETF regular and dials in
only for one WG session (and perhaps a bit late to that). Then, the good
lawyer could conceivably argue that certain obligations (such as the obligation
to disclose patents) were not known to that client of his. And finally, the
lawyer could argue that, therefore, the obligations !
do not apply. (Note that I didn’t include the word “successful” in the last
sentence.)
There has been one fairly prominent case where a company choose to send
undercover participants to standards meetings, in order to (so the court found
IIRC) circumvent obligations by the standards committee. We should not
facilitate such behavior. That case and ours are not directly comparable, but
IMO not dissimilar in their nature.
Stephan
A
--
Andrew Sullivan
ajs(_at_)anvilwalrusden(_dot_)com