I have checked and from a legal point of view, the closing
signatures last week appear to make no difference to anybody's
legal liability. All recent RFCs carry a rather strong disclaimer
starting 'This document and the information contained herein are
provided on an "AS IS" basis...' and I believe that is necessary
JFC (Jefsey) Morfin wrote:
At 04:08 09/12/2005, Lucy E. Lynch wrote:
On Fri, 9 Dec 2005, JFC (Jefsey) Morfin wrote:
> NB1: I fully understand that people from the darkwing are jealous
> from those living on the brightside. :-)
channeling Lord Vader ... "The force is with you young Skywalker, but
you are not a Jedi yet."
even billions years ago, by my network age, I am more Qui-Gon Jefsey :-)
> NB2: I still wait for my response concerning the legal responsibility
> of the Trust.
I believe that once the IETF Trust is signed, the Trustees will take
on the duties outlined in sec. 7, and , because the trustees are the
members of the IAOC, they will be answerable to the IETF community
under the provisions outlined in BCP 101 - is that the answer you're
looking for? Additional duties can be added by the community idf the
No. "Legal" does not mean answerable to the community. It means
answerable to the Law. I will detail the response because I think it is
important. Very important for the network stability - where would we go
if the IETF was blocked.
Let be practical. The IETF, after approval of the IESG and the review of
the IAB, produces texts. It is therefore an author. An author has legal
responsibilities for the content of his texts. In addition this
publication is assumed by an editor (the RFC -Editor) the IAOC shares
into the organisation. Editors have legal responsibility. The more an
author has authority in his area, the more he has duties. This is a
cooperative work the rules of which underline (RFC 3935) the obligations
of competence and responsibility. This is a serious published claim of
trustability any Judge will consider.
In addition the IETF claims (RFC 3935) that its mission is to
"influence" those who "design, use and manage" the Internet. This
Internet is no more conceived as the user's adherence to the IETF
documents, what implied the necessary acceptance of the IETF doctrine,
solutions and authority, but as the common digital ecosystem of the
world, something co-own by everyone independently from the IETF.
This means that the IETF, its editorial committee the IESG, its review
committee the IAB, its editor the RFC -Editor, its management the IAOC
and the Trustees of its IPRs share responsibilities in the incitations
published and in the influences seek by its authors.
Let consider the case of an RFC (wearing the diamond logo, IETF name,
etc.) where the IESG has accepted Security Considerations which do not
document an important risk. Someone (at this level it is likely that
that someone is an important entity or a Government) suffer or wants to
protects users from that risk, and sues the "IETF" for its dangerous
incitation and its responsibility by influence. Who is legally responsible?
In the confusion of the IETF/IESG/IAB/IAOC/ISOC in the area of
responsibilities, IANAL but common sense is to think that legal, ethic
and financial responsibility will be found where is the IPR claim. It is
also likely that the WG members, the IESG and the IAB members, and the
authors will be individually or collectively prosecuted if the case if
of enough importance.
1. what is different about IETF from other SSDOs?
- the IETF wants to be partly binding (influencing) to the users of
an operational system its users co-own without reference to the IETF
- the IETF obliges itself to competence and responsibility in what
it says and in the most efficient use of that system
- the IETF is a loosely organized structure with no clearly
identified legal core and no adhesion statement waiving its/or its
- the waiver included in the Internet standard document cannot cover
the incitations these documents may contain nor the use the IETF itself
wants to make of them as an influence tool conforming to its very mission.
- the IETF debates are supposed transparent and therefore show to
what extent and with which seriousness legal rights and societal and
political consequences have been considered, as well as the attention
brought to each country, community, individual interest.
- the IETF is a private entity protected by no international
mandate, with no official representation assuming responsibility in
front of national and international law. Its only protection is the
claim that the USG refused on its behalf (as the initial investor) the
UN form of international protection offered by the international
I am not competent enough to know how, when and if such a protection
could be really obtained.
- however the concept that "the constitution is in the code", i.e.
in the standard, is a well known and accepted concept which makes the
IETF the source of an increasingly important part of the world's
constitution. However the IETF has not a structure to consider the
societal, political, sovereignty, economical, privacy, etc. impact of
its technical decisions.
2. what are possible cases the IETF can be sued for?
- the way an RFC disfavors economical, societal, national interests.
This is a well known issue. The IETF fully acknowledges it through its
appeal procedure. But the IETF interrupt the appeal possibility to the
IAB. As long as the issue concerns an IETF document, endorsed by the
IESG and reviewed by the IAB this is OK. But when the content has a
legal or political aspect beyond the authorship authority of the IETF,
what is the escalation against a biased decision of the IAB?
- the IETF is an open house. It has studied its own financing and
functioning and the way it can be used by biased interests (RFC 3774 and
RFC 3869). This shows that there are cases against biased dominance,
disloyal practices, etc. where the IETF can be considered as an
accomplice on a case per case basis, or for not having structurally
corrected a known situation.
- incitations is an important area. There are attitudes and
positions that the IETF considers as normal or even claim to politically
support however they are not technical. This may hurt national laws. The
way the IETF addresses the lingual issues can easily be construed as an
actual violation of the human rights. The lack of warning about the
possibilities permitted or increased by RFCs concerning privacy
violations, personal profiling over racial, cultural, religious aspects,
etc. are criminal by themselves.
- more generally, since 9/11 nations have documented the "nuclear
equivalent" risks the Internet represents for their citizens (in
particular the USA were the first to publish an analysis and to build a
set of requirements I often quote as fundamental, and I do not feel
meany read: http://whitehouse.gov/pcipb). Should such a risk transform
into a realty, as we all are conscious [from other technology
developments] it will at some stage, the prosecution and the public
opinion(s) will investigate the responsibility of the self-proclaimed
collective influencing authority having sponsored the originating
I note that in this I only consider the legal responsibility. But the
self chosen moral individual or collective responsibility is enormous
while the IETF offers no protection to its members. Should someone
propose something which can be misused or wrong with a deadly direct or
indirect impact, the "consensus" process of the IETF offers no serious
warranty that this will be corrected by the IETF collective mechanic.
This is only a quick and dirty response, to give you a rough picture.
Lawyers and politics could build a much more precise one. I note that in
front of a major privacy/racial information violation (as RFC 3066 bis
prepares), or of a large number of foreseen deaths (as considered by the
White House document) legal theories do not hold much even if they
permit a posthumous victory. The Internet is more and more part of
everyone life. It MUST be protected from this kind of issues.
Tunis has accepted that for a short while this would be kept under the
responsibility of the USA through the current status quo. This is a BIG
responsibility on voluntary individuals and on a confuse structure. At
least this structure is to seriously consider its protection and fuses.
ICANN is currently protected by the GAC and the USG/NTIA in case of a
country suing them over a ccTLD delegation, but it is commonly sued for
it other decisions. What does protect the IETF? All the more than RFC
3935 describes a non-consensual, non-transparent IETF decision
mechanism: who is legally responsible for these decisions. What is the
financial protection scheme signed for the IAB and IESG members?
If I only take the case of the RFC 3066 bis I know well, there is a very
impressive number of reasons to legally assign the IETF, the IESG, the
members of the WG-ltru. We all know that today the point in an
assignation is not to win but to proceed. What is the use to be right
when one is dead? I know there are cheaper ways to kill the IETF and to
force a technology change or a status quo protection or even only to
block a competitive choice. But not everyone knows it: the most common
way we know everyone knows is to sue.
IAOC mailing list
Ietf mailing list