idnits 2.17.1 draft-farrresnickel-ipr-sanctions-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (25 April 2012) is 4384 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- ** Obsolete normative reference: RFC 3979 (ref. 'BCP79') (Obsoleted by RFC 8179) -- Obsolete informational reference (is this intentional?): RFC 3005 (Obsoleted by RFC 9245) Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group A. Farrel 2 Internet Draft Juniper Networks 3 Category: Informational P. Resnick 4 Qualcomm 5 Expires: 25 October 2012 25 April 2012 7 Sanctions Available for Application to Violators of IETF IPR Policy 9 draft-farrresnickel-ipr-sanctions-05.txt 11 Abstract 13 The IETF has developed and documented policies that govern the 14 behavior of all IETF participants with respect to Intellectual 15 Property Rights (IPR) about which they might reasonably be aware. 17 The IETF takes conformance to these IPR policies very seriously. 18 However, there has been some ambiguity as to what the appropriate 19 sanctions are for the violation of these policies, and how and by 20 whom those sanctions are to be applied. 22 This document discusses these issues and provides a suite of 23 potential actions that may be taken within the IETF community. 25 Status of this Memo 27 This Internet-Draft is submitted to IETF in full conformance with the 28 provisions of BCP 78 and BCP 79. 30 Internet-Drafts are working documents of the Internet Engineering 31 Task Force (IETF), its areas, and its working groups. Note that other 32 groups may also distribute working documents as Internet-Drafts. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 The list of current Internet-Drafts can be accessed at 40 http://www.ietf.org/ietf/1id-abstracts.txt 42 The list of Internet-Draft Shadow Directories can be accessed at 43 http://www.ietf.org/shadow.html 45 Copyright Notice 47 Copyright (c) 2012 IETF Trust and the persons identified as the 48 document authors. All rights reserved. 50 This document is subject to BCP 78 and the IETF Trust's Legal 51 Provisions Relating to IETF Documents 52 (http://trustee.ietf.org/license-info) in effect on the date of 53 publication of this document. Please review these documents 54 carefully, as they describe your rights and restrictions with respect 55 to this document. Code Components extracted from this document must 56 include Simplified BSD License text as described in Section 4.e of 57 the Trust Legal Provisions and are provided without warranty as 58 described in the Simplified BSD License. 60 1. Introduction 62 The IETF has developed and documented policies that govern the 63 behavior of all IETF participants with respect to intellectual 64 property about which they might reasonably be aware. These are 65 documented in [BCP79] and are frequently brought to the attention of 66 IETF participants. The policies state that each individual 67 participant is responsible for disclosing or ensuring the disclosure 68 of Intellectual Property Rights (IPR) where: 70 - they are aware of the IPR 71 - the IPR is relevant to the IETF work they are participating in 72 - the IPR is owned by a company that employs or sponsors the 73 individual's work. 75 Conformance to these IPR policies is very important, and there is a 76 need to understand both what sanctions may be applied to participants 77 who violate the policies, and who may apply those sanctions. 79 This document discusses these issues and provides a suite of 80 potential actions that may be taken by the IETF community. All of 81 these sanctions are currently available in IETF processes, and two 82 instances of violation of the IPR policy have been handled using some 83 of the sanctions listed. As explicitly called out in Section 4, 84 a posting rights (PR) action described in [RFC2418] as updated by 85 [RFC3934], and in [RFC3683] is an applicable sanction for the case of 86 a breach of the IETF's IPR policy. 88 This document does not consider the parallel, but important issue of 89 ways to actively promote conformance with the IETF's IPR policy. 90 That topic is discussed in [Promote]. 92 2. Description of IETF IPR Policy 94 The IETF's IPR policy is set out in [BCP79]. Nothing in this 95 document defines or redefines the IETF's IPR policy. This section 96 simply highlights some important aspects of those policies. 98 Additional information on the IETF's IPR policy may be found at 99 [URLIPR] and [URLIESGIPR]. 101 2.1. Responsibilities of IETF Participants and Timeliness 103 According to [BCP79], individual IETF participants have a 104 personal responsibility to disclose or ensure the timely disclosure 105 of IPR of which they are aware and which they own or which is owned 106 by a company that employs or sponsors them, and which impinges upon 107 the contribution that they make to the IETF. 109 A "contribution" is also defined in [BCP79] and includes Internet- 110 Drafts, emails to IETF mailing lists, presentations at IETF meetings, 111 and comments made at the microphone during IETF meetings. 113 The timeliness of disclosure is very important within [BCP79]. No 114 precise definition of "timeliness" is given in [BCP79] and it is not 115 the purpose of this document to do so. But it is important to 116 understand that the impact that an IPR disclosure has on the smooth 117 working of the IETF is an inverse function of its timeliness. Thus, 118 a disclosure made on a published RFC is very likely to be more 119 disruptive to the IETF than such a disclosure on an early revision of 120 an individual submission of an Internet-Draft. 122 Third-party disclosures may also be made by anyone who believes that 123 IPR may exist. 125 It is important to note that each individual IETF participant has a 126 choice under the IETF's IPR policy. If the individual is unwilling 127 or unable to disclose the existence of relevant IPR in a timely 128 manner, that individual has the option to refrain from participating 129 in IETF discussions about the technology covered by the IPR 131 2.2. How Attention is Drawn to These Responsibilities 133 The IETF draws the attention of all participants to the IPR policy 134 [BCP79] through the "Note Well" statement on the IETF web pages 135 [URLNoteWell], presentations at working group and plenary meetings, 136 and in printed materials handed out at IETF meetings, as well as in 137 the boilerplate text appearing in each Internet-Draft and RFC. 139 [Promote] suggests a number of additional ways in which the attention 140 of IETF participants can be drawn to the IPR policy. 142 2.3. How IPR Disclosures are Made 144 The procedure for filing IPR disclosures is shown on the IETF's web 145 site at [URLDisclose]. Third-party disclosures may also be made by 146 email to the IETF Secretariat or via the web page. 148 Note that early disclosures or warnings that there might be IPR on a 149 technology may also be made. 151 2.4. How Working Groups Consider IPR Disclosures 153 In the normal course of events, a working group that is notified of 154 the existence of IPR must make a decision about whether to continue 155 with the work as it is, or whether to revise the work to attempt to 156 avoid the IPR claim. This decision is made on the working group's 157 mailing list using normal rough consensus procedures. However, 158 discussions of the applicability of an IPR claim or of the 159 appropriateness or merit of the IPR licensing terms are outside the 160 scope of the WG. The IPR situation is considered by working group 161 participants as the document advances through the development process 162 [RFC2026], in particular at key times such as adoption of the 163 document by the working group, and during last call. 165 It needs to be clearly understood that the way that the working group 166 handles an IPR disclosure is distinct from the sanctions that may be 167 applied to the individuals who violated the IETF's IPR policy. That 168 is, the decision by a working group to, for example, entirely re-work 169 an Internet-Draft in order to avoid a piece of IPR that has been 170 disclosed should not be seen as a sanction against the authors. 171 Indeed, and especially in the case of a late IPR disclosure, that a 172 working group decides to do this may be considered a harmful side 173 effect on the working group (in that it slows down the publication of 174 an RFC and may derail other work the working group could be doing) 175 and should be considered as one of the reasons to apply sanctions to 176 the individuals concerned as described in the next two sections 178 2.5. The Desire for Sanctions 180 Not conforming to the IETF's IPR policy undermines the work of the 181 IETF, and sanctions should be applied against offenders. 183 2.6 Severity of Violations 185 Clearly there are different sorts of violations of IPR policy. 186 Sometimes, a working group participant simply does not realize that 187 the IPR that they invented applies to a particular working group 188 draft. Sanctions (if any) need not be at all severe. However, a 189 working group document editor who waits until near the publication 190 of a document to reveal IPR of which they themselves are the author 191 should be subject to more serious sanctions. These are judgments 192 that can be made by the working group chairs and area director. 194 This topic forms the bulk of the material in Sections 5 and 6. 196 3. Who May Call For and Apply Sanctions 198 Any IETF participant can call for sanctions to be applied to anyone 199 they believe has violated the IETF's IPR policy. This can be done by 200 sending email to the appropriate IETF mailing list. Normally, 201 however, the working group chairs and area directors assume the 202 responsibility for ensuring the smooth-running of the IETF and for 203 the enforcement of IETF policies including the IPR policy. Thus, 204 when sanctions are called for, working group chairs will be the first 205 actors when there is an active working group involved in the 206 technical work, and area directors will be the first actors in other 207 cases. 209 Working group chairs are already empowered to take action against 210 working group participants who flout the IPR rules and so disrupt 211 the smooth running of the IETF or a specific working group, just as 212 they can take such action in the face of other disruptions. 214 The working group chairs have the responsibility to select the 215 appropriate actions since they are closest to the details of the 216 issue. Where there is no working group involved or where making the 217 decision or applying the sanctions is uncomfortable or difficult for 218 the working group chairs, the responsible AD is available to guide or 219 direct the action if necessary. 221 4. Available Sanctions 223 This section lists some of the sanctions available to handle the 224 case of an individual who violates the IETF's IPR policies. It is 225 not intended to be an exhaustive list, nor is it suggested that only 226 one sanction be applied in any case. Furthermore, it is not suggested 227 here that every case of IPR policy infringement is the same or that 228 the severest sanctions should be applied in each case. 230 The sanctions are listed in approximate order of severity, but the 231 ordering should not be taken as definitive or as driving different 232 decisions in different cases. Section 6 gives some guidance on 233 selecting an appropriate sanction in any specific case, while Section 234 5 provides some notes on fairness. 236 a. A private discussion between the working group chair or area 237 director and the individual to understand what went wrong and 238 how it can be prevented in the future. 240 b. A formal, but private warning that the individuals must improve 241 their behavior or risk one of the other sanctions. 243 c. A formal warning on an IETF mailing list that the individuals 244 must improve their behavior or risk one of the other sanctions. 246 d. Announcement to the working group of failure by the individuals 247 ("name and shame"). 249 e. On-going refusal to accept the individuals as editors of any new 250 working group documents. The appointment of editors of working 251 group documents is entirely at the discretion of the working 252 group chairs acting for the working group as explained in 253 [RFC2418]. 255 f. Removal of the individuals as working group document editors on 256 specific documents or across the whole working group. 258 g. Re-positioning of the individual's attribution in a document to 259 the "Acknowledgements" section with or without a note explaining 260 why they are listed there and not in the "Authors' Addresses" 261 section (viz. the IPR policy violation). This action can also be 262 recorded by the area director in the datatracker entries for the 263 documents concerned. 265 h. Deprecation or rejection of the individual document (whether it 266 be an RFC or Internet-Draft) or cessation of work on the affected 267 technology. 269 i. Application of a temporary suspension of posting rights to a 270 specific mailing list according to the guidelines expressed in 271 [RFC2418] and updated by [RFC3934]. Such bans are applied to 272 specific to individual working group mailing lists at the 273 discretion of the working group chairs for a period of no more 274 than 30 days. 276 j. The removal of posting privileges using a Posting Rights Action 277 (PR Action) as per [RFC3683]. This is a more drastic measure 278 that can be applied when other sanctions are considered 279 insufficient or to have been ineffective. When a PR action is in 280 place, the subjects have their posting rights to a particular IETF 281 mailing list removed for a period of a year (unless the action is 282 revoked or extended), and maintainers of any IETF mailing list 283 may, at their discretion and without further recourse to 284 explanation or discussion, also remove posting rights 286 PR actions are introduced by an area director and are considered 287 by the IETF community and the IESG in order to determine IETF 288 consensus. 290 In many cases, it may be appropriate to notify a wider IETF community 291 of the violation and sanctions so that patterns of behavior can be 292 spotted and handled. 294 Note that individuals who have supplied text that is included in an 295 IETF document (RFC or Internet-Draft) have a right to be recognized 296 for their contribution. This means that authors names cannot be 297 entirely removed from a document in the event that they violate the 298 IETF's IPR policy unless the text they contributed is also completely 299 removed. But the individual's name can be removed from the front 300 page and even moved from the "Authors' Addresses" section so long as 301 proper acknowledgement of the contribution is given in the 302 "Acknowledgements" section. 304 4.1. An Additional Note on the Applicability of PR Actions 306 The applicability of PR actions in the event of IPR policy possibly 307 needs some explanation. According to [RFC3683], a PR action may be 308 considered as a practice for use by the IETF in the case that "a 309 participant has engaged in a denial-of-service attack to disrupt the 310 consensus-driven process." 312 [RFC3683] further cites [RFC2418] and [RFC3005] for guidelines for 313 dealing with abusive behavior. [RFC2418] is updated by [RFC3934] in 314 this matter. 316 In some cases, ignoring or flouting the IETF's IPR policy may be 317 considered as disruptive to the smooth operation of a working group 318 or of the whole IETF such that the offender might be deemed to be a 319 disruptive individual under the terms of [RFC2418], [RFC3934] and 320 [RFC3683], and so is liable to be the subject of a sanction that 321 restricts their rights to post to IETF mailing lists as described in 322 bullets h and i of Section 4 of this document. 324 5. A Note on Fairness and Appealing Decisions 326 As with all decisions made within the IETF, any person who feels that 327 they have been subject to unfair treatment or who considers that a 328 decision has been made incorrectly may appeal the decision. The 329 IETF's appeals procedures are described in Section 6.5 of [RFC2026] 330 and reinforced in the IESG statement at [URLIESG2026]. Any sanctions 331 described above may be appealed using these procedures. 333 6. Guidance on Selecting and Applying Sanctions 335 Whoever is applying sanctions for breaching the IETF's IPR policy 336 will want to be sure that the chosen sanction matches the severity of 337 the offence and considers all circumstances. The judgment needs to be 338 applied equitably should similar situations arise in the future. 340 If in any doubt, the person selecting and applying the sanctions 341 should seek the opinion of the relevant part of the IETF community 342 or the community as a whole. Furthermore, the person should not 343 hesitate to seek the advice of their colleagues (co-chairs, area 344 directors, or the whole IESG). 346 This is a judgment call based on all circumstances of each specific 347 case. Some notes on guidance are supplied in Appendix A. 349 7. Security Considerations 351 While nothing in this document directly affects the operational 352 security of the Internet, failing to follow the IETF's IPR policies 353 can be disruptive to the IETF's standards development processes and 354 so may be regarded as an attack on the correct operation of the IETF. 355 Furthermore, a late IPR disclosure (or a complete failure to 356 disclose), could represent an attack on the use of deployed and 357 operational equipment in the Internet. 359 8. IANA Considerations 361 This document makes no requests for IANA action. 363 9. Acknowledgments 365 Thanks to Lou Berger, Ross Callon, Stewart Bryant, Jari Arkko, and 366 Peter Saint-Andre for comments on an early version of this document. 368 Thanks to Subramanian Moonesamy and Tom Petch for their comments on 369 the work. Thanks to Dan Wing, Tony Li, and Steve Bellovin for 370 discussions. Thanks to Stephen Farrell for providing a thorough 371 review as document shepherd. 373 10. Authors' Addresses 375 Adrian Farrel 376 Juniper Networks 377 adrian@olddog.co.uk 379 Pete Resnick 380 Qualcomm 381 presnick@qualcomm.com 383 11. References 385 11.1. Normative References 387 [BCP79] S. Bradner, "Intellectual Property Rights in IETF 388 Technology", BCP 79, RFC 3979, March 2005. 390 [RFC2026] S. Bradner, "The Internet Standards Process - Revision 3", 391 BCP 9, RFC 2026, October 1996. 393 [RFC2418] S. Bradner, "IETF Working Group Guidelines and 394 Procedures", BCP 25, RFC 2418, September 1998. 396 [RFC3683] M. Rose, "A Practice for Revoking Posting Rights to IETF 397 Mailing Lists", BCP 83, RFC 3683, March 2004. 399 [RFC3934] M. Wasserman, "Updates to RFC 2418 Regarding the 400 Management of IETF Mailing Lists", BCP 94, RFC 3934, 401 October 2004. 403 11.2. Informative References 405 [RFC3005] S. Harris, "IETF Discussion List Charter", BCP 45, 406 RFC 3005, November 2000. 408 [Promote] Polk, T. and Saint-Andre, P., "Promoting Compliance with 409 Intellectual Property Rights (IPR) Disclosure Rules", 410 draft-polk-ipr-disclosure, work in progress. 412 [URLDisclose] http://www.ietf.org/ipr/file-disclosure 414 [URLIESG2026] http://www.ietf.org/iesg/statement/appeal.html 416 [URLIESGIPR] 417 http://trac.tools.ietf.org/group/iesg/trac/wiki/IntellectualProperty 419 [URLIPR] http://www.ietf.org/ipr/policy.html 421 [URLNoteWell] http://www.ietf.org/about/note-well.html 423 Appendix A. Guidance on Selecting and Applying Sanctions 425 As discussed in Section 6, the selection of sanctions needs to be a 426 carefully made judgment call considering all relevant circumstances 427 and events. This Appendix provides a list of things that might form 428 part of that judgment. 430 This list of considerations is for guidance and is not prescriptive 431 or exhaustive, nor does it imply any weighting of the considerations. 433 - How long has the participant been active in the IETF? 435 - Was there some exceptional circumstance? 437 - Are there special circumstances that imply that the individual 438 would not have seen or understood the pointers to and content of 439 [BCP79]? 441 - How late was the disclosure? Is the document already a working 442 group document? How many revisions have been published? How much 443 time has elapsed? Have last calls be held? Has the work been 444 published as an RFC? 446 - Was the individual a minor contributor to the IETF work, or are 447 they clearly a major contributor? 449 - Is there a reason for the individual forgetting the existence of 450 the IPR (for example, it was filed many years previous to the work 451 in the IETF)? 453 - Was the individual told by their company that disclosure was 454 imminent, but then something different happened? 456 - How speedy and humble was the individual's apology? 458 - How disruptive to the IETF work are the disclosure and the 459 associated license terms? A factor in this will be whether the 460 IETF community sees the need to re-work the document or not. 462 - Does the large number of patents that the individual has invented 463 provide any level of excuse for failing to notice that one of 464 their patents covered the IETF work?