idnits 2.17.1 draft-farrresnickel-ipr-sanctions-07.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (21 June 2012) is 4327 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- ** Obsolete normative reference: RFC 3979 (ref. 'BCP79') (Obsoleted by RFC 8179) -- Obsolete informational reference (is this intentional?): RFC 3005 (Obsoleted by RFC 9245) Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group A. Farrel 2 Internet Draft Juniper Networks 3 Category: Informational P. Resnick 4 Qualcomm 5 Expires: 21 December 2012 21 June 2012 7 Sanctions Available for Application to Violators of IETF IPR Policy 9 draft-farrresnickel-ipr-sanctions-07.txt 11 Abstract 13 The IETF has developed and documented policies that govern the 14 behavior of all IETF participants with respect to Intellectual 15 Property Rights (IPR) about which they might reasonably be aware. 17 The IETF takes conformance to these IPR policies very seriously. 18 However, there has been some ambiguity as to what the appropriate 19 sanctions are for the violation of these policies, and how and by 20 whom those sanctions are to be applied. 22 This document discusses these issues and provides a suite of 23 potential actions that can be taken within the IETF community in 24 cases related to patents. 26 Status of this Memo 28 This Internet-Draft is submitted to IETF in full conformance with the 29 provisions of BCP 78 and BCP 79. 31 Internet-Drafts are working documents of the Internet Engineering 32 Task Force (IETF), its areas, and its working groups. Note that other 33 groups may also distribute working documents as Internet-Drafts. 35 Internet-Drafts are draft documents valid for a maximum of six months 36 and may be updated, replaced, or obsoleted by other documents at any 37 time. It is inappropriate to use Internet-Drafts as reference 38 material or to cite them other than as "work in progress." 40 The list of current Internet-Drafts can be accessed at 41 http://www.ietf.org/ietf/1id-abstracts.txt 43 The list of Internet-Draft Shadow Directories can be accessed at 44 http://www.ietf.org/shadow.html 46 Copyright Notice 48 Copyright (c) 2012 IETF Trust and the persons identified as the 49 document authors. All rights reserved. 51 This document is subject to BCP 78 and the IETF Trust's Legal 52 Provisions Relating to IETF Documents 53 (http://trustee.ietf.org/license-info) in effect on the date of 54 publication of this document. Please review these documents 55 carefully, as they describe your rights and restrictions with respect 56 to this document. Code Components extracted from this document must 57 include Simplified BSD License text as described in Section 4.e of 58 the Trust Legal Provisions and are provided without warranty as 59 described in the Simplified BSD License. 61 1. Introduction 63 The IETF has developed and documented policies that govern the 64 behavior of all IETF participants with respect to intellectual 65 property about which they might reasonably be aware. These are 66 documented in [BCP79] and are frequently brought to the attention of 67 IETF participants. This document summarises and references those 68 policies, but does not replace or stand in for the full statement of 69 the policies found in [BCP79]. Readers and IETF participants need to 70 be aware of the content of [BCP79]. 72 The policies set out in [BCP79] state that each individual 73 participant is responsible for disclosing or ensuring the disclosure 74 of Intellectual Property Rights (IPR) where all of the following 75 apply: 77 - they are aware of the IPR 78 - the IPR is relevant to the IETF work they are participating in 79 - the IPR is owned by the individual or by a company that employs or 80 sponsors the individual's work. 82 Conformance to these IPR policies is very important, and there is a 83 need to understand both what sanctions can be applied to participants 84 who violate the policies, and who is in a position to apply the 85 sanctions. 87 This document discusses these issues and provides a suite of 88 potential actions that can be taken within the IETF community in 89 cases related to patents. All of these sanctions are currently 90 available in IETF processes, and at least two instances of violation 91 of the IPR policy have been handled using some of the sanctions 92 listed. As explicitly called out in Section 4, a posting rights (PR) 93 action described in [RFC2418] as updated by [RFC3934], and in 94 [RFC3683], is an applicable sanction for the case of a breach of the 95 IETF's IPR policy. 97 Note: This document specifies some administrative sanctions that 98 can be imposed by and through IETF administrative processes. In 99 particular, this document does not address or limit other legal 100 sanctions, rights, or remedies that are available outside of the IETF 101 or any of the legal rights or remedies that anyone has regarding IPR. 103 This document does not consider the parallel, but important, issue of 104 ways to actively promote conformance with the IETF's IPR policy. 105 That topic is discussed in [Promote]. 107 2. Description of IETF IPR Policy 109 The IETF's IPR policy is set out in [BCP79]. Nothing in this 110 document defines or redefines the IETF's IPR policy. This section 111 simply highlights some important aspects of those policies. 112 Additional information on the IETF's IPR policy may be found at 113 [URLIPR] and [URLIESGIPR]. 115 2.1. Responsibilities of IETF Participants and Timeliness 117 According to [BCP79], individual IETF participants have a 118 personal responsibility to disclose or ensure the timely disclosure 119 of IPR of which they are aware and which they own or which is owned 120 by a company that employs or sponsors them, and which impinges upon 121 the contribution that they make to the IETF. 123 A "contribution" is also defined in [BCP79] and includes Internet- 124 Drafts, emails to IETF mailing lists, presentations at IETF meetings, 125 and comments made at the microphone during IETF meetings. Remote 126 participants as well as those participating in person at IETF 127 meetings are bound by this definition. 129 The timeliness of disclosure is very important within [BCP79]. No 130 precise definition of "timeliness" is given in [BCP79] and it is not 131 the purpose of this document to do so. But it is important to 132 understand that the impact that an IPR disclosure has on the smooth 133 working of the IETF is directly related to how late in the process 134 the disclosure is made. Thus, a disclosure made on a published RFC 135 is very likely to be more disruptive to the IETF than such a 136 disclosure on an early revision of an individual submission of an 137 Internet-Draft. 139 Third-party disclosures can also be made giving the reasoning by 140 anyone who has cause to believe that IPR exists. 142 It is important to note that each individual IETF participant has a 143 choice under the IETF's IPR policy. If the individual is unwilling 144 or unable to disclose the existence of relevant IPR in a timely 145 manner, that individual has the option to refrain from contributing 146 to and participating in IETF activities about the technology covered 147 by the IPR. 149 2.2. How Attention is Drawn to These Responsibilities 151 The IETF draws the attention of all participants to the IPR policy 152 [BCP79] through the "Note Well" statement that appears on the IETF 153 web pages [URLNoteWell], in presentations at working group and 154 plenary meetings, as well as in the boilerplate text appearing in 155 each Internet-Draft and RFC. Additionally, the Note Well statement 156 is accepted by any person signing up to join an email list hosted at 157 ietf.org. 159 [Promote] suggests a number of additional ways in which the attention 160 of IETF participants can be drawn to the IPR policy. 162 2.3. How IPR Disclosures are Made 164 The procedure for filing IPR disclosures is shown on the IETF's web 165 site at [URLDisclose]. Third-party disclosures can also be made by 166 email to the IETF Secretariat or via the web page. 168 Note that early disclosures or warnings that there might be IPR on a 169 technology can also be made. 171 2.4. How Working Groups Consider IPR Disclosures 173 In the normal course of events, a working group that is notified of 174 the existence of IPR must make a decision about whether to continue 175 with the work as it is, or whether to revise the work to attempt to 176 avoid the IPR claim. This decision is made on the working group's 177 mailing list using normal rough consensus procedures. However, 178 discussions of the applicability of an IPR claim or of the 179 appropriateness or merit of the IPR licensing terms are outside the 180 scope of the WG. The IPR situation is considered by working group 181 participants as the document advances through the development process 182 [RFC2026], in particular at key times such as adoption of the 183 document by the working group, and during last call. 185 It needs to be clearly understood that the way that the working group 186 handles an IPR disclosure is distinct from the sanctions that can be 187 applied to the individuals who violated the IETF's IPR policy. That 188 is, the decision by a working group to, for example, entirely re-work 189 an Internet-Draft in order to avoid a piece of IPR that has been 190 disclosed should not be seen as a sanction against the authors. 191 Indeed, and especially in the case of a late IPR disclosure, that a 192 working group decides to do this can be considered a harmful side 193 effect on the working group (in that it slows down the publication of 194 an RFC and might derail other work the working group could be doing) 195 and should be considered as one of the reasons to apply sanctions to 196 the individuals concerned as described in the next two sections. 198 2.5. The Desire for Sanctions 200 Not conforming to the IETF's IPR policy undermines the work of the 201 IETF, and sanctions ought to be applied against offenders. 203 2.6 Severity of Violations 205 Clearly there are different sorts of violations of IPR policy. 206 Sometimes, a working group participant simply does not realize that 207 the IPR that they invented applies to a particular working group 208 draft. Sanctions (if any) need not be at all severe. However, a 209 working group document editor who waits until near the publication 210 of a document to reveal IPR of which they themselves are the author 211 should be subject to more serious sanctions. These are judgments 212 that can be made by the working group chairs and area director. 214 This topic forms the bulk of the material in Sections 5 and 6. 216 3. Who Initiates Sanctions 218 Any IETF participant can draw attention to an apparent violation 219 of the IETF's IPR policy. This can be done by sending email to 220 the appropriate IETF mailing list including a short summary of 221 the relevant facts and events. Normally the working group chairs and 222 area directors assume the responsibility for ensuring the smooth 223 running of the IETF and for the enforcement of IETF policies 224 including the IPR policy. Thus, when sanctions are appropriate, 225 working group chairs will be the first actors when there is an active 226 working group involved in the technical work, and area directors will 227 be the first actors in other cases. The first step will usually be 228 the working group chairs or area director to gather the facts and 229 discuss the matter with the IETF participants involved. 231 Working group chairs are already empowered to take action against 232 working group participants who flout the IPR rules and so disrupt 233 the smooth running of the IETF or a specific working group, just as 234 they can take such action in the face of other disruptions. 236 The working group chairs have the responsibility to select the 237 appropriate actions since they are closest to the details of the 238 issue. Where there is no working group involved or where making the 239 decision or applying the sanctions is uncomfortable or difficult for 240 the working group chairs, the responsible AD is available to guide or 241 direct the action if necessary. 243 4. Available Sanctions 245 This section lists some of the sanctions available to handle the 246 case of an individual who violates the IETF's IPR policies. It is 247 not intended to be an exhaustive list, nor is it suggested that only 248 one sanction be applied in any case. Furthermore, it is not suggested 249 here that every case of IPR policy infringement is the same or that 250 the severest sanctions may be applied in each case. 252 In many cases, it may be appropriate to notify a wider IETF community 253 of the violation and sanctions so that patterns of behavior can be 254 spotted and handled. 256 The sanctions are listed in approximate order of severity, but the 257 ordering should not be taken as definitive or as driving different 258 decisions in different cases. Section 5 provides some notes on 259 fairness, while Section 6 gives some guidance on selecting an 260 appropriate sanction in any specific case. 262 a. A private discussion between the working group chair or area 263 director and the individual to understand what went wrong and 264 how it can be prevented in the future. 266 b. A formal, but private, warning that the individuals must improve 267 their behavior or risk one of the other sanctions. 269 c. A formal warning on an IETF mailing list that the individuals 270 must improve their behavior or risk one of the other sanctions. 272 d. Announcement to the working group of failure by the individuals 273 ("name and shame"). 275 e. On-going refusal to accept the individuals as editors of any new 276 working group documents. The appointment of editors of working 277 group documents is entirely at the discretion of the working 278 group chairs acting for the working group as explained in 279 [RFC2418]. 281 f. Removal of the individuals as working group document editors on 282 specific documents or across the whole working group. 284 g. Re-positioning of the individuals' attribution in a document to 285 the "Acknowledgements" section with or without a note explaining 286 why they are listed there and not in the "Authors' Addresses" 287 section (viz. the IPR policy violation). This action can also be 288 recorded by the area director in the datatracker entries for the 289 documents concerned. 291 h. Deprecation or rejection of the individual document (whether it 292 be an RFC or Internet-Draft) or cessation of work on the affected 293 technology. 295 i. Application of a temporary suspension of indiviuals' posting 296 rights to a specific mailing list according to the guidelines 297 expressed in [RFC2418] and updated by [RFC3934]. Such bans are 298 applied to specific individuals and to individual working group 299 mailing lists at the discretion of the working group chairs for a 300 period of no more than 30 days. 302 j. The removal of individuals' posting privileges using a Posting 303 Rights Action (PR Action) as per [RFC3683]. This is a more 304 drastic measure that can be applied when other sanctions are 305 considered insufficient or to have been ineffective. When a PR 306 action is in place, the subjects have their posting rights to a 307 particular IETF mailing list removed for a period of a year 308 (unless the action is revoked or extended), and maintainers of any 309 IETF mailing list may, at their discretion and without further 310 recourse to explanation or discussion, also remove posting rights. 312 PR actions are introduced by an area director and are considered 313 by the IETF community and the IESG in order to determine IETF 314 consensus. 316 Note that individuals who have supplied text that is included in an 317 IETF document (RFC or Internet-Draft) have a right to be recognized 318 for their contribution. This means that authors names cannot be 319 entirely removed from a document in the event that they violate the 320 IETF's IPR policy unless the text they contributed is also completely 321 removed. But the individual's name can be removed from the front 322 page and even moved from the "Authors' Addresses" section so long as 323 proper acknowledgement of the contribution is given in the 324 "Acknowledgements" section. 326 4.1. An Additional Note on the Applicability of PR Actions 328 The applicability of PR actions in the event of IPR policy possibly 329 needs some explanation. According to [RFC3683], a PR action may be 330 considered as a practice for use by the IETF in the case that "a 331 participant has engaged in a denial-of-service attack to disrupt the 332 consensus-driven process." 334 [RFC3683] further cites [RFC2418] and [RFC3005] for guidelines for 335 dealing with abusive behavior. [RFC2418] is updated by [RFC3934] in 336 this matter. 338 In some cases, ignoring or flouting the IETF's IPR policy may be 339 considered as disruptive to the smooth operation of a working group 340 or of the whole IETF such that the offender might be deemed to be a 341 disruptive individual under the terms of [RFC2418], [RFC3934] and 342 [RFC3683], and so is liable to be the subject of a sanction that 343 restricts their rights to post to IETF mailing lists as described in 344 bullets h and i of Section 4 of this document. 346 5. A Note on Fairness and Appealing Decisions 348 As with all decisions made within the IETF, any person who feels that 349 they have been subject to unfair treatment or who considers that a 350 decision has been made incorrectly may appeal the decision. The 351 IETF's appeals procedures are described in Section 6.5 of [RFC2026] 352 and reinforced in the IESG statement at [URLIESG2026]. Any sanctions 353 described above may be appealed using these procedures. 355 6. Guidance on Selecting and Applying Sanctions 357 Whoever is applying sanctions for breaching the IETF's IPR policy 358 will want to be sure that the chosen sanction matches the severity of 359 the offence and considers all circumstances. The judgment needs to be 360 applied equitably should similar situations arise in the future. 362 If in any doubt, the person selecting and applying the sanctions 363 should seek the opinion of the relevant part of the IETF community 364 or the community as a whole. Furthermore, the person should not 365 hesitate to seek the advice of their colleagues (co-chairs, area 366 directors, or the whole IESG). 368 This is a judgment call based on all circumstances of each specific 369 case. Some notes on guidance are supplied in Appendix A. 371 7. Security Considerations 373 While nothing in this document directly affects the operational 374 security of the Internet, failing to follow the IETF's IPR policies 375 can be disruptive to the IETF's standards development processes and 376 so may be regarded as an attack on the correct operation of the IETF. 377 Furthermore, a late IPR disclosure (or a complete failure to 378 disclose), could represent an attack on the use of deployed and 379 operational equipment in the Internet. 381 8. IANA Considerations 383 This document makes no requests for IANA action. 384 [RFC Editor : You may remove this section before publication.] 386 9. Acknowledgments 388 Thanks to Lou Berger, Ross Callon, Stewart Bryant, Jari Arkko, and 389 Peter Saint-Andre for comments on an early version of this document. 391 Thanks to Subramanian Moonesamy and Tom Petch for their comments on 392 the work. Thanks to Dan Wing, Tony Li, and Steve Bellovin for 393 discussions. Thanks to Stephen Farrell for providing a thorough 394 review as document shepherd. 396 Additional thanks for textual improvements around IETF last call go 397 to Randy Bush, Brian Carpenter, Jorge Contreras, Russ Housley, 398 Barry Leiba, Murray S. Kucherawy, Benoit Claise, Sean Turner, and 399 Stewart Bryant. 401 10. Authors' Addresses 403 Adrian Farrel 404 Juniper Networks 405 adrian@olddog.co.uk 407 Pete Resnick 408 Qualcomm 409 presnick@qualcomm.com 411 11. References 413 11.1. Normative References 415 [BCP79] S. Bradner, "Intellectual Property Rights in IETF 416 Technology", BCP 79, RFC 3979, March 2005. 418 [RFC2026] S. Bradner, "The Internet Standards Process - Revision 3", 419 BCP 9, RFC 2026, October 1996. 421 [RFC2418] S. Bradner, "IETF Working Group Guidelines and 422 Procedures", BCP 25, RFC 2418, September 1998. 424 [RFC3683] M. Rose, "A Practice for Revoking Posting Rights to IETF 425 Mailing Lists", BCP 83, RFC 3683, March 2004. 427 [RFC3934] M. Wasserman, "Updates to RFC 2418 Regarding the 428 Management of IETF Mailing Lists", BCP 94, RFC 3934, 429 October 2004. 431 11.2. Informative References 433 [RFC3005] S. Harris, "IETF Discussion List Charter", BCP 45, 434 RFC 3005, November 2000. 436 [Promote] Polk, T. and Saint-Andre, P., "Promoting Compliance with 437 Intellectual Property Rights (IPR) Disclosure Rules", 438 draft-polk-ipr-disclosure, work in progress. 440 [URLDisclose] http://www.ietf.org/ipr/file-disclosure 442 [URLIESG2026] http://www.ietf.org/iesg/statement/appeal.html 444 [URLIESGIPR] 445 http://trac.tools.ietf.org/group/iesg/trac/wiki/IntellectualProperty 447 [URLIPR] http://www.ietf.org/ipr/policy.html 449 [URLNoteWell] http://www.ietf.org/about/note-well.html 451 Appendix A. Guidance on Selecting and Applying Sanctions 453 As discussed in Section 6, the selection of sanctions needs to be a 454 carefully made judgment call considering all relevant circumstances 455 and events. This Appendix provides a list of things that might form 456 part of that judgment. 458 This list of considerations is for guidance and is not prescriptive 459 or exhaustive, nor does it imply any weighting of the considerations. 461 - How long has the participant been active in the IETF? 463 - Was there some exceptional circumstance? 465 - Are there special circumstances that imply that the individual 466 would not have seen or understood the pointers to and content of 467 [BCP79]? 469 - How late was the disclosure? Is the document already a working 470 group document? How many revisions have been published? How much 471 time has elapsed? Have last calls been held? Has the work been 472 published as an RFC? 474 - Was the individual a minor contributor to the IETF work, or are 475 they clearly a major contributor? 477 - Is there a reason for the individual forgetting the existence of 478 the IPR (for example, it was filed many years previous to the work 479 in the IETF)? 481 - Was the individual told by their company that disclosure was 482 imminent, but then something different happened? 484 - How speedy and humble was the individual's apology? 486 - How disruptive to the IETF work are the disclosure and the 487 associated license terms? A factor in this will be whether the 488 IETF community sees the need to re-work the document or not. 490 - Does the large number of patents that the individual has invented 491 provide any level of excuse for failing to notice that one of 492 their patents covered the IETF work?