Re: [Gendispatch] IETF transparency and diversity

[Mark Nottingham <mnot@mnot.net>]

Tony,

At the risk of going wildly off-topic, I feel compelled to respond with my perspective.


> On 8 Apr 2021, at 2:35 am, Tony Rutkowski <rutkowski.tony@gmail.com> wrote:
> 
> Having watched dozens of standards bodies like the IETF try to assess themselves for the past forty plus years - generally not well - this list seems to follow the norm.  There are a relative handful of people on this list, and the participation is highly skewed.  3/4 of the posts are from just 21 people who are almost all insiders perpetuating status.  

If you want to make a claim like 'insiders perpetuating status', please support it; on the face, it seems more rhetorical than factual.


> Perhaps the most significant issue facing the IETF was raised by Phil on 31 March - namely that the lack of transparency of interest is an increasing challenge to the organisation

I don't agree that it's the most significant issue, by a long shot. As Kieth says, the ability for people to act as individuals here is a feature, not a bug. Furthermore, the cultural issues we're experiencing eclipse that issue easily.


> - especially with anticompetitive behavior becoming the subject of regulatory scrutiny and litigation.  

You seem to be claiming that the IETF's policy of individual participation, rather than company representation, is inadequate to prevent anti-competitive behaviour -- specifically the kinds that are currently under investigation, as widely reported in the news -- and therefore the IETF is somehow potentially liable. This connection is worth digging into, because this is not the first attempt to leverage the current headlines about competition law activity to argue for change in SDOs (see recent discussions in the W3C, for example).

EU and US competition law (statutory and case) as well as regulatory guidance documents have a lot to say about standards bodies regarding cartel behaviour (e.g., exclusion, price fixing). They also extensively cover abuse of dominance regarding IPR (patent ambush / standard-essential patents). However, they have very little to say (to date) regarding other forms of abuse of dominance in connection with SDOs -- and that's the focus of the activity that you reference.

So it's not yet clear what the relationship of standards bodies to these abuses should be. In particular, while personally I'd argue that standards are a factor that a competition regulator should take into account when considering this type of enforcement action, it isn't yet established that something becoming a standard offers any defence for abuse of dominance. Furthermore, a _responsibility_ for SDOs (and other horizontal agreements) to prevent these other theories of abuse has not been established. 

Given that, it's hard to avoid the conclusion that it would be premature for the IETF (or any other SDO) to reconfigure itself or change participation rules in reaction to these mere complaints (which may be resolved by courts in a variety of ways) and in absence of specific guidance from competition regulators. Instead, I'd very much like to see the IETF (and the W3C) enter into a dialogue with competition regulators to see if we can identify the attributes that they might find useful in standards and standards processes in making such determinations.

But ignoring all of that, let's say that Google (using them only as an example, since they're one of the focal points in these discussions) employees make some proposals without identifying themselves as such, and somehow no one notices that a) they come from Google, and b) they advantage Google over its competitors in a relevant market (noting that there's some latitude in how the effected market is connected to their power) without resorting to IPR abuse.

I'd argue that the IETF's lack of recognition for affiliation at worst has no effect on the outcome, and may even balance _against_ abuse of dominance in this circumstance. This is because proposals need to gain a rough consensus of all participants based upon technical merit (_not_ straight up/down voting), without regard to affiliation. Adding affiliation would only marginally increase visibility for any ex post enforcement action; if the process is properly run, it should not have great effect on the standards outcome itself.

Of much greater concern would be a potential abuse of dominance with effect upon a market that isn't well-represented in the IETF -- an issue which we tried to raise in RFC8890. Even then, linking the abusive effect to the market where the standard is operative could be quite problematic.


> The metrics of this list underscores the challenge - the principal proponents and decision shapers/makers lack attribution.

While your metric of attribution on this list is interesting, your claim about the leadership is simply not true; the IAB and IESG identify their members' affiliations on their respective home pages, and the NOMCOM is known to affiliation into account when selecting nominees. WG Chairs are selected with affiliation in mind and widely known, in my experience. Furthermore, proposals in the form of Internet-Drafts carry affiliation information; for example, it was very obvious and widely known that QUIC was a proposal from Google.


> During Steve Lukasik's last years, he viewed the IETF as one of his principal failures.  It was a great idea when he signed off on its initial precursor formation to get out-of-the-box collaboration among the researchers that DARPA was funding.  Attribution as well as collaboration incentives existed through the funding mechanisms.  However, when it was cut loose in the 1990s, any sense of attribution of individual contributors and decision shapers was lost.  As Phil notes, it opened the door was opened for all kinds of mischief; and in contrast to almost all other standards bodies, the IETF is alone in avoiding attribution. Getting the LLC to buy more liability insurance has its limits.
> 
> The IETF's diversity challenge is also tied into the lack of transparency.  If you crunch the numbers and examine how relatively few registrants for IETF meetings continue their participation, the organization is effectively self-distilling around a set of hardy perennials who are motivated by un-attributed factors to stick with the organization to pursue some obscure objectives.  Indeed, the IETF's substantial insularity and institutional self-aggrandisement coupled with a set of rapidly evolving technologies progressed in other far more active and effective bodies, does not bode well.

Again, 'substantial insularity and institutional self-aggrandisement' seems more rhetorical than a basis for useful discussion.


> So all of the above suggest that maintaining a generic IETF discourse list is probably a good thing.  --tony r 

That is a *huge* leap  -- can you show us your workings?

Cheers,


--
Mark Nottingham   https://www.mnot.net/