Re: Feedback: Proposed IESG Statement on Restricting Access
IETF Chair <chair@ietf.org> Fri, 21 October 2022 11:15 UTC
Return-Path: <chair@ietf.org>
X-Original-To: ietf-announce@ietfa.amsl.com
Delivered-To: ietf-announce@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F11FC1522A7 for <ietf-announce@ietfa.amsl.com>; Fri, 21 Oct 2022 04:15:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.889
X-Spam-Level:
X-Spam-Status: No, score=-0.889 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MANY_SPAN_IN_TEXT=1, T_FILL_THIS_FORM_SHORT=0.01, T_HTML_ATTACH=0.01, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vZx67l4nixer for <ietf-announce@ietfa.amsl.com>; Fri, 21 Oct 2022 04:15:39 -0700 (PDT)
Received: from smtpclient.apple (mail.eggert.org [91.190.195.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPSA id 73069C14CE2A for <ietf-announce@ietf.org>; Fri, 21 Oct 2022 04:15:14 -0700 (PDT)
From: IETF Chair <chair@ietf.org>
Content-Type: multipart/mixed; boundary="Apple-Mail=_9F833BB3-2096-4C70-95FB-093CD6D0DD5C"
Reply-To: The IESG <iesg@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
Subject: Re: Feedback: Proposed IESG Statement on Restricting Access
Date: Fri, 21 Oct 2022 14:15:11 +0300
References: <34D763E0-6EBB-4D80-B8DF-CE2C4E5599FC@ietf.org>
To: ietf-announce@ietf.org
In-Reply-To: <34D763E0-6EBB-4D80-B8DF-CE2C4E5599FC@ietf.org>
Message-Id: <CC54368B-D063-463F-B4ED-FB7528DDC010@ietf.org>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-announce/rF5LVgUPn7RuUXtgt_Kopg3L2XU>
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-announce/>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Oct 2022 11:15:40 -0000
On 2022-10-11, at 14:58, IETF Chair <chair@ietf.org> wrote: > Based on the IETF LLC consultation on restricting participant access to IETF > systems [1], the IESG has reviewed the draft policy produced by the IETF LLC. > Implementation of this policy would take the form of publishing an IESG > statement. The text of this proposed IESG statement is included below. > > The IESG plans to make a decision in the next few weeks, and solicits final > comments on this statement. Please send substantive comments to the IESG at > iesg@ietf.org by 2022-11-25. Thank you for the feedback on the proposed statement. We've tried to take what we've received into account and revised the proposed text (see below.) I'm also attaching a diff to make the changes easier to spot. Please send additional feedback by 2022-11-25. Lars Eggert IETF Chair, on behalf of the IESG -- Statement on Restricting Access (Draft) In discussions with IETF counsel, a number of potential circumstances have been identified under which the IESG should, after having been advised by counsel, restrict an individual from using IETF IT systems and/or from participating in IETF meetings, as not doing so would expose the IETF to serious legal risk. The IESG expects that it will follow the advice of counsel and restrict access and/or restrict participation of an individual. The IESG intends to only take such drastic actions in response to legal advice by counsel, and not for other reasons. It is expected that this advice will only be received after all other reasonable attempts to address the issue, if any are possible, have been exhausted. The IESG publishes this statement to set out in advance the principles and procedural guidelines it will follow in taking such an action. The circumstances currently identified under which such legal advice may be provided are as follows. This is not an exhaustive list and this statement will apply under any circumstance where legal advice of this nature is received: 1. When ordered to do so by a court that has jurisdiction over the IETF LLC. 2. If an individual concerned is using those systems or meetings to threaten or otherwise seriously harass someone. 3. If an individual repeatedly shares copyrighted material – through IETF IT systems or at IETF meetings – that they do not have authority to share. The principles that the IESG will aim to maintain from the outset are as follows. These principles are listed in order of priority and where a conflict between them arises, the higher priority principle will take precedence: 1. To comply with the law and mitigate any serious legal risk to the IETF. 2. To preserve, as far as is possible, the integrity and openness of the standards process. 3. To preserve the current approach to identity for IETF engagement, noting that this varies according to context from anonymous (e.g., accessing RFCs), to pseudonymous (e.g., contributing to a mailing list), to identity verified (e.g., as a board member of the IETF LLC). 4. To only act as necessary to mitigate the serious legal risk and to avoid any over-reach. 5. To be fully transparent with the IETF community about the action taken, the reasons why, and who is affected. Some examples of a conflict between the principles are: * Where a court order instructs us to keep an action secret. * Where identifying an individual being acted against is considered likely to lead to an escalation of their behavior of harassment. The following procedural guidelines will be used when action is taken, unless overridden by the principles above: 1. The IESG will consult with other parts of the IETF as needed, including the Ombudsteam, the IRTF Chair, IETF LLC or any affected participants. 2. If the identity of an individual is reasonably well established, then the restriction will be against the individual, but if it is not, the restriction will be limited to their identifiers (e.g., usernames or email addresses). 3. If the restriction can reasonably be limited to one or more IT systems and/or forms of participation, then it will be, unless there is an expectation that broader restrictions will inevitably be required. 4. An individual will be notified of the IESG action by counsel and is expected to only correspond with counsel, not the IESG or others, on this matter. 5. An action will be announced to the ietf-announce mailing list and a public record will be kept on the IETF website. In addition, in order to ensure that the IETF is protected by the Safe Harbor regime of the US DMCA, the IETF website will include a page with the following warning alongside the specific contact information required by the DMCA: The IETF reserves the right to terminate the use of IETF IT systems by IETF participants who violate the law by repeat copyright infringement. For full details, see the IESG Statement on Restricting Access. [link to be added].