Re: RFC 5378 "contributions"

[TSG <tglassey@earthlink.net>]

Marshall Eubanks wrote:
>
> On Jan 15, 2009, at 9:29 AM, Theodore Tso wrote:
>
>> On Thu, Jan 15, 2009 at 08:24:08AM -0500, Marshall Eubanks wrote:
>>> On Jan 15, 2009, at 7:09 AM, John C Klensin wrote:
>>>
>>>> If someone stood up in a WG prior to whenever 5378 was
>>>> effective* and made a suggestion of some length, or made a
>>>> lengthy textual suggestion on a mailing list, and I copied that
>>>> suggestion into a draft without any paraphrasing, a plain-sense
>>>
>>> John, I am not a lawyer, you are (AFAIK) not a lawyer, and if the
>>> IETF counsel says otherwise, I would just let this one lie.
>>>
>>> The reason why I do not agree with this reasoning is that these
>>> rights are claimed through authorship. If I do not claim authorship
>>> in your draft because you use my text, when I have ample opportunity
>>> to do so, then I have (in my opinion) effectively lost them,
>>> especially in this context (where there is a note well, an
>>> assumption of joint contributions, etc.).
>>
>> So it's a problem if every single I-D and RFC author is going to have
>> to consult their own counsel before deciding that won't get into legal
>> trouble when guaranteeing that all of their text is appropriately
>> licensed.
>>
>
> This is an IETF list, to discuss matters of relevance to the IETF. 
> Whether or
> not you need to consult counsel is not really on topic, and for sure 
> you should not
> make that decision based on what anyone (especially me!) says on this 
> list.
>
> If, on the other hand, you do obtain advice of counsel on this matter 
> I would be curious to
> learn what they say.
>
>> So whether or not I am I lawyer, and whether or not the Berne
>> Convention very clearly states that copyright rights are automatically
>>
>> enforced, and do not need to be explicitly claimed, and whether or not
>> the Note Well is enough to override the Berne Convention, John's
>> position that he wants to be conservative enough not to make
>> guarantees that might expose him to legal liability is a reasonable one.
>>
>> I don't think it's fair to say, "I'm not a lawyer, and you're not a
>> lawyer" so you should do something which you fear exposes you to legal
>> risk --- especially when all of the IP training many of us have gotten
>> have basically told us that the Berne Convention explicitly states
>> that you don't have to claim copyright to get copyright protections....
>>
>>> Yes, I am sure that there are corner cases here, but one thing
>>> I have found about legal affairs is that there are always corner cases.
>>> No legal matter is ever sewn up 100%, and judges actually do take into
>>> consideration when things are done "on advise of counsel." We have it,
>>> we should use it.
>>
>> Has the IETF Counsel actually given explicit legal advice to all IETF
>> contributors (which would have legal liability implications for the
>> IETF Trust if said advice was wrong, as I understand things) that the
>> Note Well to guarantee the transfer of RFC 5378 rights for text taken
>> from IETF mailing list discussions or at an IETF meeting?
>>
>> Better yet would be if the IETF Trust was willing to ***indemnify***
>> I-D and RFC authors that they are on firm legal ground for asserting
>> that they have all RFC 5378 rights when they take text from an IETF
>> mailing list discussion or IETF face-to-face meeting, on the basis of
>> the Note Well.  After all, it is the IETF Trust which is requiring I-D
>> and RFC authors to make this legal guarantee, so one might assert that
>> in a fair world they should take the legal risks associated with that
>> guarantee.
>>
>
> Consider the threat model here.
>
> This threat applies ONLY to material that the Trust licenses to third 
> parties (such as, say,
> the IEEE) for inclusion and modification in their standards. (Just 
> reprinting or translating an RFC is not at issue.)
>
> Suppose that you author an RFC today, and use pre-5378 material, and 
> warrant (in good faith) that the Trust has a license for that 
> material, or apply a legend from the Trust that says that these rights 
> are not obtainable by you, and it happens that the original author of 
> that earlier material disagrees with this license to a third party. 
> Note that these earlier author's (and their companies) agreed to 
> freely use this material in the IETF process (the note well, etc.), 
> and so you have no risk just by publishing the RFC as long as it is 
> not licensed to other parties.
>
> The Trust would be the party that would be licensing this material to 
> third parties, so clearly
> the Trust would be the major party at risk. What is your risk ?
>
> There is a theoretical risk that the Trust might sue you. That is one 
> thing that the work-around is intended to remove.
>
> There is an actual risk that a third party might sue you and the Trust 
> - specifically, that the original author or their heirs, etc.,  might 
> sue. They can only do this if there is infringing use, and that would 
> have to be based on a license from the Trust.
>
> If the Trust does NOT license your material to third parties, then 
> there is no infringement, no one with standing to sue, and no risk to 
> authors. It may be necessary for the Trust to state that they will not 
> assume 5378 to be in place for this purpose until there is a 
> replacement. (In that case, if the IEEE or some other body wants to 
> take over an RFC and modify it, they will have to get explicit 
> permission from all authors until there is a replacement for 5378 in 
> place, just as they did before 5378 as put into place.) My 
> understanding is that the Trust is responsible for these licenses, and 
> so they could just (in their best judgement) refuse to issue them 
> without further conditions.
>
> These requests are very infrequent (less than 1 RFC per year is my 
> understanding) and doing this would NOT stop the work of the IETF. I 
> am beginning to feel that this may be a necessary step.
>
> What about going forward ? Should we (the IETF, through the Trust) 
> indemnify authors ?
>
> Indemnification in practice translates to insurance. The Trust has 
> insurance for its activities.
I dont believe that is true. Since those policies would continuously 
have to be reviewed by the Underwriter every time anything under the 
trust changed.

http://www.products-liability-insurance.com/abatement-defense-qa.php

See also

http://www.premier-source.com/ip-defense-insurance

The problem the IETF faces is that its "current IP intake processes" probably will not be insurable IMHO based on the refusal to put proper contractual conveyance processes and the proper mandatory disclosure requirement's in place. 


> I personally think it would be wise for the Trust to investigate 
> whether it could obtain insurance
> for all authors _of materials licensed to others_ (post 5378 or post 
> some later RFC), what it would cost, and whether the insurers would 
> want changes in our procedures. (I would feel more comfortable if we 
> just learned that our processes were insurable, even if we did not 
> actually get insurance.)
Sure - this is about ownership issues. There is insurance available for 
perfecting ownership rights. Its pretty expensive these days. And again 
since the IETF's IP staff refuses to perform those Risk Analysis which 
come with the creation of use process models for the IP it codifies, 
every time something changes in the operations of the Trust, the 
underwriting will have to be redone.

Personally I figure litigation against the IETF to run in the $300k to 
$500K region based on the number of people who would fight back to try 
and cover up the various frauds and  damages their employee's possibly 
were directly and indirectly involved with inside the IETF. The problem 
is that for each RFC published there would be a need to insure it's 
submission to the trust meaning we are looking at several hundred 
thousand dollars PER RFC or I-D filed with the Publishing Desk of the 
IETF's Trust.

>
> Given that the Trust is insured for its handling of ALL IETF work, and 
> this extra insurance would be for maybe 1 RFC per year, the cost to do 
> this might be very reasonable. I don't know, but I would urge the 
> Trust to find out.
So then the Trust and its officers are NOT insured for anything now 
right? That means they and their sponsors bear all financial 
responsibilities for IP Damage to the owners of IP which is wrongly 
submitted to the IETF.  A submission without perfecting the Ownership 
cannot convey actual title to that IP to the trust... and that is the 
issue here I think.

>
> Or (and this is my opinion), maybe the authors should only warrant 
> _their work_ as being subject to such licenses, and put the burden on 
> the Trust to obtain any necessary approvals from other parties, only 
> alerting the Trust to the extent they know of such prior authorship. 
> My understanding is that this would require a 5378bis.
>
> Again, please note that I am trying to discuss what the Trust and the 
> IETF should do, not what you or other individuals should do.
>
>>                         - Ted
>
> Regards
> Marshall
> _______________________________________________
> Ietf mailing list
> Ietf@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf
> ------------------------------------------------------------------------
>
>
> Internal Virus Database is out of date.
> Checked by AVG - http://www.avg.com 
> Version: 8.0.176 / Virus Database: 270.10.4/1880 - Release Date: 1/7/2009 8:49 AM
>
>   

_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf