IETF Logo Mail Archive

Re: IETF subpoena processes update and a request

Pete Resnick <presnick@qti.qualcomm.com> Sat, 25 March 2017 02:04 UTC

Return-Path: <presnick@qti.qualcomm.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09675129991 for <ietf@ietfa.amsl.com>; Fri, 24 Mar 2017 19:04:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.021
X-Spam-Level:
X-Spam-Status: No, score=-7.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=qti.qualcomm.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZMRG-fSPkjUp for <ietf@ietfa.amsl.com>; Fri, 24 Mar 2017 19:04:00 -0700 (PDT)
Received: from wolverine02.qualcomm.com (wolverine02.qualcomm.com [199.106.114.251]) (using TLSv1.2 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2D8A128BE1 for <ietf@ietf.org>; Fri, 24 Mar 2017 19:04:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qti.qualcomm.com; i=@qti.qualcomm.com; q=dns/txt; s=qcdkim; t=1490407440; x=1521943440; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version; bh=lIn08QB5G8fscl7MSDVl//yVeyIgGE9Zr2jsHoafkjk=; b=YW1fw926PDlfoogfWbNHUQ6s1au1I1qp49+elO27iyR2OENfowMRjhWD gbatHHWrs/CD0oD1eVnO5OQzkIuJeSanuhsRRPCQqx4KJnN7rKodZJyAr pMhv7+FC6NJh/uh8KIsWKxvvSPJNd8Xnr5HLgJDK9D8wRqA349ma70vL5 c=;
X-IronPort-AV: E=Sophos;i="5.36,217,1486454400"; d="scan'208";a="367991192"
Received: from unknown (HELO Ironmsg03-L.qualcomm.com) ([10.53.140.110]) by wolverine02.qualcomm.com with ESMTP; 24 Mar 2017 19:04:00 -0700
X-IronPort-AV: E=McAfee;i="5800,7501,8477"; a="1338361535"
X-MGA-submission: MDESG7z+27rrJkrpWTv4fszhOHmPV7AeF842UPGgcbVmqYoxXAuw0JMRDZaJ4So4M/zGW7wgoQ2bOzyFZiJVJXKI7YUwSHsswHoWe4sxaM3vvXkZJvIyXgCtGHQrlrfA6VTe1usI5jakiiwnwR+SvbUq
Received: from nasanexm01f.na.qualcomm.com ([10.85.0.32]) by Ironmsg03-L.qualcomm.com with ESMTP/TLS/RC4-SHA; 24 Mar 2017 19:03:59 -0700
Received: from [10.64.118.210] (10.80.80.8) by NASANEXM01F.na.qualcomm.com (10.85.0.32) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Fri, 24 Mar 2017 19:03:58 -0700
From: Pete Resnick <presnick@qti.qualcomm.com>
To: John R Levine <johnl@taugh.com>
CC: IETF general list <ietf@ietf.org>
Subject: Re: IETF subpoena processes update and a request
Date: Fri, 24 Mar 2017 21:04:06 -0500
Message-ID: <0341FB9B-E672-400C-916E-3C6AC0685307@qti.qualcomm.com>
In-Reply-To: <alpine.OSX.2.20.1703241826550.72979@ary.qy>
References: <20170324193951.85037.qmail@ary.lan> <5DAE09F6-D7DE-47B4-ABA6-BC9A92DDEE4E@qti.qualcomm.com> <alpine.OSX.2.20.1703241826550.72979@ary.qy>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; markup="markdown"
X-Mailer: MailMate (1.9.6r5347)
X-Originating-IP: [10.80.80.8]
X-ClientProxiedBy: NASANEXM01F.na.qualcomm.com (10.85.0.32) To NASANEXM01F.na.qualcomm.com (10.85.0.32)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/TDI01tDOO82zUudQAMP7gX-ZcU4>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Mar 2017 02:04:03 -0000

On 24 Mar 2017, at 19:50, John R Levine wrote:

> You've been on the IESG and I haven't, but I'm still scratching my 
> head about why this process needs to change to give the IESG even a 
> little more work after it's been working OK for over a decade.

First of all, this whole discussion started because of something that is 
not working (or at least wasn't anticipated and there are concerns 
about): Dealing with gag orders and the like. My contention was (is) 
that in addressing that, it would help to be absolutely clear in our 
procedure documents that IETF leadership, who will inevitably consist of 
people from different nations under different laws, will have full 
access to any subpoena, in the way that the officers of any organization 
would have access to any legal documents.

Second, I would be perfectly OK (and would not at all be surprised) if 
the IESG were to say to legal counsel, for example, "While you should 
supply the IESG with all subpoenas through our normal procedure, any 
subpoena that simply asks for certified blue sheets you should simply 
satisfy such a subpoena, since blue sheets are public information 
anyway." The addition of any "process" is only to ensure that subpoenas 
are visible to leadership, not because any particular kind of subpoena 
needs review.

>> Whenever someone says, "there's no need for you to know this 
>> information", when not preceded by a long explanation of an 
>> additional harm one is incurring by simply knowing the piece of 
>> information, particularly when "you" is the leadership of an 
>> organization, it sends up a giant red flag for me.
>
> See Klensin's previous message.  The chance of reputation damage to 
> someone named in a subpoena is significant, and the IESG has no legal 
> expertise.

The IESG has legal expertise in the form of a legal advisor, the same 
way the Board of Directors of any corporation does, and the same way I 
do with my personal attorney. And it would behoove any and all of us to 
follow that legal advice and make ourselves aware of what should and 
should not be publicized. And an AD who goes blabbing about the contents 
of any legal document without talking to counsel is not suited to be an 
AD.

> ...judge who asks why we show criminal subpoenas to a bunch of nerds 
> with no legal experience rather than having our lawyer handle it like
> everyone else does.

That's insulting of the intelligence and integrity of the IESG, and I 
think it's the height of hubris on your part. Any judge who asks why 
criminal subpoenas are shown to a "bunch of idiots" on the Board of 
Directors of a corporation who have "no legal experience" should be told 
to piss off; they are the people responsible for the corporation, and 
they can look at any legal document served on the company, and they have 
the eventual responsibility for any information that goes out the door.  
I can tell you that the day my attorney supplies my documents in 
response to a subpoena without asking me, or without having prior 
instructions on particular documents that they can supply, and says 
anything close to, "You don't need to know what's in the subpoena", is 
the day my attorney gets fired.

And please, do consider the case where the subpoena is from an authority 
in <<insert country that you're not impressed with>> and the subpoena is 
for all of the server logs in order to discover whether John, a citizen 
of said country, has been reading messages from a particular WG that 
said the authorities in this country deem to be talking about tools of 
sedition like encryption. I'd like to think that our leadership might 
weigh in on such a request.

Again, I am fine if the IESG wants to delegate the authority to answer 
certain (or even most) subpoenas. But I want our procedures to be clear 
that they can look at them and everyone to be on notice about what that 
implies. What I absolutely do not want is a contractor or advisor who is 
not answerable to the community having the power to withhold information 
from our chosen leadership.

pr
-- 
Pete Resnick <http://www.qualcomm.com/~presnick/>
Qualcomm Technologies, Inc. - +1 (858)651-4478

v2.23.0 | Report a Bug | By Email