Skip to main content

Sanctions Available for Application to Violators of IETF IPR Policy
draft-farrresnickel-ipr-sanctions-00

The information below is for an old version of the document.
Document Type
This is an older version of an Internet-Draft that was ultimately published as RFC 6701.
Authors Adrian Farrel , Pete Resnick
Last updated 2012-01-26
RFC stream (None)
Formats
Reviews
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Became RFC 6701 (Informational)
Telechat date (None)
Responsible AD (None)
Send notices to (None)
draft-farrresnickel-ipr-sanctions-00
Network Working Group                                          A. Farrel
Internet Draft                                          Juniper Networks
Category: Informational                                       P. Resnick
                                                                Qualcomm
Expires: 26 July 2012                                    26 January 2012

   Sanctions Available for Application to Violators of IETF IPR Policy

                draft-farrresnickel-ipr-sanctions-00.txt

Abstract

   The IETF has developed and documented policies that govern the
   behavior of all IETF participants with respect to intellectual
   property about which they might reasonably be aware.

   The IETF takes conformance to these IPR policies very seriously.
   However, there has been some ambiguity as to what the appropriate
   sanctions are for the violation of these policies, and how and by
   whom those sanctions are to be applied.

   This document discusses these issues and provides a suite of
   potential actions that may be taken within the IETF community.

Status of this Memo

   This Internet-Draft is submitted to IETF in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups. Note that other
   groups may also distribute working documents as Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time. It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html

Copyright Notice

   Copyright (c) 2012 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents

Farrel and Resnick          Expires July 2012                   [Page 1]
draft-farrresnickel-ipr-sanctions-00.txt                    January 2012

   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document. Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document. Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

1.  Introduction

   The IETF has developed and documented policies that govern the
   behavior of all IETF participants with respect to intellectual
   property about which they might reasonably be aware. These are
   documented in [BCP79] and are frequently brought to the attention of
   IETF participants.  In short, the policies state that each individual
   participant is responsible for disclosing or ensuring the disclosure
   of IPR that they are aware of, that is relevant to the work with
   which they participate through the IETF where that IPR is relevant,
   and where the IPR is owned by a company that employs or sponsors
   the individual's work.

   Conformance to these IPR policies is very important, and there is a
   need to understand both what sanctions may be applied to participants
   who violate the policies, and who may apply those sanctions.

   This document discusses these issues and provides a suite of
   potential actions that may be taken within the IETF community.  All
   of these sanctions are currently available in IETF processes, though
   they have to date not been applied in the particular instance of
   violation of the IPR policy.  As explicitly called out in Section 4,
   a posting rights (PR) action described in [RFC2418] as updated by
   [RFC3934], and in [RFC3683] is an applicable sanction for the case of
   a breach of the IETF's IPR policy.

   This document does not consider the parallel, but important issue of
   ways to actively promote conformance with the IETF's IPR policy.
   That topic is discussed in [Promote].

2.  Description of IETF IPR Policy

   The IETF's IPR policy is set out in [BCP79].  Nothing in this
   document defines or redefines the IETF's IPR policy. This section
   simply highlights some important aspects of those policies.

Farrel and Resnick          Expires July 2012                   [Page 2]
draft-farrresnickel-ipr-sanctions-00.txt                    January 2012

2.1.  Responsibilities of IETF Participants and Timeliness

   According to [BCP79], individual IETF participants have a
   personal responsibility to disclose or ensure the timely disclosure
   of IPR of which they are aware and which they own or which is owned
   by a company that employs or sponsors them, and which impinges upon
   the contribution that they make to the IETF.

   A "contribution" is also defined in [BCP79] and includes Internet-
   Drafts, emails to IETF mailing lists, presentations at IETF meetings,
   and comments made at the microphone during IETF meetings.

   The timeliness of disclosure is very important within [BCP79].  No
   precise definition of "timeliness" is given in [BCP79] and it is not
   the purpose of this document.  But it is important to understand that
   the impact that an IPR disclosure has on the smooth working of the
   IETF is an inverse function of its timeliness.  Thus, a disclosure
   made on a published RFC will be more disruptive to the IETF than such
   a disclosure on an early revision of an individual submission of an
   Internet-Draft.

   Third-party disclosures may also be made by anyone who believes that
   IPR may exist.

   It is important to note that each individual IETF participant has a
   choice under the IETF's IPR policy.  If the individual is unwilling
   or unable to disclose the existence of relevant IPR in a timely
   manner, that individual has the option to refrain from participation
   on the topic covered by the IPR.

2.2.  How Attention is Drawn to These Responsibilities

   The IETF is careful to draw the attention of all participants to the
   IPR policy [BCP79] through the "Note Well" statement on the IETF web
   pages [URLNoteWell], presentations at working group and plenary
   meetings, and printed materials handed out at IETF meetings, as well
   as in the boilerplate text appearing in each Internet-Draft and RFC.

2.3.  How IPR Disclosures are Made

   The procedure for filing IPR disclosures is shown on the IETF's web
   site at [URLDisclose].  Third-party disclosures may also be made by
   email to the IETF Secretariat or via the web page.

   Note that early disclosures or warnings that there might be IPR on a
   topic may also be made.

Farrel and Resnick          Expires July 2012                   [Page 3]
draft-farrresnickel-ipr-sanctions-00.txt                    January 2012

2.4.  How Working Groups Consider IPR Disclosures

   In the normal course of events, a working group that is notified of
   the existence of IPR must make a decision about whether to continue
   with the work as it is, or whether to revise the work to attempt to
   avoid the IPR claim.  This decision is made on the working group's
   mailing list using normal rough consensus procedures.  However, the
   working group does not discuss the applicability of an IPR claim nor
   the appropriateness or merit of the IPR licensing terms as these are
   outside the scope of the technical work of the WG. The IPR situation
   is considered by working group particpants as he document advances
   through the development process [RFC2026], in particular at key
   times such as adoption by the working group, and during last call.

   It needs to be clearly understood that the way that the working group
   handles an IPR disclosure is distinct from the sanctions that may be
   applied to the individuals who violated the IETF's IPR policy.  That
   is, the decision by a working group to, for example, entirely re-work
   an Internet-Draft in order to avoid a piece of IPR that has been
   disclosed should not be seen as a sanction against the authors.
   Indeed, and especially in the case of a late IPR disclosure, that a
   working group decides to do this may be considered a harmful side
   effect on the working group (in that it slows down the publication of
   an RFC and detracts from other work the working group could be doing)
   and should be considered as one of the reasons to apply sanctions to
   the individuals concerned as described in the next two sections

2.5.  The Desire for Sanctions

   Not conforming to the IETF's IPR policy is harmful to the work of the
   IETF, and sanctions should be applied against offenders.

2.6 Severity of Violations

   Clearly there are different sorts of violations of IPR policy.
   Sometimes, a working group participant simply does not realize that
   the IPR that they authored applies to a particular working group
   draft.  Sanctions (if any) need not be at all severe.  However, a
   working group document editor who waits until near the publication
   of a document to reveal IPR of which they themselves are the author
   should be subject to more serious sanctions.  These are judgments
   that can be made by the working group chairs and area director.

   This topic forms the bulk of the material in Sections 5 and 6.

Farrel and Resnick          Expires July 2012                   [Page 4]
draft-farrresnickel-ipr-sanctions-00.txt                    January 2012

3.  Who May Call For and Apply Sanctions

   Any IETF participant can call for sanctions to be applied to anyone
   they believe has violated the IETF's IPR policy.  Normally, however,
   the working group chairs and area directors assume the responsibility
   for ensuring the smooth-running of the IETF and for the enforcement
   of IETF policies including the IPR policy.  Thus, working group
   chairs and area directors will often be the first actors when
   sanctions are called for.

   Working group chairs are already empowered to take action against
   working group participants who flout the IPR  rules and so disrupt
   the smooth running of the IETF or a specific working group, just as
   they can take such action in the face of other disruptions.

   The working group chares have the responsiblity to select the
   appropriate actions since they are closest to the details of the
   issue.  Where there is no working group involved or where making the
   decision or applying the sanctions is uncomfortable or difficult for
   the working group chairs, the responsible AD is available to guide or
   direct the action if necessary.

4.  Available Sanctions

   This section lists some of the sanctions available to handle the
   case of an individual who violates the IETF's IPR policies.  It is
   not intended to be an exclusive list, nor is it suggested that only
   one sanction be applied in any case. Furthermore, it is not suggested
   here that every case of IPR policy infringement is the same or that
   the severest sanctions should be applied in each case.

   The sanctions are listed in approximate order of severity, but the
   ordering should not be taken as definitive or as driving different
   decisions in different cases.  Section 6 gives some guidance on
   selecting an appropriate sanction in any specific case, while Section
   5 provides some notes on fairness.

   a. A private discussion between the working group chair or area
      director and the individual to understand what went wrong and
      how it can be prevented in the future.

   b. A formal, but private warning that the individuals must improve
      their behavior or risk one of the other sanctions.

   c. A formal warning on an IETF mailing list that the individuals
      must improve their behavior or risk one of the other sanctions.

Farrel and Resnick          Expires July 2012                   [Page 5]
draft-farrresnickel-ipr-sanctions-00.txt                    January 2012

   d. Announcement to the working group of failure by the individuals
      ("name and shame").

   e. On-going refusal to accept the individuals as editors of any new
      working group documents.  The appointment of editors of working
      group documents is entirely at the discretion of the working
      group chairs acting for the working group as explained in
      [RFC2418].

   f. Removal of the individuals as working group document editors on
      specific documents or across the whole working group.

   g. Re-positioning of the individual's attribution in a document to
      the "Acknowledgements" section with or without a note explaining
      why they are listed there and not in the "Authors' Addresses"
      section (viz. the IPR policy violation).

   h. Application of a temporary suspension of posting rights to a
      specific mailing list according to the guidlines expressed in
      [RFC2418] and updated by [RFC3934].  Such bans are applied to
      specific to individual working group mailing lists at the
      discretion of the working group chairs for a period of no more
      than 30 days.

   i. The removal of posting privileges using a Posting Rights Action
      (PR Action) as per [RFC3683].  This is a more drastic measure
      that can be applied when other sanctions are considered
      insufficient or to have been ineffective.  When a PR action is in
      place, the subjects have their posting rights to particular IETF
      mailing list removed for a period of a year (unless the action is
      revoked or extended), and maintainers of any IETF mailing list
      may, at their discretion and without further recourse to
      explanation or discussion, also remove posting rights

      PR actions are introduced by an area director and are considered
      by the IETF community and the IESG in order to determine IETF
      consensus.

   In many cases, it may be appropriate to notify a wider IETF community
   of the violation and sanctions so that patterns of behavior can be
   spotted and handled.

   Note that individuals who have supplied text that is included in an
   IETF document (RFC or Internet-Draft) have a right to be recognized
   for their contribution.  This means that authors names cannot be
   entirely removed from a document in the event that they violate the
   IETF's IPR policy unless the text they contributed is also completely
   removed.  But the individual's name can be removed from the front

Farrel and Resnick          Expires July 2012                   [Page 6]
draft-farrresnickel-ipr-sanctions-00.txt                    January 2012

   page and even moved from the "Authors' Addresses" section so long as
   proper acknowledgement of the contribution is given in the
   "Acknowledgements" section.

4.1.  An Additional Note on the Applicability of PR Actions

   The applicability of PR actions in the event of IPR policy possibly
   needs some explanation.  According to [RFC3683], a PR action may be
   considered as a practice for use by the IETF in the case that "a
   participant has engaged in a denial-of-service attack to disrupt the
   consensus-driven process."

   [RFC3683] further cites [RFC2418] and [RFC3005] for guidelines for
   dealing with abusive behavior.  [RFC2418] is updated by [RFC3934] in
   this matter.

   In some cases, ignoring or flouting the IETF's IPR policy may be
   considered as disruptive to the smooth operation of a working group
   or of the whole IETF such that the offender might be deemed to be a
   disruptive individual under the terms of [RFC2418], [RFC3934] and
   [RFC3683], and so is liable to be the subject of a sanction that
   restricts their rights to post to IETF mailing lists as described in
   bullets h and i of Section 4 of this document.

5.  A Note on Fairness and Appealing Decisions

   As with all decisions made within the IETF, any person who feels that
   they have been subject to unfair treatment or who considers that a
   decision has been made incorrectly may appeal the decision.  The
   IETF's appeals procedures are described in Section 6.5 of [RFC2026]
   and reinforced in the IESG statement at [URLIESG2026].  Any sanctions
   described above may be appealed using these procedures.

6.  Guidance on Selecting and Applying Sanctions

   Whoever is applying sanctions for breaching the IETF's IPR policy
   will want to be sure that the chosen sanction matches the gravity of
   the offence and considers all circumstances. The judgment needs to be
   applied equitably should similar situations arise in the future.

   If in any doubt, the person selecting and applying the sanctions
   should seek the opinion of the relevant part of the IETF community
   or the community as a whole.  Furthermore, the person should not
   hesitate to seek the advice of their colleagues (co-chairs, area
   directors, or the whole IESG).

   This is a judgment call based on all circumstances of each specific
   case.  Some notes on guidance are supplied in Appendix A.

Farrel and Resnick          Expires July 2012                   [Page 7]
draft-farrresnickel-ipr-sanctions-00.txt                    January 2012

7.  Security Considerations

   While nothing in this document directly affects the operational
   security of the Internet, failing to follow the IETF's IPR policies
   can be disruptive to the IETF's standards development processes and
   so may be regarded as an attack on the correct operation of the IETF.
   Furthermore, a late IPR disclosure (or a complete failure to
   disclose), could represent an attack on the use of deployed and
   operational equipment in the Internet.

8.  IANA Considerations

   This document makes no requests for IANA action.

9.  Acknowledgments

   Thanks to Lou Berger, Ross Callon, Stewart Bryant, Jari Arkko, and
   Peter Saint-Andre for comments on an early version of this document.

10.  Authors' Addresses

   Adrian Farrel
   Juniper Networks
   adrian@olddog.co.uk

   Pete Resnick
   Qualcomm
   presnick@qualcomm.com

11.  References

11.1.  Normative References

   [BCP79]    S. Bradner, "Intellectual Property Rights in IETF
              Technology", BCP 79, RFC 3979, March 2005.

   [RFC2026]  S. Bradner, "The Internet Standards Process - Revision 3",
              BCP 9, RFC 2026, October 1996.

   [RFC2418]  S. Bradner, "IETF Working Group Guidelines and
              Procedures", BCP 25, RFC 2418, September 1998.

   [RFC3683]  M. Rose, "A Practice for Revoking Posting Rights to IETF
              Mailing Lists", BCP 83, RFC 3683, March 2004.

   [RFC3934]  M. Wasserman, "Updates to RFC 2418 Regarding the
              Management of IETF Mailing Lists", BCP 94, RFC 3934,
              October 2004.

Farrel and Resnick          Expires July 2012                   [Page 8]
draft-farrresnickel-ipr-sanctions-00.txt                    January 2012

11.2.  Informative References

   [RFC3005]  S. Harris, "IETF Discussion List Charter", BCP 45,
              RFC 3005, November 2000.

   [Promote]  Polk, T. and Saint-Andre, P., "Promoting Compliance with
              Intellectual Property Rights (IPR) Disclosure Rules",
              draft-polk-ipr-disclosure, work in progress.

11.3.  Stable URLs

   [URLDisclose]  http://www.ietf.org/ipr/file-disclosure

   [URLIESG2026]  http://www.ietf.org/iesg/statement/appeal.html

   [URLIESGIPR]
    http://trac.tools.ietf.org/group/iesg/trac/wiki/IntellectualProperty

   [URLIPR]       http://www.ietf.org/ipr/policy.html

   [URLNoteWell]  http://www.ietf.org/about/note-well.html

Appendix A. Guidance on Selecting and Applying Sanctions

   As discussed in Section 6, the selection of sanctions needs to be a
   carefully made judgment call considering all circumstances and
   events.  This Appendix provides a list of things that might form part
   of that judgment.

   This list of considerations is for guidance and is not prescriptive
   or exclusive, nor does it imply any weighting of the considerations.

   - How long has the participant been active in the IETF?

   - Was there some exceptional circumstance?

   - Are there special circumstances that imply that the individual
     would not have seen or understood the pointers to and content of
     [BCP79].

   - How late was the disclosure?  Is the document already a working
     group document?  How many revisions have been published?  How much
     time has elapsed?  Have last calls be held?  Has the work been
     published as an RFC?

   - Was the individual a minor contributor to the IETF work or the IPR
     or are they clearly a major contributor?

Farrel and Resnick          Expires July 2012                   [Page 9]
draft-farrresnickel-ipr-sanctions-00.txt                    January 2012

   - Is there a reason for the individual forgetting the existence of
     the IPR (for example, it was filed many years previous to the work
     in the IETF)?

   - Was the individual told by their company that disclosure was
     imminent, but then something different happened?

   - How speedy and humble was the individual's apology?

   - How disruptive to the IETF work is the disclosure?  A factor in
     this will be whether the IETF community sees the need to re-work
     the document or not.

   - Does the large number of patents that the individual has authored
     provide any level of excuse for failing to notice that one of
     their patents covered the IETF work?

Farrel and Resnick          Expires July 2012                  [Page 10]