Re: Retention of blue sheets

[Alissa Cooper]

Picking up this thread...

On Jul 30, 2009, at 12:54 PM, Marshall Eubanks wrote:


THe Trust has a documents retention policy (the current one is at


http://trustee.ietf.org/docs/IETF_Trust_Records_Retention_Policy_(Complete_Final).pdf 
 )


Here is some background. I am only talking about physical material,  
not electronic records.


The records retention policy is a good start, although it's obviously  
not a complete privacy policy. Does the policy only apply to paper  
records? It was not clear if your statement above was in reference to  
the policy itself.


In any event, it seems sensible for the policy (or a separate policy)  
to address other privacy aspects besides records retention (e.g.,  
onward data transfer, security, notice, etc.) and to cover both  
physical records and electronic records. ISOC has such a policy (http://www.isoc.org/help/privacy/ 
) -- if it doesn't already apply to the data collected by the Trust,  
then the Trust (or whoever manages the data collected in connection  
with IETF activities) should have its own policy.


I'm happy to help craft a policy if there's a means to put one in  
place (and if one doesn't already exist).


Alissa




Most of the physical material held by the IETF Trust was turned over  
by CNRI as part of the the Settlement
that set up the Trust. I volunteered to evaluate this material, and  
went with the IAD one cold day to look at
several pallets worth of material (much of which was CNRI material  
not belonging to the Trust, such records of other conferences run by  
Foretec, and all of which was gone through).


This IETF material totaled 64 boxes, including Blue Sheets (starting  
with IETF 22 in 1991) and a mass of registration payment material  
(starting with IETF 26 in 1993). Some of this material was obviously  
highly sensitive (random samplings showed canceled checks, credit  
card imprints, passport photo page copies, US Social Security  
Numbers, addresses, phone numbers, etc.). While I do know how this  
material was treated previously, while in the Trust's possession it  
was always held in a secure storage facility.


There were various discussions by the Trustees with counsel about  
how to handle this material, what should be kept, and for what  
periods. Agreements with Credit Card companies mean that credit card  
material has to kept for a relatively short period of time (18  
months), in case the bill is disputed, and it was decided to adopt  
that period for canceled checks and other sensitive personal  
information.


The result is the above Document Retention Policy, and the IAD and I  
duly went to the storage facility once this was enacted and the  
sensitive material in the Trust's possession was destroyed. New  
material is held by the Secretariat and is generally destroyed by  
the Secretariat before it goes into the Trust archives. Other  
material is held as called for in the Document retention policy.


I hope that you find this background useful.

Regards
Marshall


Alissa

On Jul 30, 2009, at 5:32 PM, David Morris wrote:




On Thu, 30 Jul 2009, Alissa Cooper wrote:

The discussion about blue sheets begs the question: does the IETF  
(or the Trust) have a privacy policy? I did a quick look for one  
but I didn't see one posted anywhere. If there's a legal entity  
collecting personal information (which there obviously is), it  
should have a privacy policy.


It is a stretch, which my imagination can't fathom, to consider a  
list of attendees in a public meeting to be personal information.  
Give the ease with which one can avoid having one's name recorded,  
I don't see any issue except the administrative support issues  
related to storing old paper.

___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf











___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf














___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Retention of blue sheets

[David Borman]

Way back in the early days of the IETF, the email address was used for  
adding people to the mailing list for the WG.  But that was a long  
time ago, when many mailing lists weren't so automated. :-)

-David Borman

On Jul 31, 2009, at 9:06 AM, Pekka Savola wrote:


On Fri, 31 Jul 2009, Brian E Carpenter wrote:

I agree with Alissa that having an explicit privacy policy would be a
good idea, but the fact of participation in an open standards process
certainly cannot be considered a private matter. Exactly the  
opposite,

in fact.


Indeed, but why do the blue sheets ask for an email address?  I'm  
not interested in receiving any mail (e.g. product advertisements  
loosely related to the IETF protocols) based on my writing my email  
on the blue sheets.  I accept it's good for disambiguation though  
asking for affiliation might achieve the same.  If anyone would be  
able to get the blue sheets, they probably shouldn't get the email  
addresses. Having to write a privacy policy would require ironing  
out these small details which might be a goog thing.


--
Pekka Savola "You each name yourselves king, yet the
Netcore Oykingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf


___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Retention of blue sheets

[John C Klensin]

--On Thursday, July 30, 2009 16:09 -0700 Stephan Wenger
 wrote:

> Hi Brian,
> 
> One can sit in a WG meeting for years, and never incur a
> disclosure obligation under BCP78, correct?  Just sitting
> there and not saying/writing/contributing a thing does not
> trigger a disclosure obligation.  Same goes for merely being
> subscribed to a mailing list.  This is a major difference from
> the organization where that infamous case law of Pete's has
> had its playground.

Stephan, 

This is going to be about as far from legal advice as you can
get.  If you need legal advice, consult you own attorney or try
to get the Trust's to say something authoritative.

However, as I read the Note Well, the intent of 5378, etc., I
would think that, if you wanted to avoid any risk of someone
claiming that you needed to disclose and having a judge agree
with them, you should maintain a clean room attitude toward any
WG for which you held IPR that you wanted to keep secret.
"Clean room attitude" would presumably keep you out of its f2f
meetings, off its mailing list, and maybe even off the IETF list
when Last Calls were issued.  

In other words, while the strongest and most obvious obligations
fall on Contributors, I believe that those documents can be read
to require disclosure by anyone with a reasonable expectation of
knowledge of the patent claim and a reasonable expectation of
knowledge of what the IETF was doing in the area.  

Again, not only am I not a lawyer, but I am certainly not a
likely candidate for judge in a hypothetical future patent case.
But the costs of being wrong about a decision to not disclose a
patent that you later assert can be high enough that I think
someone who wants to play that game ought to be hyper-cautious.

 john

___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Retention of blue sheets

[Turchanyi Geza]

Pekka,

E-mail address are useful data. Anyhow, I would not able to replay to
you without using your address ;-)

 and how to know which "John Smith" is the real participant?

+1 for Brian Carpenter

Thanks,

Géza

On Fri, Jul 31, 2009 at 9:06 AM, Pekka Savola wrote:
> On Fri, 31 Jul 2009, Brian E Carpenter wrote:
>>
>> I agree with Alissa that having an explicit privacy policy would be a
>> good idea, but the fact of participation in an open standards process
>> certainly cannot be considered a private matter. Exactly the opposite,
>> in fact.
>
> Indeed, but why do the blue sheets ask for an email address?  I'm not
> interested in receiving any mail (e.g. product advertisements loosely
> related to the IETF protocols) based on my writing my email on the blue
> sheets.  I accept it's good for disambiguation though asking for affiliation
> might achieve the same.  If anyone would be able to get the blue sheets,
> they probably shouldn't get the email addresses. Having to write a privacy
> policy would require ironing out these small details which might be a goog
> thing.
>
> --
> Pekka Savola                 "You each name yourselves king, yet the
> Netcore Oy                    kingdom bleeds."
> Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
> ___
> Ietf mailing list
> Ietf@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf
>
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Retention of blue sheets

[Pekka Savola]

On Fri, 31 Jul 2009, Brian E Carpenter wrote:

I agree with Alissa that having an explicit privacy policy would be a
good idea, but the fact of participation in an open standards process
certainly cannot be considered a private matter. Exactly the opposite,
in fact.


Indeed, but why do the blue sheets ask for an email address?  I'm not 
interested in receiving any mail (e.g. product advertisements loosely 
related to the IETF protocols) based on my writing my email on the 
blue sheets.  I accept it's good for disambiguation though asking for 
affiliation might achieve the same.  If anyone would be able to get 
the blue sheets, they probably shouldn't get the email addresses. 
Having to write a privacy policy would require ironing out these small 
details which might be a goog thing.


--
Pekka Savola "You each name yourselves king, yet the
Netcore Oykingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Retention of blue sheets

[SM]

At 07:03 30-07-2009, Samuel Weiler wrote:
During the plenary yesterday, it came out that the IETF has retained 
the working group attendance sheets ("blue sheets") from previous 
meetings, and those are occasionally the subject of subpoenas.


In the interest of minimizing IETF overhead and reducing legal risks 
to individual participants, I'd like to see those old records 
destroyed.  And, though there appeared to be a variety of opinions, 
it sounded like I wasn't alone in this.


It was pointed out during the reply that the cost of retaining the 
blue sheets is minimal.  Marshall has provided some background 
information about the physical material held by the IETF Trust and 
their documentation retention policy (see 
http://www.ietf.org/mail-archive/web/ietf/current/msg57844.html 
).  The blue sheets are one of the few artifacts of Working Group 
sessions for the last eighteen years.  As they are not a burden to 
the IETF, it is better to preserve them for history.


There hasn't been any argument about how the legal risk to some 
individual participants would be reduced by not having a record of 
the presence of the individual at a specific location at a given point in time.


The reason typically given for the attendance lists is planning 
meeting room capacity.


That may have been the reason at some point.  Minute takers have used 
the blue sheets to find out how a participant's name is spelled.


What harms would come from destroying those old records and/or not 
collecting such details in the future?  And how widespread is the 
support for destroying them?


For the sake of openness and transparency, it is better to have an 
record of participation.  That can be at odds with the corporate 
mindset where harm is assessed in terms of legal risk.


There will likely be a bluesheet experiment at IETF 76.

Regards,
-sm 


___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Retention of blue sheets

[Stephan Wenger]

On 7/30/09 4:29 PM, "Brian E Carpenter"  wrote:

> [...]
> 
>> 
>> That said, I'm in favor of keeping the blue sheets based on principles of
>> record retention.  But their IPR impact, I believe, is rather limited.
> 
> If A asserts that B said something, and B denies having been present
> at the meeting, they could come into play. Similarly for email archives.
> 

Yes.  That's why I wrote "limited", and not "non-existent".

Stephan


> Brian
> 
>> 
>> Regards,
>> Stephan
>> 
>> 
>> On 7/30/09 4:00 PM, "Brian E Carpenter"  wrote:
>> 
>>> On 2009-07-31 02:25, Pete Resnick wrote:
 On 7/30/09 at 3:03 PM +0100, Samuel Weiler wrote:
 
> What harms would come from destroying those old records and/or not
> collecting such details in the future?  And how widespread is the
> support for destroying them?
 Repeating something I just mentioned to Sam in the hallway (and IANAL,
 even though I teach some of this stuff to engineers):
 
 There is some case law that says that if you participate (even
 passively) in a standards body in which patent disclosure is required,
 and you choose not to disclose your patents, you may lose your rights to
 assert the patents. Having a blue sheet with someone's name on it may be
 sufficient for a court to find that the person can't assert. I think
 that makes the blue sheets worth keeping.
>>> I think that we *care* about IPR disclosures and that we *hate* the idea
>>> of people observing IETF activity and concealing relevant patents. So having
>>> a record of WG attendance is important; having a record of mailing list
>>> membership would be the same. We want to make sure that people can't
>>> falsely plead ignorance in case of missing IPR disclosures.
>>> 
>>> Indeed, it isn't the IETF itself that would end up in court, but our records
>>> can end up in court as evidence that a patent holder did (or did not)
>>> participate in a standards discussion and did (or did not) make an
>>> appropriate IPR disclosure.
>>> 
>>> That means keeping attendance records for many years - at least for the
>>> lifetime of a hypothetical patent.
>>> 
>>> I agree with Alissa that having an explicit privacy policy would be a
>>> good idea, but the fact of participation in an open standards process
>>> certainly cannot be considered a private matter. Exactly the opposite,
>>> in fact.
>>> 
>>> Brian
>>> ___
>>> Ietf mailing list
>>> Ietf@ietf.org
>>> https://www.ietf.org/mailman/listinfo/ietf
>> 
>> 
>> 
> ___
> Ietf mailing list
> Ietf@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf


___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Retention of blue sheets

[Stephan Wenger]

My immediate guess would be that if it were shown that you hummed against a
certain draft then yes, you would be under disclosure obligation under
BCP78.  
My personal theory on the meaning of "participate" in BCP78 is that when you
influence in any way the decision making process related to a draft and
inside the IETF context, you are in.  If you don't, you are probably not in.
Regards,
Stephan



On 7/30/09 4:23 PM, "Marc Petit-Huguenin"  wrote:

> Stephan Wenger wrote:
>> Hi Brian,
>> 
>> One can sit in a WG meeting for years, and never incur a disclosure
>> obligation under BCP78, correct?  Just sitting there and not
>> saying/writing/contributing a thing does not trigger a disclosure
>> obligation.  Same goes for merely being subscribed to a mailing list.
> 
> Am I right that somebody whose only participation is a hum in a WG
> session is under disclosure obligation? (not that there is any way
> to enforce this).


___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Retention of blue sheets

[Brian E Carpenter]

On 2009-07-31 11:23, Marc Petit-Huguenin wrote:
> Stephan Wenger wrote:
>> Hi Brian,
>>
>> One can sit in a WG meeting for years, and never incur a disclosure
>> obligation under BCP78, correct?  Just sitting there and not
>> saying/writing/contributing a thing does not trigger a disclosure
>> obligation.  Same goes for merely being subscribed to a mailing list.
> 
> Am I right that somebody whose only participation is a hum in a WG
> session is under disclosure obligation? (not that there is any way
> to enforce this).

IANAL, so my only answer to this is Hm

Brian
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Retention of blue sheets

[Brian E Carpenter]

On 2009-07-31 11:09, Stephan Wenger wrote:
> Hi Brian,
> 
> One can sit in a WG meeting for years, and never incur a disclosure
> obligation under BCP78, correct?  Just sitting there and not
> saying/writing/contributing a thing does not trigger a disclosure
> obligation.  Same goes for merely being subscribed to a mailing list.  This
> is a major difference from the organization where that infamous case law of
> Pete's has had its playground.

Well, IANAL, so the *exact* interpretation of "IETF Contribution" in RFC3979
is not for me to state. But I think you are correct.

> 
> That said, I'm in favor of keeping the blue sheets based on principles of
> record retention.  But their IPR impact, I believe, is rather limited.

If A asserts that B said something, and B denies having been present
at the meeting, they could come into play. Similarly for email archives.

Brian

> 
> Regards,
> Stephan
> 
> 
> On 7/30/09 4:00 PM, "Brian E Carpenter"  wrote:
> 
>> On 2009-07-31 02:25, Pete Resnick wrote:
>>> On 7/30/09 at 3:03 PM +0100, Samuel Weiler wrote:
>>>
 What harms would come from destroying those old records and/or not
 collecting such details in the future?  And how widespread is the
 support for destroying them?
>>> Repeating something I just mentioned to Sam in the hallway (and IANAL,
>>> even though I teach some of this stuff to engineers):
>>>
>>> There is some case law that says that if you participate (even
>>> passively) in a standards body in which patent disclosure is required,
>>> and you choose not to disclose your patents, you may lose your rights to
>>> assert the patents. Having a blue sheet with someone's name on it may be
>>> sufficient for a court to find that the person can't assert. I think
>>> that makes the blue sheets worth keeping.
>> I think that we *care* about IPR disclosures and that we *hate* the idea
>> of people observing IETF activity and concealing relevant patents. So having
>> a record of WG attendance is important; having a record of mailing list
>> membership would be the same. We want to make sure that people can't
>> falsely plead ignorance in case of missing IPR disclosures.
>>
>> Indeed, it isn't the IETF itself that would end up in court, but our records
>> can end up in court as evidence that a patent holder did (or did not)
>> participate in a standards discussion and did (or did not) make an
>> appropriate IPR disclosure.
>>
>> That means keeping attendance records for many years - at least for the
>> lifetime of a hypothetical patent.
>>
>> I agree with Alissa that having an explicit privacy policy would be a
>> good idea, but the fact of participation in an open standards process
>> certainly cannot be considered a private matter. Exactly the opposite,
>> in fact.
>>
>> Brian
>> ___
>> Ietf mailing list
>> Ietf@ietf.org
>> https://www.ietf.org/mailman/listinfo/ietf
> 
> 
> 
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Retention of blue sheets

[Marc Petit-Huguenin]

Stephan Wenger wrote:
> Hi Brian,
> 
> One can sit in a WG meeting for years, and never incur a disclosure
> obligation under BCP78, correct?  Just sitting there and not
> saying/writing/contributing a thing does not trigger a disclosure
> obligation.  Same goes for merely being subscribed to a mailing list.

Am I right that somebody whose only participation is a hum in a WG
session is under disclosure obligation? (not that there is any way
to enforce this).

-- 
Marc Petit-Huguenin
Home: m...@petit-huguenin.org
Work: petit...@acm.org
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Retention of blue sheets

[Stephan Wenger]

Hi Brian,

One can sit in a WG meeting for years, and never incur a disclosure
obligation under BCP78, correct?  Just sitting there and not
saying/writing/contributing a thing does not trigger a disclosure
obligation.  Same goes for merely being subscribed to a mailing list.  This
is a major difference from the organization where that infamous case law of
Pete's has had its playground.

That said, I'm in favor of keeping the blue sheets based on principles of
record retention.  But their IPR impact, I believe, is rather limited.

Regards,
Stephan


On 7/30/09 4:00 PM, "Brian E Carpenter"  wrote:

> On 2009-07-31 02:25, Pete Resnick wrote:
>> On 7/30/09 at 3:03 PM +0100, Samuel Weiler wrote:
>> 
>>> What harms would come from destroying those old records and/or not
>>> collecting such details in the future?  And how widespread is the
>>> support for destroying them?
>> 
>> Repeating something I just mentioned to Sam in the hallway (and IANAL,
>> even though I teach some of this stuff to engineers):
>> 
>> There is some case law that says that if you participate (even
>> passively) in a standards body in which patent disclosure is required,
>> and you choose not to disclose your patents, you may lose your rights to
>> assert the patents. Having a blue sheet with someone's name on it may be
>> sufficient for a court to find that the person can't assert. I think
>> that makes the blue sheets worth keeping.
> 
> I think that we *care* about IPR disclosures and that we *hate* the idea
> of people observing IETF activity and concealing relevant patents. So having
> a record of WG attendance is important; having a record of mailing list
> membership would be the same. We want to make sure that people can't
> falsely plead ignorance in case of missing IPR disclosures.
> 
> Indeed, it isn't the IETF itself that would end up in court, but our records
> can end up in court as evidence that a patent holder did (or did not)
> participate in a standards discussion and did (or did not) make an
> appropriate IPR disclosure.
> 
> That means keeping attendance records for many years - at least for the
> lifetime of a hypothetical patent.
> 
> I agree with Alissa that having an explicit privacy policy would be a
> good idea, but the fact of participation in an open standards process
> certainly cannot be considered a private matter. Exactly the opposite,
> in fact.
> 
> Brian
> ___
> Ietf mailing list
> Ietf@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf


___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Retention of blue sheets

[Paul Wouters]

On Fri, 31 Jul 2009, Brian E Carpenter wrote:


I think that we *care* about IPR disclosures and that we *hate* the idea
of people observing IETF activity and concealing relevant patents. So having
a record of WG attendance is important; having a record of mailing list
membership would be the same. We want to make sure that people can't
falsely plead ignorance in case of missing IPR disclosures.



That means keeping attendance records for many years - at least for the
lifetime of a hypothetical patent.


Though blue sheets have no security. They can only be used as evidence
for someone being there (after verifying handwriting). The blue sheets
can never proof someone was NOT there. Neither can the IETF payment
system. Someone could pay and then not show up (because of last minute
legal advise against showing up for example)

Paul
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Retention of blue sheets

[Brian E Carpenter]

On 2009-07-31 02:25, Pete Resnick wrote:
> On 7/30/09 at 3:03 PM +0100, Samuel Weiler wrote:
> 
>> What harms would come from destroying those old records and/or not
>> collecting such details in the future?  And how widespread is the
>> support for destroying them?
> 
> Repeating something I just mentioned to Sam in the hallway (and IANAL,
> even though I teach some of this stuff to engineers):
> 
> There is some case law that says that if you participate (even
> passively) in a standards body in which patent disclosure is required,
> and you choose not to disclose your patents, you may lose your rights to
> assert the patents. Having a blue sheet with someone's name on it may be
> sufficient for a court to find that the person can't assert. I think
> that makes the blue sheets worth keeping.

I think that we *care* about IPR disclosures and that we *hate* the idea
of people observing IETF activity and concealing relevant patents. So having
a record of WG attendance is important; having a record of mailing list
membership would be the same. We want to make sure that people can't
falsely plead ignorance in case of missing IPR disclosures.

Indeed, it isn't the IETF itself that would end up in court, but our records
can end up in court as evidence that a patent holder did (or did not)
participate in a standards discussion and did (or did not) make an
appropriate IPR disclosure.

That means keeping attendance records for many years - at least for the
lifetime of a hypothetical patent.

I agree with Alissa that having an explicit privacy policy would be a
good idea, but the fact of participation in an open standards process
certainly cannot be considered a private matter. Exactly the opposite,
in fact.

Brian
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Retention of blue sheets

[Scott O. Bradner]

Bill - sez
Pointing this out for completeness sake, it is not currently
required to sign said sheets to participate in WG sessions.

no one is lording over you but it is expected that all people in
the room will sign

Scott
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Retention of blue sheets

[Eliot Lear]

Hi Simon,

On 7/30/09 8:50 PM, Simon Josefsson wrote:
> Perhaps there are different definitions of "public", but I wouldn't call
> anything that required registration, payment, and legal obligations
> (NOTE WELL) to be called a "public meeting".
>   

Yeah, I think we have different definitions.  Anyone from the public may
register, pay the fee, and agree to the terms of participation.  Nobody
is excluded.
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Retention of blue sheets

[Simon Josefsson]

Eliot Lear  writes:

> Unless the sobpeonas pose a substantial burden to the secretariat, I
> would prefer that we do not throw away history.  These are public
> meetings, after all.

Perhaps there are different definitions of "public", but I wouldn't call
anything that required registration, payment, and legal obligations
(NOTE WELL) to be called a "public meeting".

/Simon
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Retention of blue sheets

[Bill Manning]

On Thu, Jul 30, 2009 at 04:25:11PM +0200, Pete Resnick wrote:
> On 7/30/09 at 3:03 PM +0100, Samuel Weiler wrote:
> 
> >What harms would come from destroying those old records and/or not 
> >collecting such details in the future?  And how widespread is the 
> >support for destroying them?
> 
> Repeating something I just mentioned to Sam in the hallway (and 
> IANAL, even though I teach some of this stuff to engineers):
> 
> There is some case law that says that if you participate (even 
> passively) in a standards body in which patent disclosure is 
> required, and you choose not to disclose your patents, you may lose 
> your rights to assert the patents. Having a blue sheet with someone's 
> name on it may be sufficient for a court to find that the person 
> can't assert. I think that makes the blue sheets worth keeping.
> 
> pr
> -- 
> Pete Resnick 
> Qualcomm Incorporated - Direct phone: (858)651-4478, Fax: (858)651-1102
> ___
> Ietf mailing list
> Ietf@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf


you then have the burden of proof to show that you
were not there, when I have signed you name to the blue
sheet.

-- 
--bill

Opinions expressed may not even be mine by the time you read them, and
certainly don't reflect those of any other entity (legal or otherwise).

___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Retention of blue sheets

[Bill Manning]

On Thu, Jul 30, 2009 at 10:11:39AM -0400, Scott O. Bradner wrote:
> the reason that the blue sheets were created was as part of maintaining
> a full record of the open standards process - the question of room size
> was never considered
> 
> the basic idea is discussed in section 8 of RFC 2026
> 
> 
>Each of the organizations involved in the development and approval of
>Internet Standards shall publicly announce, and shall maintain a
>publicly accessible record of, every activity in which it engages, to
>the extent that the activity represents the prosecution of any part
>of the Internet Standards Process.  For purposes of this section, the
>organizations involved in the development and approval of Internet
>Standards includes the IETF, the IESG, the IAB, all IETF Working
>Groups, and the Internet Society Board of Trustees.
> 
> 2026 does not specifically mention maintaining a list of who was
> at the meetings but that is clarly a part of a full record
> 
> in addition, RFC 2418 section 3.1 requires obtaining a list of attendees
> 
>All working group sessions (including those held outside of the IETF
>meetings) shall be reported by making minutes available.  These
>minutes should include the agenda for the session, an account of the
>discussion including any decisions made, and a list of attendees. The
>Working Group Chair is responsible for insuring that session minutes
>are written and distributed, though the actual task may be performed
>by someone designated by the Working Group Chair. The minutes shall
>be submitted in printable ASCII text for publication in the IETF
>Proceedings, and for posting in the IETF Directories and are to be
>sent to: minu...@ietf.org
> 
> Scott
> ___
> Ietf mailing list
> Ietf@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf


Pointing this out for completeness sake, it is not currently
required to sign said sheets to participate in WG sessions.
In dim memory, there was discussion of creating/using tracking
technology (RFIDs in badges) to obviate the need to sign in.


-- 
--bill

Opinions expressed may not even be mine by the time you read them, and
certainly don't reflect those of any other entity (legal or otherwise).

___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Retention of blue sheets

[Marshall Eubanks]

On Jul 30, 2009, at 11:49 AM, Alissa Cooper wrote:

The fact that this came up in the context of subpoenas argues in the  
other direction. That meeting attendance is subject to subpoena was  
probably not evident (or disclosed) to most attendees. What kinds of  
legal process does the Trust respond to? Do requests have to have  
court backing, or would the blue sheets be disclosed to anyone who  
wanted to see them? I agree that in the context of blue sheets, the  
answers to these questions are unlikely to be frequently invoked.  
But it still makes sense to have a policy around it and to disclose  
that policy. Otherwise, people who would want to avoid signing a  
sheet due to privacy concerns wouldn't even know of their need to  
avoid signing.


Furthermore, the blue sheets are in some ways the least of the data  
collected by the IETF. What happens to all of our meeting  
registration and payment data? What about the server logs for the  
IETF web sites? I'm not saying less data should be collected (I  
don't really know enough to evaluate that). I just think there  
should be a policy for protecting that data and the people it  
describes. It is hard to come by an organization web site that  
doesn't contain a privacy policy these days.




THe Trust has a documents retention policy (the current one is at

http://trustee.ietf.org/docs/IETF_Trust_Records_Retention_Policy_(Complete_Final).pdf 
 )


Here is some background. I am only talking about physical material,  
not electronic records.


Most of the physical material held by the IETF Trust was turned over  
by CNRI as part of the the Settlement
that set up the Trust. I volunteered to evaluate this material, and  
went with the IAD one cold day to look at
several pallets worth of material (much of which was CNRI material not  
belonging to the Trust, such records of other conferences run by  
Foretec, and all of which was gone through).


This IETF material totaled 64 boxes, including Blue Sheets (starting  
with IETF 22 in 1991) and a mass of registration payment material  
(starting with IETF 26 in 1993). Some of this material was obviously  
highly sensitive (random samplings showed canceled checks, credit card  
imprints, passport photo page copies, US Social Security Numbers,  
addresses, phone numbers, etc.). While I do know how this material was  
treated previously, while in the Trust's possession it was always held  
in a secure storage facility.


There were various discussions by the Trustees with counsel about how  
to handle this material, what should be kept, and for what periods.  
Agreements with Credit Card companies mean that credit card material  
has to kept for a relatively short period of time (18 months), in case  
the bill is disputed, and it was decided to adopt that period for  
canceled checks and other sensitive personal information.


The result is the above Document Retention Policy, and the IAD and I  
duly went to the storage facility once this was enacted and the  
sensitive material in the Trust's possession was destroyed. New  
material is held by the Secretariat and is generally destroyed by the  
Secretariat before it goes into the Trust archives. Other material is  
held as called for in the Document retention policy.


I hope that you find this background useful.

Regards
Marshall


Alissa

On Jul 30, 2009, at 5:32 PM, David Morris wrote:




On Thu, 30 Jul 2009, Alissa Cooper wrote:

The discussion about blue sheets begs the question: does the IETF  
(or the Trust) have a privacy policy? I did a quick look for one  
but I didn't see one posted anywhere. If there's a legal entity  
collecting personal information (which there obviously is), it  
should have a privacy policy.


It is a stretch, which my imagination can't fathom, to consider a  
list of attendees in a public meeting to be personal information.  
Give the ease with which one can avoid having one's name recorded,  
I don't see any issue except the administrative support issues  
related to storing old paper.

___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf











___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf



___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Retention of blue sheets

[Samuel Weiler]

[Sorry for the possible duplicate; my posting from last night hasn't 
appeared yet.]


During the plenary yesterday, it came out that the IETF has retained 
the working group attendance sheets ("blue sheets") from previous 
meetings, and those are occasionally the subject of subpoenas.


In the interest of minimizing IETF overhead and reducing legal risks 
to individual participants, I'd like to see those old records 
destroyed.  And, though there appeared to be a variety of opinions, it 
sounded like I wasn't alone in this.


The reason typically given for the attendance lists is planning 
meeting room capacity.  That purpose could easily be accomplished with 
a headcount or by counting the number of names on the attendee list 
then immediately destroying the list.  Most of us aren't 
mathematicians by training: we should be able to count the number of 
people in the room.


What harms would come from destroying those old records and/or not 
collecting such details in the future?  And how widespread is the 
support for destroying them?


-- Sam
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Retention of blue sheets

[Samuel Weiler]

During the plenary this evening, it came out that the IETF has 
retained the working group attendance sheets ("blue sheets") from 
previous meetings, and those are occasionally the subject of 
subpoenas.


In the interest of minimizing IETF overhead and reducing legal risks 
to individual participants, I'd like to see those old records 
destroyed.  And, though there appeared to be a variety of opinions, it 
sounded like I wasn't alone in this.


The reason typically given for the attendance lists is planning 
meeting room capacity.  That purpose could easily be accomplished with 
a headcount or by counting the number of names on the attendee list 
then immediately destroying the list.  Most of us aren't 
mathematicians by training: we should be able to count the number of 
people in the room.


What harms would come from destroying those old records and/or not 
collecting such details in the future?  And how widespread is the 
support for destroying them?


-- Sam
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Retention of blue sheets

[Alissa Cooper]

The fact that this came up in the context of subpoenas argues in the  
other direction. That meeting attendance is subject to subpoena was  
probably not evident (or disclosed) to most attendees. What kinds of  
legal process does the Trust respond to? Do requests have to have  
court backing, or would the blue sheets be disclosed to anyone who  
wanted to see them? I agree that in the context of blue sheets, the  
answers to these questions are unlikely to be frequently invoked. But  
it still makes sense to have a policy around it and to disclose that  
policy. Otherwise, people who would want to avoid signing a sheet due  
to privacy concerns wouldn't even know of their need to avoid signing.


Furthermore, the blue sheets are in some ways the least of the data  
collected by the IETF. What happens to all of our meeting registration  
and payment data? What about the server logs for the IETF web sites?  
I'm not saying less data should be collected (I don't really know  
enough to evaluate that). I just think there should be a policy for  
protecting that data and the people it describes. It is hard to come  
by an organization web site that doesn't contain a privacy policy  
these days.


Alissa

On Jul 30, 2009, at 5:32 PM, David Morris wrote:




On Thu, 30 Jul 2009, Alissa Cooper wrote:

The discussion about blue sheets begs the question: does the IETF  
(or the Trust) have a privacy policy? I did a quick look for one  
but I didn't see one posted anywhere. If there's a legal entity  
collecting personal information (which there obviously is), it  
should have a privacy policy.


It is a stretch, which my imagination can't fathom, to consider a  
list of attendees in a public meeting to be personal information.  
Give the ease with which one can avoid having one's name recorded, I  
don't see any issue except the administrative support issues related  
to storing old paper.

___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf











___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Retention of blue sheets

[David Morris]

On Thu, 30 Jul 2009, Alissa Cooper wrote:

The discussion about blue sheets begs the question: does the IETF (or the 
Trust) have a privacy policy? I did a quick look for one but I didn't see one 
posted anywhere. If there's a legal entity collecting personal information 
(which there obviously is), it should have a privacy policy.


It is a stretch, which my imagination can't fathom, to consider a list of 
attendees in a public meeting to be personal information. Give the ease 
with which one can avoid having one's name recorded, I don't see any issue 
except the administrative support issues related to storing old paper.

___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Retention of blue sheets

[Alissa Cooper]

The discussion about blue sheets begs the question: does the IETF (or  
the Trust) have a privacy policy? I did a quick look for one but I  
didn't see one posted anywhere. If there's a legal entity collecting  
personal information (which there obviously is), it should have a  
privacy policy.


Alissa

On Jul 30, 2009, at 4:27 PM, Eliot Lear wrote:


Going even further, I would like to see the list of attendees for each
working group made visible online, so those of us who aren't there can
determine who was there.  I realize that might well be a burden, of  
course.


Eliot

On 7/30/09 4:24 PM, Eliot Lear wrote:

Unless the sobpeonas pose a substantial burden to the secretariat, I
would prefer that we do not throw away history.  These are public
meetings, after all.

Eliot

On 7/30/09 4:03 PM, Samuel Weiler wrote:


[Sorry for the possible duplicate; my posting from last night hasn't
appeared yet.]

During the plenary yesterday, it came out that the IETF has retained
the working group attendance sheets ("blue sheets") from previous
meetings, and those are occasionally the subject of subpoenas.

In the interest of minimizing IETF overhead and reducing legal risks
to individual participants, I'd like to see those old records
destroyed.  And, though there appeared to be a variety of  
opinions, it

sounded like I wasn't alone in this.

The reason typically given for the attendance lists is planning
meeting room capacity.  That purpose could easily be accomplished  
with

a headcount or by counting the number of names on the attendee list
then immediately destroying the list.  Most of us aren't
mathematicians by training: we should be able to count the number of
people in the room.

What harms would come from destroying those old records and/or not
collecting such details in the future?  And how widespread is the
support for destroying them?

-- Sam
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf






___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf











___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Retention of blue sheets

[Ole Jacobsen]

I think it was pretty clearly explained that there is much benefit to 
retaining the records. Listening to the comments in the plenary I 
would indeed say that you were ALMOST alone in thinking otherwise.

As for the "legal risk", it was also explained that the IETF itself
or, rather, the IETF Trust, has never been the "target" of any of the
subphoenas. The only "risk" is that a trust member has to 
*occasionally* go dig out some old bluesheets in order to satisfy
the request which typcially have to do with "proving" if person X
was present in meeting Y.

Ole


Ole J. Jacobsen
Editor and Publisher,  The Internet Protocol Journal
Cisco Systems
Tel: +1 408-527-8972   Mobile: +1 415-370-4628
E-mail: o...@cisco.com  URL: http://www.cisco.com/ipj



On Thu, 30 Jul 2009, Samuel Weiler wrote:

> [Sorry for the possible duplicate; my posting from last night hasn't
> appeared yet.]
> 
> During the plenary yesterday, it came out that the IETF has retained the
> working group attendance sheets ("blue sheets") from previous meetings, and
> those are occasionally the subject of subpoenas.
> 
> In the interest of minimizing IETF overhead and reducing legal risks to
> individual participants, I'd like to see those old records destroyed.  And,
> though there appeared to be a variety of opinions, it sounded like I wasn't
> alone in this.
> 
> The reason typically given for the attendance lists is planning meeting room
> capacity.  That purpose could easily be accomplished with a headcount or by
> counting the number of names on the attendee list then immediately destroying
> the list.  Most of us aren't mathematicians by training: we should be able to
> count the number of people in the room.
> 
> What harms would come from destroying those old records and/or not collecting
> such details in the future?  And how widespread is the support for destroying
> them?
> 
> -- Sam
> ___
> Ietf mailing list
> Ietf@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf
> 
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Retention of blue sheets

[Eliot Lear]

Going even further, I would like to see the list of attendees for each
working group made visible online, so those of us who aren't there can
determine who was there.  I realize that might well be a burden, of course.

Eliot

On 7/30/09 4:24 PM, Eliot Lear wrote:
> Unless the sobpeonas pose a substantial burden to the secretariat, I
> would prefer that we do not throw away history.  These are public
> meetings, after all.
>
> Eliot
>
> On 7/30/09 4:03 PM, Samuel Weiler wrote:
>   
>> [Sorry for the possible duplicate; my posting from last night hasn't
>> appeared yet.]
>>
>> During the plenary yesterday, it came out that the IETF has retained
>> the working group attendance sheets ("blue sheets") from previous
>> meetings, and those are occasionally the subject of subpoenas.
>>
>> In the interest of minimizing IETF overhead and reducing legal risks
>> to individual participants, I'd like to see those old records
>> destroyed.  And, though there appeared to be a variety of opinions, it
>> sounded like I wasn't alone in this.
>>
>> The reason typically given for the attendance lists is planning
>> meeting room capacity.  That purpose could easily be accomplished with
>> a headcount or by counting the number of names on the attendee list
>> then immediately destroying the list.  Most of us aren't
>> mathematicians by training: we should be able to count the number of
>> people in the room.
>>
>> What harms would come from destroying those old records and/or not
>> collecting such details in the future?  And how widespread is the
>> support for destroying them?
>>
>> -- Sam
>> ___
>> Ietf mailing list
>> Ietf@ietf.org
>> https://www.ietf.org/mailman/listinfo/ietf
>>
>> 
>   

___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Retention of blue sheets

[Pete Resnick]

On 7/30/09 at 3:03 PM +0100, Samuel Weiler wrote:

What harms would come from destroying those old records and/or not 
collecting such details in the future?  And how widespread is the 
support for destroying them?


Repeating something I just mentioned to Sam in the hallway (and 
IANAL, even though I teach some of this stuff to engineers):


There is some case law that says that if you participate (even 
passively) in a standards body in which patent disclosure is 
required, and you choose not to disclose your patents, you may lose 
your rights to assert the patents. Having a blue sheet with someone's 
name on it may be sufficient for a court to find that the person 
can't assert. I think that makes the blue sheets worth keeping.


pr
--
Pete Resnick 
Qualcomm Incorporated - Direct phone: (858)651-4478, Fax: (858)651-1102
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Retention of blue sheets

[Eliot Lear]

Unless the sobpeonas pose a substantial burden to the secretariat, I
would prefer that we do not throw away history.  These are public
meetings, after all.

Eliot

On 7/30/09 4:03 PM, Samuel Weiler wrote:
> [Sorry for the possible duplicate; my posting from last night hasn't
> appeared yet.]
>
> During the plenary yesterday, it came out that the IETF has retained
> the working group attendance sheets ("blue sheets") from previous
> meetings, and those are occasionally the subject of subpoenas.
>
> In the interest of minimizing IETF overhead and reducing legal risks
> to individual participants, I'd like to see those old records
> destroyed.  And, though there appeared to be a variety of opinions, it
> sounded like I wasn't alone in this.
>
> The reason typically given for the attendance lists is planning
> meeting room capacity.  That purpose could easily be accomplished with
> a headcount or by counting the number of names on the attendee list
> then immediately destroying the list.  Most of us aren't
> mathematicians by training: we should be able to count the number of
> people in the room.
>
> What harms would come from destroying those old records and/or not
> collecting such details in the future?  And how widespread is the
> support for destroying them?
>
> -- Sam
> ___
> Ietf mailing list
> Ietf@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf
>

___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Retention of blue sheets

[Scott Brim]

Samuel Weiler allegedly wrote on 07/30/2009 16:03 GMT+02:00:

[Sorry for the possible duplicate; my posting from last night hasn't
appeared yet.]

During the plenary yesterday, it came out that the IETF has retained the
working group attendance sheets ("blue sheets") from previous meetings,
and those are occasionally the subject of subpoenas.

In the interest of minimizing IETF overhead and reducing legal risks to
individual participants, I'd like to see those old records destroyed.
And, though there appeared to be a variety of opinions, it sounded like
I wasn't alone in this.

The reason typically given for the attendance lists is planning meeting
room capacity. That purpose could easily be accomplished with a
headcount or by counting the number of names on the attendee list then
immediately destroying the list. Most of us aren't mathematicians by
training: we should be able to count the number of people in the room.

What harms would come from destroying those old records and/or not
collecting such details in the future? And how widespread is the support
for destroying them?

-- Sam


I'd be favor of tossing them but there are legal requirements, e.g. on 
occasion they are subpoenaed.

___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Retention of blue sheets

[Scott O. Bradner]

the reason that the blue sheets were created was as part of maintaining
a full record of the open standards process - the question of room size
was never considered

the basic idea is discussed in section 8 of RFC 2026


   Each of the organizations involved in the development and approval of
   Internet Standards shall publicly announce, and shall maintain a
   publicly accessible record of, every activity in which it engages, to
   the extent that the activity represents the prosecution of any part
   of the Internet Standards Process.  For purposes of this section, the
   organizations involved in the development and approval of Internet
   Standards includes the IETF, the IESG, the IAB, all IETF Working
   Groups, and the Internet Society Board of Trustees.

2026 does not specifically mention maintaining a list of who was
at the meetings but that is clarly a part of a full record

in addition, RFC 2418 section 3.1 requires obtaining a list of attendees

   All working group sessions (including those held outside of the IETF
   meetings) shall be reported by making minutes available.  These
   minutes should include the agenda for the session, an account of the
   discussion including any decisions made, and a list of attendees. The
   Working Group Chair is responsible for insuring that session minutes
   are written and distributed, though the actual task may be performed
   by someone designated by the Working Group Chair. The minutes shall
   be submitted in printable ASCII text for publication in the IETF
   Proceedings, and for posting in the IETF Directories and are to be
   sent to: minu...@ietf.org

Scott
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Retention of blue sheets

[Samuel Weiler]

[Sorry for the possible duplicate; my posting from last night hasn't
appeared yet.]

During the plenary yesterday, it came out that the IETF has retained 
the working group attendance sheets ("blue sheets") from previous 
meetings, and those are occasionally the subject of subpoenas.


In the interest of minimizing IETF overhead and reducing legal risks to 
individual participants, I'd like to see those old records destroyed.  And, 
though there appeared to be a variety of opinions, it sounded like I wasn't 
alone in this.


The reason typically given for the attendance lists is planning meeting room 
capacity.  That purpose could easily be accomplished with a headcount or by 
counting the number of names on the attendee list then immediately destroying 
the list.  Most of us aren't mathematicians by training: we should be able to 
count the number of people in the room.


What harms would come from destroying those old records and/or not collecting 
such details in the future?  And how widespread is the support for destroying 
them?


-- Sam
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf