Network Working Group H. Alvestrand Internet-Draft Cisco Systems Expires: February 2, 2006 B. Carpenter IBM R. Pelletier IASA August 2005 Subpoenas in the IETF: Procedures draft-alvestrand-subpoena-01.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on February 2, 2006. Copyright Notice Copyright (C) The Internet Society (2005). Abstract This document describes the IETF's procedures for handling subpoenas served on the IETF. This is an adaptation of the ad-hoc procedures that the IESG has applied for recent such events, taking account of the creation of the IETF Administrative Support Activity (IASA). Alvestrand, et al. Expires February 2, 2006 [Page 1] Internet-Draft Subpoena handling August 2005 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Responsibility issues . . . . . . . . . . . . . . . . . . 3 2. Legal basis for subpoena . . . . . . . . . . . . . . . . . . . 3 3. Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . 4 4. Normal procedure . . . . . . . . . . . . . . . . . . . . . . . 5 5. Strategies for Responding to Subpoenas . . . . . . . . . . . . 6 6. Costs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 7. Security Considerations . . . . . . . . . . . . . . . . . . . 7 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7 Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 7 9. Normative references . . . . . . . . . . . . . . . . . . . . . 7 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 9 Intellectual Property and Copyright Statements . . . . . . . . . . 10 Alvestrand, et al. Expires February 2, 2006 [Page 2] Internet-Draft Subpoena handling August 2005 1. Introduction Sometimes, people engaged in lawsuits write subpoena letters to the IETF requesting information. The IETF has good reason to come up with that information when it happens. This document describes how the IETF deals with providing that information. This procedure deals with subpoenas brought in US courts, because that is the only type the IETF so far has to deal with. If the IETF ever has to deal with similar issues in other jurisdictions, this document will have to be updated. While this document is related to certain IETF process rules, it is not intended to change any of the underlying principles. The authors would welcome comments on this document, which is expected to end up as an informational web page (and therefore doesn't contain all the required sections for RFCs). 1.1. Responsibility issues o This procedure was last used before the introduction of the IASA[4] and the IETF Trust. The persons primarily responsible for action have been updated to include the IETF Adminstrative Director (IAD) rather than the IETF Secretariat. o It is assumed that, once notified, the IETF's legal counsel is in charge of the process. 2. Legal basis for subpoena Sometimes when companies are engaged in U.S. litigation relating to technologies that use or incorporate IETF standards, one or more of the litigants will wish to obtain information directly from the IETF. This is likely to occur when the litigant believes that some activity that occurred within the IETF process[1], or some intellectual property relating to an IETF standard[2][3], is directly related to the case. To obtain this information, the litigant will request that a state or federal court issue a "third party" subpoena to IETF seeking this information, either in the form of existing documents or witness testimony. A "third party" subpoena should be distinguished from a "direct" subpoena, which would be issued if IETF were involved in litigation directly, as a party to the litigation rather than as a witness. Subpoenas may also be issued by the government in matters in which the prosecutor or agency official believes that an IETF activity or standard may have relevance to a criminal prosecution or agency investigation. Alvestrand, et al. Expires February 2, 2006 [Page 3] Internet-Draft Subpoena handling August 2005 Subpoenas carry the authority of the court that issued them, and failure to comply with any type of subpoena could subject the IETF to charges of contempt of court and other civil and/or criminal penalties. Thus, no matter what type of subpoena is issued to IETF, all should be addressed seriously and in accordance with the procedures outlined in this document. In order to be effective, a subpoena must be "served" on the party to which it is directed. "Service of process" is a somewhat arcane legal doctrine that requires legal papers to be delivered in person by an authorized "process server" to an authorized representative of the subpoenaed party. Because the IETF operates in a distributed, decentralized manner, the preferred recipient of all subpoenas is the IETF's current legal counsel, who would be authorized to accept service on behalf of the IETF. If a subpoena intended for the IETF is received by any member of the IETF community, it should be provided as quickly as possible to the IETF legal counsel, currently: Wilmer Cutler Pickering Hale and Dorr LLP 1899 Pennsylvania Ave. N.W. Washington, D.C. 20006 USA Fax: 202-663-6712 Attention: Jorge L. Contreras E-mail: jorge.contreras@wilmerhale.com This contact information should be visible on the IETF web pages (at the time of this writing, it is not), and also be provided to any person who inquires where an IETF subpoena should be issued. A later version of this document may replace this address with the URL to the page. 3. Procedure Dealing with a subpoena is complex, because you require multiple fields of knowledge - you need legal assistance, you need someone who knows the technology in question (so that you can figure out what the hell is being asked about), and you need someone who knows how the IETF works, and where information is likely to be found. The IETF lawyer (currently Jorge Contreras) is the proper recipient of the subpoena. He will contact the IETF Chair to get the identification of the technology area. They will together supervise the formation of a team. The procedure here creates a team for every subpoena, consisting of: Alvestrand, et al. Expires February 2, 2006 [Page 4] Internet-Draft Subpoena handling August 2005 o A legal advisor, picked by the IETF lawyer o A technology expert, picked by the Area Director (AD) responsible for the technology for which information is being sought. It may be the AD. o A procedure expert, picked by the IETF Chair (or, if the IETF Chair is somehow involved in the case, by the IAB Chair) o The IAD, responsible for searches in data held by the IETF Trust or the Secretariat that are not publicly available * The IAD will identify a Secretariat contact person, to do searches in IETF data held by the Secretariat that are not publicly available, but this person is not a primary member of the team. The legal advisor will be the leader of the team, and tell the other members when the material required to satisfy the subpoena is complete. The procedure expert will help identify records that are kept by the IETF, either publicly or privately, that may satisfy the material. This is likely to be an AD or ex-AD. (This role has been filled in the past by Scott Bradner.) The technology expert will help identify from the identifiers in the subpoena what documents, working groups and mailing lists the information is likely to be found in. 4. Normal procedure The section above identifies the actors, and what they are responsible for. This section describes an example set of actions that are taken while dealing with the subpoena. o The subpoena is sent to the IETF Lawyer by the Questioner. o The IETF Lawyer informs the IETF Chair that it has arrived, and transfers a copy. o The IETF Lawyer and the IETF Chair determine what the technology area is, the IETF Lawyer sends a request for extended time to the Questioner, and they start selecting the team - this includes informing the IAD that the subpoena has arrived. o The Legal Advisor gathers the team for a teleconference to go through the material requested, and, with the assistance of the team, sorts it into 4 types: Available from public sources, available from the Secretariat or Trust archives, not easily accessible from the Secretariat or Trust archives, and not available from the Secretariat or Trust archives. Alvestrand, et al. Expires February 2, 2006 [Page 5] Internet-Draft Subpoena handling August 2005 o The Legal Advisor informs the Questioner about the existence of the publicly available material, sends a list to the IAD asking him or her to produce the available archival material, questions whether requesting the not-easily-available material is appropriate, and denies the existence of the unavailable material. o The list provided to the IAD will give the identity, the requested format and the deadline for the material requested. o The Legal Advisor will negotiate extended deadlines and reductions in the requested information as appropriate. o Once the full collection of non-public material is collected, the Legal Advisor will forward this to the Questioner. 5. Strategies for Responding to Subpoenas The responsibility of the IETF in responding to a subpoena issued to it is limited to producing those paper or electronic documents in its possession, custody or control. It is under no duty to make a request to others for documents not subject to IETF's control at the time it received the subpoena. The strategy for responding to a subpoena will be developed by the team with the guidance of the legal advisor. Many subpoenas are initially drafted broadly and request information that may be unnecessary or beyond the scope of the litigation, or the production of which would cause undue hardship on IETF. If this occurs (as it often does), the legal advisor will work with the team to narrow the scope of the request, either through informal discussions with the litigants' counsel or through service of formal objections and eventual motion practice in court. The legal advisor will also work with the team to identify which documents and types of documents should be provided in response to a subpoena. If documents are generally available from public online sources, a pointer to the archive may be a sufficient response. If, however, there is correspondence between IETF officers and counsel, or which has been prepared by IETF's counsel in anticipation of litigation, these documents may be covered by a formal legal privilege, and should not be disclosed. Also, any documents that are eventually produced must be numbered and marked for confidentiality. Thus, it is critical that no documents or information be provided to any third party in response to a subpoena without the guidance and approval of the legal advisor. Subpoenas sometimes request that IETF make witnesses available for depositions or direct testimony in court. Such requests may place a burden on the persons requested to appear, and the legal advisor will work with the team to determine whether and to what extent such Alvestrand, et al. Expires February 2, 2006 [Page 6] Internet-Draft Subpoena handling August 2005 requests should be opposed or limited. 6. Costs This procedure assumes that the procedure and technology experts will volunteer their time as IETF participants, unless they are required to appear at witnesses and incur travel or other expenses, the reimbursement of which will be discussed with the IAD prior to being incurred. The IAD will participate in this process as part of his or her duties. The legal advisor will agree in advance with the IAD whether any charges will be required, or whether the work required can be handled on a pro-bono basis. Any other costs must be approved by the IAD before they are incurred. 7. Security Considerations The process described in this memo has no direct bearing on the security of the Internet. It is conceivable that someone might use the subpoena mechanism to try to get at material that would reveal private keys, passwords and other security-sensitive material, which could concievably compromise IETF operations. Such subpoenas should be resisted on the ground that they are not reasonable. 8. Acknowledgements Jorge Contreras and Barbara Fuller gave extensive comments on an earlier, internal version of this draft, and in particular Jorge Contreras contributed significant text to this memo. All errors are, of course, the authors' responsibility. Appendix A. Change Log This section should be removed by the RFC Editor. Version -01: New co-authors, updated to allow for IASA and Trust. 9. Normative references [1] Bradner, S., "The Internet Standards Process -- Revision 3", BCP 9, RFC 2026, October 1996. [2] Bradner, S., "IETF Rights in Contributions", BCP 78, RFC 3978, Alvestrand, et al. Expires February 2, 2006 [Page 7] Internet-Draft Subpoena handling August 2005 March 2005. [3] Bradner, S., "Intellectual Property Rights in IETF Technology", BCP 79, RFC 3979, March 2005. [4] Austein, R. and B. Wijnen, "Structure of the IETF Administrative Support Activity (IASA)", BCP 101, RFC 4071, April 2005. Alvestrand, et al. Expires February 2, 2006 [Page 8] Internet-Draft Subpoena handling August 2005 Authors' Addresses Harald Alvestrand Cisco Systems Email: harald@alvestrand.no Brian Carpenter IBM 48 Avenue Giuseppe Motta 1211 Geneva 2, Switzerland Email: brc@zurich.ibm.com Ray Pelletier IETF Administrative Support Activity 1775 Wiehle Ave., Suite 102 Reston, VA, 20190-5108 USA Email: iad@ietf.org Alvestrand, et al. Expires February 2, 2006 [Page 9] Internet-Draft Subpoena handling August 2005 Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Disclaimer of Validity This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright Statement Copyright (C) The Internet Society (2005). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society. Alvestrand, et al. Expires February 2, 2006 [Page 10]