This document describes the IETF's procedures for handling subpoenas served on the IETF. This is an adaptation of the ad-hoc procedures that the IESG has applied for recent such events, taking account of the creation of the IETF Administrative Support Activity (IASA).
1.1. Responsibility issues
2. Legal basis for subpoena
4. Normal procedure
5. Strategies for Responding to Subpoenas
7. Security Considerations
Appendix A. Change Log
Sometimes, people engaged in lawsuits serve subpoenas on the IETF requesting information. The IETF has good reason to come up with that information when it happens. This document describes how the IETF deals with providing that information while simultaneously protecting its legal rights. It is not a legal text and has no formal status.
This procedure deals with subpoenas served in cases brought in US courts, because that is the only type the IETF so far has to deal with. If the IETF ever has to deal with similar issues in other jurisdictions, this document will have to be updated.
While this document is related to certain IETF process rules, it is not intended to change any of the underlying principles.
Subpoenas received are published online at: http://iaoc.ietf.org/subpoenas.html
Parties engaged in U.S. litigation relating to technologies that use or incorporate IETF standards may wish to obtain information directly from the IETF, in the form of documents, responses to questions or other tangible items. This is likely to occur when the litigant believes that some activity that occurred within the IETF process[RFC2026] (Bradner, S., “The Internet Standards Process -- Revision 3,” October 1996.), or some intellectual property relating to an IETF standard[RFC3978] (Bradner, S., “IETF Rights in Contributions,” March 2005.)[RFC4748] (Bradner, S., “RFC 3978 Update to Recognize the IETF Trust,” October 2006.) [RFC3979] (Bradner, S., “Intellectual Property Rights in IETF Technology,” March 2005.), is directly related to the case in question. The term "documents" is often defined broadly by subpoenas and can include both electronic and hard copy sources.
To obtain such information, the litigant may serve a subpoena on the IETF seeking the information. Subpoenas may also be served by government agencies in criminal prosecutions or agency investigations in which the prosecutor or agency official believes that an IETF activity or standard may be relevant.
Subpoenas carry the authority of the court that issued them, and failure to comply with a subpoena could subject the IETF to charges of contempt of court and other civil and/or criminal penalties. Thus, subpoenas should be addressed seriously and in accordance with the procedures outlined in this document.
In order to be effective, a subpoena must first be "served" on the party to which it is directed. "Service of process" is a somewhat arcane legal doctrine that requires legal papers to be delivered in person by an authorized "process server" to an authorized representative of the subpoenaed party. Because the IETF operates in a distributed, decentralized manner, the preferred recipient of all subpoenas is the IETF's current legal counsel, who is authorized to accept service on behalf of the IETF. If a subpoena intended for the IETF is received by any member of the IETF community, it should be provided as quickly as possible to the IETF legal counsel, currently:
Contreras Legal Strategy LLC P.O. Box 4752 St. Louis, MO 63108 E-mail: email@example.com For Legal Service of Documents : The Internet Society 1775 Wiehle Ave Suite 201 Reston, VA 20190 Telephone: +1-703-439-2120 Fax: +1-703-326-9881
This contact information should be made visible on the IETF web pages, and also be provided to any person who inquires upon whom an IETF subpoena should be served.
Dealing with a subpoena is complex, because you require multiple fields of knowledge - you need legal assistance, you need someone who knows the technology in question (so that you can figure out what is really being asked about), and you need someone who knows how the IETF works, and where relevant information is likely to be found.
As noted above, the IETF Counsel (i.e., lawyer or attorney) is the proper recipient of the subpoena. He will contact the IETF Chair to get the identification of the technology area. Together with the IETF Administrative Director (IAD), they will supervise the formation of a team.
The procedure here creates a team for every subpoena, consisting of:
The legal advisor will lead the team, will advise IETF on compliance with its obligations under the subpoena, and will provide the necessary legal advice for other members of the team to appropriately identify documents responsive to the subpoena.
The technology expert, with the assistance of the legal advisor, will help identify appropriate working groups or individuals who were involved in work relevant to the subpoena, and hence identify the relevant mailing lists and other archives.
The IETF procedure expert will help identify records that are kept by the IETF, either publicly or privately, that may provide the needed material. This is likely to be an AD or ex-AD.
The IAD is responsible for searches in data held by the IETF Trust or the Secretariat that are not publicly available. The IAD will identify a Secretariat contact person, to perform searches in IETF data held by the Secretariat that are not publicly available, but this person is not a primary member of the team.
The team as a whole will be responsible for making decisions regarding IETF's actions in responding to the subpoena, under legal advice and attorney/client privilege.
The section above identifies the actors, and what they are responsible for. This section describes the typical set of actions that are taken while dealing with the subpoena.
The exact strategy for responding to a particular subpoena will be set by the team with the guidance of the legal advisor.
The responsibility of the IETF in responding to a subpoena is limited to producing those documents in its possession, custody or control. It is under no duty to make a request to others for documents not subject to IETF's control at the time it received the subpoena, including documents related to IETF activities that are in the possession, custody, or control of IETF participants acting in their private capacities.
Many subpoenas are initially drafted broadly and request documents that may be unnecessary or beyond the reasonable scope of the litigation, or the production of which would cause undue hardship on IETF or which are otherwise objectionable. If this occurs (as it often does), the legal advisor will work with the team to narrow the scope of the request, either through informal discussions with the issuing party's counsel or through service of formal objections and eventual motion practice in court.
The legal advisor will also work with the team to identify which documents and types of documents should be provided in response to a subpoena. If documents are generally available from public online sources, IETF's counsel may provide links to these sources as a courtesy to counsel for the issuing party. Experience indicates that such a production often satisfies the interest of the party issuing the subpoena. If, however, there is correspondence between IETF officers and counsel, or which has been prepared by IETF's counsel in anticipation of litigation, these documents may be covered by a formal legal privilege, and should not be disclosed. Also, any documents that are eventually produced must be numbered and generally marked as confidential. Thus, it is critical that no documents or information be provided to any third party in response to a subpoena without the guidance and approval of the legal advisor. Indeed, in order to avoid confusion and any possible prejudice to IETF's legal rights, communications with the the party that issued the subpoena should ordinarily be made only through IETF Counsel.
Subpoenas sometimes request that IETF make an IETF representative witness available for depositions or direct testimony in court. Such requests may place a burden on the persons requested to appear, and the legal advisor will work with the team to determine whether and to what extent such requests should be opposed or limited.
This procedure assumes that the procedure and technology experts will volunteer their time as IETF participants, unless they are required to appear at witnesses and incur travel or other expenses, the reimbursement of which will be discussed with the IAD prior to being incurred. The IAD will participate in this process as part of his or her duties. The legal advisor will agree in advance with the IAD whether any charges will be required, or whether the work required can be handled on a pro-bono basis. Any other costs must be approved by the IAD before they are incurred.
The process described in this memo has no direct bearing on the security of the Internet.
It is conceivable that a party might abuse the subpoena mechanism to attempt to obtain material that would reveal private keys, passwords and other security-sensitive material, which could conceivably compromise IETF operations. The IETF will object to such subpoenas and may seek appropriate judicial remedies if the team feels such action would be appropriate.
Harald Alvestrand wrote the original version.
Jorge Contreras and Barbara Fuller gave extensive comments on an earlier, internal version of this draft, and in particular Jorge Contreras contributed significant text to this memo. Michael Spence reviewed it following some practical experience and provided many valuable updates. However, the tone has been kept informal, and all errors are, of course, the authors' responsibility.
January 2007: IONized, more legal comments included
draft-alvestrand-subpoena-01: August 2005: New co-authors, updated to allow for IASA and Trust.
draft-alvestrand-subpoena-00: February 2005: Original version.
|[RFC2026]||Bradner, S., “The Internet Standards Process -- Revision 3,” BCP 9, RFC 2026, October 1996.|
|[RFC3978]||Bradner, S., “IETF Rights in Contributions,” BCP 78, RFC 3978, March 2005.|
|[RFC3979]||Bradner, S., “Intellectual Property Rights in IETF Technology,” BCP 79, RFC 3979, March 2005.|
|[RFC4071]||Austein, R. and B. Wijnen, “Structure of the IETF Administrative Support Activity (IASA),” BCP 101, RFC 4071, April 2005.|
|[RFC4371]||Carpenter, B. and L. Lynch, “BCP 101 Update for IPR Trust,” BCP 101, RFC 4371, January 2006.|
|[RFC4748]||Bradner, S., “RFC 3978 Update to Recognize the IETF Trust,” BCP 78, RFC 4748, October 2006.|