Subpoenas in the IETF: Procedures

This document describes the IETF's procedures for handling subpoenas served on the IETF. This is an adaptation of the ad-hoc procedures that the IESG has applied for recent such events, taking account of the creation of the IETF Administrative Support Activity (IASA).

Table of Contents

1. Introduction
1.1. Responsibility Issues
2. Legal Basis for Subpoena
3. Procedure
4. Normal Procedure
5. Strategies for Responding to Subpoenas
6. Costs
7. Security Considerations
8. Acknowledgements
Appendix A. Change Log
9. References


1. Introduction

Sometimes, people engaged in lawsuits serve subpoenas on the IETF requesting information. The IETF has good reason to come up with that information when it happens. This document describes how the IETF deals with providing that information while simultaneously protecting its legal rights. It is not a legal text and has no formal status.

This procedure deals with subpoenas served in cases brought in US courts, because that is the only type the IETF so far has to deal with. If the IETF ever has to deal with similar issues in other jurisdictions, this document will have to be updated.

While this document is related to certain IETF process rules, it is not intended to change any of the underlying principles.

Subpoenas received are published online at: http://iaoc.ietf.org/subpoenas.html


1.1. Responsibility Issues

This procedure has been updated following the introduction of IASA [RFC4071] and the IETF Trust [RFC4371]. The persons primarily responsible for action have been updated to includethe IETF Adminstrative Director (IAD) rather than the IETF Secretariat.

It is assumed that, once notified, the IETF's legal counsel is in charge of the process and will take the lead role in responding to subpoenas.


2. Legal Basis for Subpoena

Parties engaged in U.S. litigation relating to technologies that use or incorporate IETF standards may wish to obtain information directly from the IETF, in the form of documents, responses to questions or other tangible items. This is likely to occur when the litigant believes that some activity that occurred within the IETF process[RFC2026], or some intellectual property relating to an IETF standard [RFC3978] [RFC4748] [RFC3979], is directly related to the case in question. The term "documents" is often defined broadly by subpoenas and can include both electronic and hard copy sources.

To obtain such information, the litigant may serve a subpoena on the IETF seeking the information. Subpoenas may also be served by government agencies in criminal prosecutions or agency investigations in which the prosecutor or agency official believes that an IETF activity or standard may be relevant.

Subpoenas carry the authority of the court that issued them, and failure to comply with a subpoena could subject the IETF to charges of contempt of court and other civil and/or criminal penalties. Thus, subpoenas should be addressed seriously and in accordance with the procedures outlined in this document.

In order to be effective, a subpoena must first be "served" on the party to which it is directed. "Service of process" is a somewhat arcane legal doctrine that requires legal papers to be delivered in person by an authorized "process server" to an authorized representative of the subpoenaed party. Because the IETF operates in a distributed, decentralized manner, the preferred recipient of all subpoenas is the Internet Society.

For Legal Service of Documents :

The Internet Society
1775 Wiehle Ave
Suite 201
Reston, VA 20190
Telephone: +1-703-439-2120
Fax: +1-703-326-9881

This contact information should be made visible on the IETF web pages, and also be provided to any person who inquires upon whom an IETF subpoena should be served.


3. Procedure

Dealing with a subpoena is complex, because you require multiple fields of knowledge - you need legal assistance, you need someone who knows the technology in question (so that you can figure out what is really being asked about), and you need someone who knows how the IETF works, and where relevant information is likely to be found.

As noted above, the IETF Counsel (i.e., lawyer or attorney) is the proper recipient of the subpoena. He will contact the IETF Chair to get the identification of the technology area. Together with the IETF Administrative Director (IAD), they will supervise the formation of a team.

The procedure here creates a team for every subpoena, consisting of:

  • A legal advisor, picked by the IETF Counsel. This may be the IETF Counsel in person, or a colleague; it will be a practising attorney providing attorney/client privilege.
  • A technology expert, picked by the Area Director (AD) responsible for the technology for which information is being sought. It may be the AD.
  • A procedure expert, picked by the IETF Chair (or, if the IETF Chair is somehow involved in the case, by the IAB Chair).
  • The IAD.

The legal advisor will lead the team, will advise IETF on compliance with its obligations under the subpoena, and will provide the necessary legal advice for other members of the team to appropriately identify documents responsive to the subpoena.

The technology expert, with the assistance of the legal advisor, will help identify appropriate working groups or individuals who were involved in work relevant to the subpoena, and hence identify the relevant mailing lists and other archives.

The IETF procedure expert will help identify records that are kept by the IETF, either publicly or privately, that may provide the needed material. This is likely to be an AD or ex-AD.

The IAD is responsible for searches in data held by the IETF Trust or the Secretariat that are not publicly available. The IAD will identify a Secretariat contact person, to perform searches in IETF data held by the Secretariat that are not publicly available, but this person is not a primary member of the team.

The team as a whole will be responsible for making decisions regarding IETF's actions in responding to the subpoena, under legal advice and attorney/client privilege.


4. Normal Procedure

The section above identifies the actors, and what they are responsible for. This section describes the typical set of actions that are taken while dealing with the subpoena.

  • The subpoena is served on the IETF Counsel.
  • The IETF Counsel informs the IAD and IETF Chair that it has arrived, and transfers a copy.
  • The IETF Counsel and the IETF Chair determine what the relevant technology area is, and then select the team as quickly as possible.
  • The legal advisor convenes a meeting of the team for a teleconference to review the documents requested by the subpoena, and, with the assistance of the team, determines
    • what types of documents are publicly available
    • what types of documents are not publicly available, but are in the possession, custody, or control, of the IETF and could be produced without undue burden
    • what types of documents are not publicly available, and are in the possession, custody, or control of the IETF, but could not be produced without undue burden (e.g. information from obsolete computer back-up data tapes)
    • documents not within the possession, custody, or control of the IETF.
  • Typically, IETF Counsel will then provide a list of links to publicly available information to counsel for the party issuing the subpoena, make appropriate objections to the subpoena, and seek a cost-sharing agreement for the retrieval and production of documents that would otherwise be unduly burdensome to produce.
  • If necessary, the legal advisor will then contact the IAD regarding searches for additional non-public documents within the possession, custody, or control of the IETF that are responsive to the subpoena and create a plan for the production of such documents including review of the documents for privilege issues prior to production.
  • IETF Counsel, with the assistance of the IAD, will continue to produce responsive, non-objectionable documents on a rolling basis as they become available.

5. Strategies for Responding to Subpoenas

The exact strategy for responding to a particular subpoena will be set by the team with the guidance of the legal advisor.

The responsibility of the IETF in responding to a subpoena is limited to producing those documents in its possession, custody or control. It is under no duty to make a request to others for documents not subject to IETF's control at the time it received the subpoena, including documents related to IETF activities that are in the possession, custody, or control of IETF participants acting in their private capacities.

Many subpoenas are initially drafted broadly and request documents that may be unnecessary or beyond the reasonable scope of the litigation, or the production of which would cause undue hardship on IETF or which are otherwise objectionable. If this occurs (as it often does), the legal advisor will work with the team to narrow the scope of the request, either through informal discussions with the issuing party's counsel or through service of formal objections and eventual motion practice in court.

The legal advisor will also work with the team to identify which documents and types of documents should be provided in response to a subpoena. If documents are generally available from public online sources, IETF's counsel may provide links to these sources as a courtesy to counsel for the issuing party. Experience indicates that such a production often satisfies the interest of the party issuing the subpoena. If, however, there is correspondence between IETF officers and counsel, or which has been prepared by IETF's counsel in anticipation of litigation, these documents may be covered by a formal legal privilege, and should not be disclosed. Also, any documents that are eventually produced must be numbered and generally marked as confidential. Thus, it is critical that no documents or information be provided to any third party in response to a subpoena without the guidance and approval of the legal advisor. Indeed, in order to avoid confusion and any possible prejudice to IETF's legal rights, communications with the the party that issued the subpoena should ordinarily be made only through IETF Counsel.

Subpoenas sometimes request that IETF make an IETF representative witness available for depositions or direct testimony in court. Such requests may place a burden on the persons requested to appear, and the legal advisor will work with the team to determine whether and to what extent such requests should be opposed or limited.


6. Costs

This procedure assumes that the procedure and technology experts will volunteer their time as IETF participants, unless they are required to appear at witnesses and incur travel or other expenses, the reimbursement of which will be discussed with the IAD prior to being incurred. The IAD will participate in this process as part of his or her duties. The legal advisor will agree in advance with the IAD whether any charges will be required, or whether the work required can be handled on a pro-bono basis. Any other costs must be approved by the IAD before they are incurred.


7. Security Considerations

The process described in this memo has no direct bearing on the security of the Internet.

It is conceivable that a party might abuse the subpoena mechanism to attempt to obtain material that would reveal private keys, passwords and other security-sensitive material, which could conceivably compromise IETF operations. The IETF will object to such subpoenas and may seek appropriate judicial remedies if the team feels such action would be appropriate.


8. Acknowledgements

Harald Alvestrand wrote the original version.

Jorge Contreras and Barbara Fuller gave extensive comments on an earlier, internal version of this draft, and in particular Jorge Contreras contributed significant text to this memo. Michael Spence reviewed it following some practical experience and provided many valuable updates. However, the tone has been kept informal, and all errors are, of course, the authors' responsibility.


Appendix A. Change Log

January 2007: IONized, more legal comments included

draft-alvestrand-subpoena-01: August 2005: New co-authors, updated to allow for IASA and Trust.

draft-alvestrand-subpoena-00: February 2005: Original version.


9. References

[RFC2026] Bradner, S., “The Internet Standards Process -- Revision 3,” BCP 9, RFC 2026, October 1996.
[RFC3978] Bradner, S., “IETF Rights in Contributions,” BCP 78, RFC 3978, March 2005.
[RFC3979] Bradner, S., “Intellectual Property Rights in IETF Technology,” BCP 79, RFC 3979, March 2005.
[RFC4071] Austein, R. and B. Wijnen, “Structure of the IETF Administrative Support Activity (IASA),” BCP 101, RFC 4071, April 2005.
[RFC4371] Carpenter, B. and L. Lynch, “BCP 101 Update for IPR Trust,” BCP 101, RFC 4371, January 2006.
[RFC4748] Bradner, S., “RFC 3978 Update to Recognize the IETF Trust,” BCP 78, RFC 4748, October 2006.