Adding antitrust-pol...@ietf.org; but I'm replying to a tls@ietf.org
message, and the antitrust issues here are clearly relevant to an
ongoing TLS discussion, so I'm also keeping tls@ietf.org.
Rob Sayre writes:
> I think you can find Brad Biddle saying "the process is fine" about all of
> these legal issues on YouTube. But, he did have to take the time to address
> the point, so I can see why it might come up again.
He claimed in 2021 that "Our current antitrust compliance strategy is
solid", but IETF LLC admitted in
https://mailarchive.ietf.org/arch/msg/antitrust-policy/f1iHM9p8N-U8p_pXen2ruDqjPPQ/
that other lawyers say he's simply wrong: "we received private feedback
from other lawyers that, from the perspective of antitrust litigators,
our current processes and procedures would not provide strong mitigation
of antitrust risk and that could only be achieved with a detailed
compliance policy".
Notice the word "not". Or simply check the actual antitrust rules for
standardization organizations in, e.g.,
https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52011XC0114(04)
https://obamawhitehouse.archives.gov/omb/circulars_a119
(where https://uscode.house.gov/statutes/pl/108/237.pdf gives power to
OMB A-119 under antitrust law) and see for yourself the rules that IETF
_clearly_ flunks, such as "each objector is advised of the disposition
of his or her objection(s) and the reasons why" and "the organisations
would also need to have objective and non-discriminatory procedures for
allocating voting rights as well as, if relevant, objective criteria for
selecting the technology to be included in the standard".
Why, then, do we have IETF LLC sounding convinced that everything is
fine? This is partially explained in the first link above: in short, the
corporation found yet another lawyer to review
https://www.ietf.org/blog/ietf-llc-statement-competition-law-issues/
and to say that it sounded fine.
Given the documented disagreement between lawyers on this topic, you'd
think that the corporation (1) would refrain from portraying its
position as something non-controversial and (2) would try hard to
understand _why_ the lawyers are coming to different conclusions.
Did the review consider the specific rules for standards-development
organizations? Did it consider US law _and_ EU law? One can't tell from
the information provided. But what one can see is that the last link
above makes various claims that will be debunked in court. For example:
* "Participants engage in their individual capacity, not as company
representatives." (Counterexample: See the Cisco incident in this
TLS discussion, condoned by IETF LLC and by the WG chairs.)
* "IETF procedural rules, which include robust appeal options, are
well-documented in public materials, and rigorously followed."
(Counterexample: This Kyber/ML-KEM spec simply ignores BCP 79.)
* "IETF activities are conducted with extreme transparency, in
public forums." (Many IETF activities are public, but the
back-room deals aren't. The reason such deals can influence IETF
decisions is that IETF doesn't follow objective procedures.)
* "Decision-making requires achieving broad consensus via these
public processes." (No, not with the OMB A-119 definition of
consensus.)
* "IETF participants use their best engineering judgment to find the
best solution for the whole Internet, not just the best solution
for any particular network, technology, vendor, or user." (In this
TLS discussion we've seen ~"do it because NSA wants it", ~"do it
because I want it", and non-response to engineering objections.)
In other words, the lawyer who thought things were fine was reviewing a
fictional version of IETF. A lawyer starting from the facts of how IETF
actually operates would naturally end up with a different conclusion.
---D. J. Bernstein
_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org
