David Berlind reported that Larry Rosen has sent a letter to the IETF raising concerns "regarding the formalization of a policy that paves the way for patented technologies to become IETF standards."
We went through this debate two years ago when OASIS revised their IPR policy. These are GOOD policies. A salient quote from that two year old post:
The customer of a standards organization is its members. The standards organization is a market oriented discussion forum where like-minded expert and experienced participants come together to agree on a specification that will enable multiple implementations of something. In a perfect world it expands the overall market for a technology by creating a commodity of one component of that technology market. This is why there are so many different standards organizations spanning the multifaceted marketplace. If you're a member of OASIS, then join the discussion, debate the question, and vote. If you're not a member, you aren't a customer, and you don't actually have a say. That is the way standards works.
Most of the people that develop standards are vendors. Consumers want standards because they understand successful standards have multiple implementations, and that will mean competition. But they typically have little to do with developing the standards because they have neither the technology expertise nor the inclination. They don't care what the standard is, but they do care that it exists.
The customers of the actual standard are its implementors, but the key here is that interested implementors participate. This is no different than the community of interest involved in a free or open source software project.
The engineers and developers in standards organizations are generally funded by vendors and universities and these organizations are intellectual property owners.
Larry raises his concerns with RFC3978. The more interesting document is RFC3979 ("Intellectual Property Rights in IETF Technology"). There are a couple of key quotes reflecting the extreme sanity of the group of people that have successfully delivered (and continue to deliver) the standards that enable people to read this post. The most interesting sections are:
- 4.1 No Determination of Reasonable and Non-discriminatory Terms
- 6.5 What Licensing Information to Detail in a Disclosure
- 8. Evaluating Alternative Technologies in IETF Working Groups
I've included the full sections below for reference. These are eminently reasonable rules for the engineers and developers
that come together to develop the standards that define our on-line
life. They reflect the reality of the marketplace, and the deep
experience this organization has through 20+ years of developing these
critical standards.
Standards do not happen in a vacuum. They happen in processes that are under the microscope to ensure fair play and participation during their development, and to ensure sufficient transparency to prevent vendor collusion. They happen in a marketplace of vendors competing for customers at a point when the technology has matured and can best be abstracted.
Some of these participants have intellectual property. (Some of those same intellectual property holders are free and open source software contributors.) If you prevent them from participating through onerous rules, then two things happen and neither is good.
First, you lose critical engineering experience and expertise and the resulting standard (therefore all its implementations) will be poorer for it. Second, you force them to sit outside waiting for the standard to land such that they can tax it. Having them in the standards working group negotiating in transparent conversations is a much better situation for everyone involved.
Pax.
The interesting bits of RFC3979:
4.1. No Determination of Reasonable and Non-discriminatory Terms
The IESG will not make any explicit determination that the assurance
of reasonable and non-discriminatory terms or any other terms for the
use of an Implementing Technology has been fulfilled in practice. It
will instead apply the normal requirements for the advancement of
Internet Standards. If the two unrelated implementations of the
specification that are required to advance from Proposed Standard to
Draft Standard have been produced by different organizations or
individuals, or if the "significant implementation and successful
operational experience" required to advance from Draft Standard to
Standard has been achieved, the IESG will presume that the terms are
reasonable and to some degree non-discriminatory. (See RFC 2026,
Section 4.1.3.) Note that this also applies to the case where
multiple implementers have concluded that no licensing is required.
This presumption may be challenged at any time, including during the
Last-Call period by sending email to the IESG.
6.5. What Licensing Information to Detail in a Disclosure
Since IPR disclosures will be used by IETF working groups during
their evaluation of alternative technical solutions, it is helpful if
an IPR disclosure includes information about licensing of the IPR in
case Implementing Technologies require a license. Specifically, it
is helpful to indicate whether, upon approval by the IESG for
publication as RFCs of the relevant IETF specification(s), all
persons will be able to obtain the right to implement, use,
distribute and exercise other rights with respect to an Implementing
Technology a) under a royalty-free and otherwise reasonable and non-
discriminatory license, or b) under a license that contains
reasonable and non-discriminatory terms and conditions, including a
reasonable royalty or other payment, or c) without the need to obtain
a license from the IPR holder.
The inclusion of licensing information in IPR disclosures is not
mandatory but it is encouraged so that the working groups will have
as much information as they can during their deliberations. If the
inclusion of licensing information in an IPR disclosure would
significantly delay its submission it is quite reasonable to submit a
disclosure without licensing information and then submit a new
disclosure when the licensing information becomes available.
8. Evaluating Alternative Technologies in IETF Working Groups
In general, IETF working groups prefer technologies with no known IPR
claims or, for technologies with claims against them, an offer of
royalty-free licensing. But IETF working groups have the discretion
to adopt technology with a commitment of fair and non-discriminatory
terms, or even with no licensing commitment, if they feel that this
technology is superior enough to alternatives with fewer IPR claims
or free licensing to outweigh the potential cost of the licenses.
Over the last few years the IETF has adopted stricter requirements
for some security technologies. It has become common to have a
mandatory-to-implement security technology in IETF technology
specifications. This is to ensure that there will be at least one
common security technology present in all implementations of such a
specification that can be used in all cases. This does not limit the
specification from including other security technologies, the use of
which could be negotiated between implementations. An IETF consensus
has developed that no mandatory-to-implement security technology can
be specified in an IETF specification unless it has no known IPR
claims against it or a royalty-free license is available to
implementers of the specification unless there is a very good reason
to do so. This limitation does not extend to other security
technologies in the same specification if they are not listed as
mandatory-to-implement.
It should also be noted that the absence of IPR disclosures is not
the same thing as the knowledge that there will be no IPR claims in
the future. People or organizations not currently involved in the
IETF or people or organizations that discover IPR they feel to be
relevant in their patent portfolios can make IPR disclosures at any
time.
It should also be noted that the validity and enforceability of any
IPR may be challenged for legitimate reasons, and the mere existence
of an IPR disclosure should not automatically be taken to mean that
the disclosed IPR is valid or enforceable. Although the IETF can
make no actual determination of validity, enforceability or
applicability of any particular IPR claim, it is reasonable that a
working group will take into account on their own opinions of the
validity, enforceability or applicability of Intellectual Property
Rights in their evaluation of alternative technologies.
Comments