The Expert On IP For Internet Protocol: Interview With Scott Bradner

Fluent in both types of IP: Scott Bradner has been an architect of intellectual property (IP) policy for internet protocol (IP) standards.

Scott Bradner receives honor for his long service to the IETF in April. To left: Roland Bless, Karlsruhe Institute of Technology

Scott Bradner is one of the persons revered in the Internet Engineering Task Force (IETF). He is retiring Senior Technology Consultant in the Office of the CTO at Harvard University, Secretary to the Board of Trustees of the Internet Society, and trustee of the American Registry of Internet Numbers. Withdrawing from the IETF after a quarter century, he remains a firm believer in the IETF model of designing technology through an open working group approach. Designer of the original network at Harvard University back in the 1980s, Bradner participated early in the standards body that developed and nurtured the Internet Protocol kicking off what is known today as the “digital revolution.” Bradner was instrumental in standardising IPv6, the next generation IP protocol, and also an early debate of the technologists about surveillance, the so-called “Raven Debate.” He also shaped the intellectual property policies for the IETF. Monika Ermert for Intellectual Property Watch spoke to him recently about the changes in IP rules for IP standards.

Intellectual Property Watch: When you compare your first IETF meeting, IETF 16 in Tallahassee, Florida, to the last one IETF 95 in Buenos Aires in March, what is the difference?

SCOTT BRADNER: In Tallahassee, there were only a couple of hundred people there. There were not very many working groups and I was just a random kid coming to look at things. I did not have any particular knowledge on what was going on, so I just went into the rooms, sat down and listened. The first working group meeting I went to was the dynamic host configuration protocol. That still runs today.

IPW: … and it was pretty geeky back then.

BRADNER: It was pretty geeky. There were fewer observers, in the sense of people coming, sent by their companies sending them there, just to see what is going on. I got quite immediately into talking about the issues. Some of the people immediately took me under their wings and we went off to a restaurant to discuss how to do a particular technical thing. It felt very good to be included in that.

I had co-founded a local regional network with MIT [Massachusetts Institute of Technology] and Boston University and was the technical head of that network. So I was worried about the routing technologies and the internet in general and using of the internet protocol since the late eighties within Harvard. And this was the place to talk about it.

IPW: One of your draft IETF documents – Requests for Comment or RFCs – is on its way to publication. It is a revision of the RFC 3979, the patent policy of the IETF. You have done several reviews over the years, what are the main changes this time?

BRADNER: Clarification of IETF ‘participant’ – the requirement has been that if you are a participant then you have to disclose any patents that you know of that you or your employer benefits from. But the definition of participating has been fuzzy.

We came up with this idea if you are participating in a discussion then you have to disclose any IPR, any patents you know of.

From the very beginning when I started working on this in 1994, the assumption was that we have to deal with people in the IETF who are not permitted to disclose patent applications or sometimes even patents. We did not want to lose them in other things. But we did not want them trying to affect the progress of a particular standard without telling us. So we came up with this idea if you are participating in a discussion then you have to disclose any IPR, any patents you know of. If you are not participating you can sit on your hands and that is ok. We don’t require you to tell us about things where you do not affect the standards process. But we never really defined what participation meant and the revision clarifies it.

IPW: Participating means to be in the room, doesn’t it?

BRADNER: No. That has never been the case. You can sit in the room and listen all you want. You can’t do anything. Because it was not clear so far, you could sit in the room and raise your hand during a show of hands. Maybe you thought you could do that. Now it says you can’t do that.

IPW: More generally, is there a difference in how companies look at IP now, compared to 20 years ago?

BRADNER: No, not really. Patent suites are certainly more common now than they were 20 years ago. But they are not new. There are more non-practicing entities working on the space. So they don’t actually manufacture or offer any services. All they do is try to enforce patents and get patent royalties out of it. So the picture has changed but the underlying thing is there are patents. There will always be patents. If you have gone out and spent a lot of time developing something and it is really innovative, then you want some way to keep copycats off. And that is what the patent system is about. It is in the US Constitution. To further the useful arts, inventors get the exclusive rights to their inventions for a certain time.

And it is an important function. You can’t have an R&D effort that spends hundreds of millions of dollars developing something and somebody else runs off with it and does it for ten dollars. Then who is gonna spend the money for the R&D. It is a very important concept.

The problems have been in the quality of patents – they are written in a way that reads very broadly – and in the patent office’s lack of ability to find out if something already was invented or was just very obvious.

The problems have been in the quality of patents – they are written in a way that reads very broadly – and in the patent office’s lack of ability to find out if something already was invented or was just very obvious. That is changing in the US to some degree from Supreme Court decisions and from the revision of the law. That makes some of the challenges easier. But it is still a very real issue and it is not going to go away.

IPW: How does the IP policy of IETF differ from other standards bodies?

BRADNER: Biggest difference is that we leave it up to the working group. So the disclosure requirement is universal. Everybody says you have to disclose. All of the standards bodies say that. There are exceptions where you don’t have to, but basically all say you have to disclose.

But most standard bodies say if your disclosure says something along the lines of ‘I will licence this under fair and non-discriminatory policies’, then the question of something is patented is taken off the table, because the patent holder says it’s only fair. We don’t do it that way. And the World Wide Web Consortium goes the other direction which is if there is a patent and they do not say they licence it for free we will not standardize.

We do not say we will only develop non-patented stuff, and we don’t say just because you say you’re going to be fair that it’s ok. We let the working group decide.

We don’t do either of those extremes. We do not say we will only develop non-patented stuff, and we don’t say just because you say you’re going to be fair that it’s ok. We’re in between. We let the working group think about, and let the working group decide, if this particular technology with the fact that it’s patented – whatever the licensing characteristics are, whether it’s open, whether they claim to be fair or they don’t say anything at all – the working group can look at it and say it’s the right technology. They don’t have to discard something just because it has a patent and they don’t have to include it just because it has a RAND, a fair and non-discriminatory clause, to it.

The only blanket type of IPR disclosure you can make is where you say all is free. If you say ‘we licence fair and non-discriminatory’ you still have to tell us about each. That is a real difference between us and other standards bodies.

A minor other difference is that in many standards bodies a company like IBM can say we will licence all of our patents fair and non-discriminatory. Therefore, they will not have to disclose individual ones. We don’t accept that. Because the individual working group is working on individual standards, the only blanket type of IPR disclosure you can make is where you say all is free. ‘We have a lot of patents, but if they are involved in IETF standards anybody can get them for free.’ That’s a blanket one where you don’t have to disclose individual patents. But if you say we licence fair and non-discriminatory you still have to tell us about each. That is a real difference between us and other standards bodies.

IPW: The IETF recently saw a discussion about the question of how an IETF RFC document on the much-applauded anti-harassment policy could be shared without violating copyright. That resulted in a question of whether the IETF IPR regime needed another review.

BRADNER: That was concerning copyright. We have split rules for copyright and patent disclosure. Copyright is dealt with in a separate document, RFC 3978. Patents are RFC 3979. It used to be together in RFC 2026, but we split it up. With regard to copyright, what came up during the revision of 3978 and was discussed very thoroughly was the question: should standards be open source? Open source software says you can take it, you can modify it, you can do anything you want with it. Should you be able to do that with standards themselves? And if you can, what is the purpose of standards bodies?

Open source software says you can take it, you can modify it, you can do anything you want with it. Should you be able to do that with standards themselves? And if you can, what is the purpose of standards bodies?

IPW: That would allow the ITU [UN International Telecommunication Union] to change Multiprotocol Label Switching, an IETF standard to shape and speed up network traffic, correct? There was a considerable fight between the ITU and the IETF over an ITU MPLS standard.

BRADNER: Yes. It would also allow the random hacker to do it. And that is a fundamentally different approach to things. We had a very thorough discussion and the conclusion, while we had some passionate people on both sides, was to stick with what is, and only a very slight change from what RFC 2026 had. 2026 said that derivative works can be done in the IETF process. In the latest version of the copyright document you have to give up derivative rights to the IETF Trust under the default condition that they are only exercised within the IETF. But the IETF Trust does have the authority to tell others that it is ok.

In the latest version of the [IETF] copyright document you have to give up derivative rights to the IETF Trust under the default condition that they are only exercised within the IETF.

So for example we had some Ethernet MIPS – some management thing for Ethernet – and the IETF did not have the energy to work on it, but IEEE did. We wanted to hand them over to the IEEE so we would not have to do it ourselves. Under the old regime we had to get the authors of the document to agree that that was ok. Under the new regime you hand that authority to the IETF Trust. So the IETF Trust can do it, rather than wait for the authors.

IPW: That shifts the change control from authors to the IETF?

BRADNER: Only for the IETF version. All you are doing when you are publishing something in the IETF is you’re giving the IETF the perpetual permission to publish it and the perpetual permission for others within the IETF to make derivative works. All other rights will stay with you. You can turn it into a great American novel, into a great Chinese novel or into a cookbook. You can make what you want. We do not care, it is not part of our control. So unlike some standards bodies where you hand over all copyrights we don’t do that. You retain all rights. You can give it away to anybody. And that is fine.

Unlike some standards bodies where you hand over all copyrights we don’t do that. You retain all rights.

But with regard to your particular question, there is a clause in 3978 which says that you can’t have more than one copyright statement. That was because we had a few cases where somebody put in a second copyright statement of their own, and it contradicted the IETF one. And if you got two, one says a and the other says b, which one do you believe? So we said, no, you can only have one.

Maybe it is time to think about that separately and have something where somebody could put in the IETF copyright, actually the Internet Society copyright (the ISOC acts as a legal entity for the unincorporated IETF), and in addition put something else in that said ‘open’. But that particular proposal was not made, when we were doing the original. There is no reason for it not to be done that way. But we have a rule set that we should follow until we change it.

Maybe it is time to think about that separately and have something where somebody could put in the IETF copyright, actually the Internet Society copyright, and in addition put something else in that said ‘open’.

IPW: There are those saying the IETF copyright should be more open.

BRADNER: Well, that is a real question. If it is open, as you say, the ITU could go and change MPLS. Is that what we want? Do we want something where [other] standards bodies or another individual can go off and change the protocol in ways that are not compatible? The ITU’s changes were not compatible. You could not run the IETF’s MPLS and the ITU’s MPLS in the same network. Is that a good idea?

Do we want something where [other] standards bodies or another individual can go off and change the protocol in ways that are not compatible?

We had a bunch of discussion about this exclusivity thing and this ‘change control’. It is about excluding others from getting a codepoint from IANA [Internet Assigned Numbers Authority]. We have done that for a long time because we have seen a problem. The perfect example is Microsoft. The IETF, mainly the MIT, through the IETF, came up with a version of Kerberos, a security standard. One of the fields said there were no restrictions on how you can use it. Microsoft used it, completely legitimate. But that meant Microsoft’s implementation of Kerberos would not interoperate with anybody else’s. Embrace and extend was the term that was used.

We have been putting some controls on that. If you want to get a protocol parameter for an IETF protocol you need to go through an IETF process. You have to have expert review or IETF standards action – that was for real, it was put there for a purpose. It was put there to limit the randomness of others to extend IETF protocols in ways that are incompatible or exclusive. Cause we got burned by it.

IPW: Are standards still important, when you have a trend to go for open source developments which are fast and very well received….

BRADNER: It is a collective wisdom. This is what differentiates the IETF from a lot of standards bodies. In open source the collective wisdom is one. One implementer can be the source of wisdom.

No one can understand all the ramifications himself. They can’t understand security and congestion and everything. You have a working group, you generally have a small group of a like-minded people working on a problem. They don’t have general expertise. They will get the security wrong, the flow control wrong or get the management wrong. Because they just do not have the experience. In most standards bodies the output of the standards body is the work of the working group.

In the IETF, you have the work of the working group going to IESG [the Internet Engineering Steering Group, which reviews the draft standards in the IETF process] which then does a general call for input for the community and also does an internal technical review, a cross area technical review. So that if the security people see that this thing does not have security, they can say go back and give us some security. That’s a different thing. So that is what the standards process is about. It is providing collective wisdom rather than somebody gets it wrong.

That is what the standards process is about. It is providing collective wisdom rather than somebody gets it wrong.

This is the whole thing about encryption protocols. If you say, ‘I got this private nobody-can-know-what encryption protocol’, it is garbage. You know it is garbage. Because the only way to develop crypto standards is in a public forum. So nobody is good to get every detail right. Even some very, very good people got details wrong with crypto. It is the same thing for any kind of standard. If it is more than the standard for turning on a lightbulb it is going to have to have people who understand the different components of it. And no one person can do that and open source just makes the assumption that one person can.

The only way to develop crypto standards is in a public forum. Even some very, very good people got details wrong with crypto. It is the same thing for any kind of standard.

IPW: Is this a traditional form of crowdsourcing?

BRADNER: But it is crowdsourcing with an enforced agreement process. Crowdsourcing per se can get wicked, so that you can’t read, because it is too chaotic. The standards process is a way to come up with a collective understanding of what the right way to do something is – and right means secure and performant and having all the other components, that no individual or small group of individuals or design team is likely to come up with.

Crowdsourcing per se can get wicked, so that you can’t read, because it is too chaotic. The standards process is a way to come up with a collective understanding.

Certainly a huge amount of advancement has been done with the open source community and that sort of thing, but the best are things like Linux where we got a dictator saying what can go in and what not. If it is completely open, it can work, but there is going to be design flaws. So it goes to the fundamental role of standards bodies. Do you want the collective wisdom or is the individual sufficient.

The best are things like Linux where we got a dictator saying what can go in and what not. If it is completely open, it can work, but there is going to be design flaws. So it goes to the fundamental role of standards bodies. Do you want the collective wisdom or is the individual sufficient.

IPW: Scott, thank you very much.

Image Credits: IETF