Final response to meeting venue consultations

Summary

The IETF Administration LLC (IETF LLC) has considered the concerns expressed about travel to some countries, particularly China and Malaysia, and while it recognises that some of these are well founded, it does not believe that, on the whole, these are sufficient reasons to exclude those countries.

The IETF LLC will therefore include those in the pool of potential countries to visit and may plan IETF meetings in both, though with a frequency that maintains compliance with the core values set out in BCP 226. In the near-term, based on feedback sought for specific cities, this means we will consider Beijing, Shenzhen, and Kuala Lumpur. 

Key issues

Entry into a country for an IETF Meeting

There are multiple countries where citizens from another country are either explicitly denied entry, or in practice cannot reasonably obtain visas, are not allowed to visit due to “self-imposed” corporate policies, or are advised against visiting by their home (origin country) government.

There are those who are, quite understandably, frustrated and upset that their nation is discriminated against, either explicitly by an entry ban, or implicitly by an excessively long and/or arbitrary visa process.  

Separately, there are those who argue that “self-imposed” restrictions (such as corporate travel restrictions or special travel device policies) are rational responses to the conditions within the destination country and if they impact a sufficiently large number of people, should be considered disqualifiers for that destination country.  

The issue of origin country restrictions (such as the U.S. State Department travel advisories) is divisive, with some considering them objective, proportionate and trustworthy advice, while others consider them politically motivated, exaggerations of minor issues and/or untrustworthy.  Again, there are those that argue that if origin restrictions impact a sufficiently large number of people, they should be considered disqualifiers for a destination country.

The current venue assessment process considers restrictions imposed by the destination country and restrictions imposed by the origin country of participants, but does not consider “self-imposed” restrictions.  Destination country restrictions are only considered a disqualifier for that country if they are likely to impact more than 20% of potential onsite participants, using historical data of onsite participation. Source country restrictions are limited to U.S. State Department travel advisories because the IETF LLC is a U.S. corporation and needs to carefully consider its legal position as such.

Personal safety/experience

There is a strong disconnect between the conditions that some have experienced personally in a particular city, and the researched assessment of those conditions at a country-wide level.  This is particularly acute around the personal demographics of gender, sexual orientation and religion.

The current venue assessment process uses indices published by independent bodies who assess conditions in all countries using the same assessment methodology.  It is recognised that this approach does not always reflect the conditions in a specific city and so there is the option for local exceptions to be applied.  However, this exception process has no clear structure around it.

Security of devices

A number of participants have raised strong concerns for the security of their devices when visiting certain countries (more than one country was referenced).  The specific threats identified include being forced to hand over passwords at the border and having spyware secretly installed on devices by state actors.  Other participants consider these to be unsubstantiated or disproportionate concerns, while others consider these are sufficiently widespread to be a risk with any country.

The current venue assessment process does not consider these concerns.

Current policy and implementation

RFC 8718 (BCP 226), which sets out the community policy for the selection of meeting venues, has multiple levels of guidance for the IETF Administration LLC, including core values, explicit non-objectives, mandatory criteria and important criteria.  There are two highly relevant core values:

Inclusiveness:

We would like to facilitate the on-site or remote participation of anyone who wants to be involved. Widespread participation contributes to the diversity of perspectives represented in the working sessions.

Every country has limits on who it will permit within its borders. However, the IETF seeks to:

1. Minimize situations in which onerous entry regulations inhibit, discourage, or prevent participants from attending meetings; failing that, meeting locations are to be distributed such that onerous entry regulations are not always experienced by the same attendees; and
2. Avoid meeting in countries with laws that effectively exclude people on the basis of race, ethnicity, religion, gender, sexual orientation, national origin, citizenship, or gender identity.

Where we meet:

We meet in different global locations, in order to spread the difficulty and cost of travel among active participants, balancing travel time and expense across participants based in various regions. Our regional location policy is articulated in [RFC8719]

There are also two relevant explicit non-objectives, “Politics” and “Maximal attendance”:

Politics:

Endorsing or condemning particular countries, political paradigms, laws, regulations, or policies.

Maximal attendance:

While the IETF strives to be as inclusive as possible, both online and in person, maximal meeting attendance in and of itself is not a goal. It would defeat a key goal of meeting if active contributors with differing points of view did not have the opportunity to resolve their disagreements, no matter how full the rooms.

The IETF LLC notes that it is inherently impossible to resolve the objective of “Avoid meeting in countries with laws that …” and the explicit non-objective of “Endorsing or condemning particular countries, political paradigms, laws, regulations, or policies.”

The current venue selection process uses an assessment of each country against well defined criteria based on the guidance in RFC 8718.  

Detailed Response

Analysis

There are no countries that do not present some group or other of IETF participants with significant barriers to entry, whether those barriers are created by visa regulations, local laws or government activity. 

The IETF LLC has investigated the possibility of meeting in a fixed set of countries, however small, that satisfy the criteria of BCP 226 and are acceptable/open to a very high percentage of IETF participants, so as to minimize the number of people who are prevented from onsite participation. However, investigation into potential candidate countries shows that this is not feasible.

Therefore, the IETF LLC needs to ensure that there is a sufficient pool of countries to “distribute the pain” in a fair and proportionate manner.

The IETF LLC fully recognizes that this means that IETF meetings will, on occasion, be held in countries/cities that a sizable number of regular IETF participants will not be able or not willing, to visit.  However, it considers that this is necessary to be compliant with the core values in BCP 226, and to the broader benefit of the IETF.

The IETF LLC also recognizes that this may in turn impact the nature of these meetings, but considers that this is addressed by the explicit confirmation of the IESG that the meeting will address the core objective of “Why we meet”. 

Assessing security of devices

The IETF LLC has carefully considered the issue of security of devices and notes that this is highly subjective; there is no official recognition of this as a problem in US State Department travel advisories; and, these claims are made about travel to many countries including those with the largest communities of IETF participants.  The IETF LLC will continue to not include this in its assessment of meeting venues.  

New assessment process

The current assessment process cannot resolve the conflicting views summarized above and likely contributes to the strength of disagreement by the way it defines criteria to assess specific issues. Consequently, the IETF LLC will change the way it assesses meeting venues.

This change will not affect how the meeting space and hotels are chosen, those will continue to comply with the mandatory criteria and the important criteria, following the guidance set in RFC 8178. 

When considering the country/city the IETF might meet in, the new process will now only assess the following (in addition to the necessary logistical considerations):

1. Discrimination:
   1. A proposed city will be considered unsuitable for an IETF meeting if there is a level of discrimination, legal or social, against people on the basis of race, ethnicity, religion, gender, sexual orientation or gender identity, such that it is not considered safe.  This will be assessed using, as much as possible, the lived experience of IETF participants and not external assessments.  This will require the IETF LLC to protect against abuse or the inability of local people to share their experiences safely. 
   2. A proposed country will be considered unsuitable for an IETF meeting if it has discriminatory entry rules/processes on the basis of race, ethnicity, religion, gender, sexual orientation or gender identity. 
   3. A proposed country will not be considered unsuitable for an IETF meeting if it has discriminatory entry rules/processes on the basis of national origin or citizenship, but the overall selection of venues will comply with the guidance “meeting locations are to be distributed such that onerous entry regulations are not always experienced by the same attendees”.
2. Safety of participants in the chosen city.  Any city considered unsafe for any reason, such as infectious diseases, war or violent demonstrations, will be deemed unsuitable.
3. Viability for the IETF LLC.  This will include
   1. Sufficient staffing
   2. Appropriate insurances
   3. Financial viability.
4. Explicitly confirming with the IESG that the core objective from RFC 8718 of “Why we meet” will be met.