Re: DISCUSSION: archiving of NOMCOM information

[Theodore Tso <tytso@mit.edu>]

My understanding for why the nomcom information was archived was for
the protection of the nomcom members.  The basic issue is this: once
the nomcom is finished with its primary responsibility after the first
IETF meeting of the year, (and my, does it feel good!) they are most
likely done unless someone on IESG or the IAB does something very
uncharitable and dies on us (as happened most recently), or otherwise
creates an opening.  At that point, the nomcom has an unreasonably
short time to find a replacement sucker^H^H^H^H^H^H self-sacrificing
individual willing to volunteer large amounts of his/her professional
life.

If all of the materials collecting during the first three months of
the nomcom were discarded, then there would be no possibility for the
nomcom to be able to do its job in the required time-frame.  However,
if the nomcom members were to hold onto the information, then they
might get sued to release that information, and the expenses for
defending the lawsuit and having lawyers submit motions to keep the
information out of discovery are huge and subtantial.

So, it is for the protection of the nomcom members that all of the
information is archived, and then sent to some organization (which I
believe is currently the secretariat, not the ISOC president, but
whatever), that has enough sharks w/ Armani suits to at least slow
down legal attempts to breach the confidentiaility of the nomcom
records.  After that the records are handed over to the secretariat,
all other copies of the information are destroyed, for the nomcom
members' protection.

Then, if nomcom needs to be activated to refill a position, the
information is sent back to the nomcom chair, who then repopulates the
mailing list archives and resends the pertinent information to the
nomcom members so they can do their job.

This is the only reason that I know of that the information is
archived.  If that is the case, then the retention interval of the
information should be one year --- once the current year's nomcom is
finished, and a new nomcom is appointed, there's no reason to keep the
old records around any longer.  Also, one could argue that perhaps the
ISOC trustee should not have the key to the encrypted archive, but
rather that the key be split using secret-sharing techinques, and sent
to the IAB and IESG chair, plus three other randomly chosen IAB/IESG
members, such that 3 out of the 5 shares must be available in order to
reconstitute the encryption key.

This preserves the confidentiality of the nomcom archives, while still
protecting nomcom members from potentially huge legal fees.
(Remember, the ISOC gives legal insurance to IAB, IESG, and WG chairs,
but not to nomcom members.)

If the are any other reasons why the nomcom information should be
archived for longer than year, I don't know what they might be, and
those who would argue for a longer retention period should state why
they believe it should be necessary.

						- Ted