Dispute filing from case a20090518.1 

Against what mandated in the AP people is still getting 150 points from the TTP programme which is (in theory) frozen until we get a sub-policy, and when it was supposed to be limited to 100 points.

Dispute filing from 2009-11-18 

on 11-11-2009 i got a message via the cacert-support-list with the following content:

from:    website-form@cacert.org schrieb:

> > From: S* H*
> > Email: s*@h*
> > Subject: Rounding down of assurance points
> >
> > Message:
> > Hi,
> >
> > I used the TTP method to get assured. When it was put into the
system, the points awarded to me were rounded down (see mail copied in below).
> >
> > Aside from becoming an assurer myself, are there any other benefits
of becoming assured. At this point, I've been assuming that when I get enough points, certificates I generate will then actually contain my name (not just CaCert WoT user); it this correct?
> >
> > You are receiving this email because you have been assured by Robert
Cruikshank (robert@cruikshanks.net).
> >
> > You were issued 150 points however the system has rounded this down
to 35 and you now have 35 points in total.
> >
> > Best regards
> > CAcert Support Team

(i replaced the name of the assuree with * to keep the data-protection. you may take a look in the support-mailing-list to find his name ... but his name is not the main point in these disputes)

however ... in detail:

i want to file a dispute against several people:

(1)     against robert c. ... as i did in dispute a20090518.1
        maybe you can add this dispute to this case ...
(background: robert gives 150 points for ttp-assurances while the ttp-program is frozen and the assurance policy allowes 50 points per assurance only)

(2)     against sebastian k. ... since he is the arbitrator in the
above case ... and did not rule anything since may to ensure, that ttp is frozen.

(3)     against philipp g. ... since he made changes to the system,
which avoid correct ttp-assurances by rounding down the points to 35 instead of 50

------------------

when processing these cases, i want the arbitrator to re-check the ttp-assurances made since the ttp-program was frozen, because i think, that there will be some more ttp-assurances in the time between may and november. (i don't want to know the number or names ... i simply want to act cacert according to the assurance policy).

according the dispute against sebastian take care, that the time-frame is MUCH TOO LONG ... especially in this case, where assurances were made AGAINST the assurance policy. there may be other cases (date-of-birth, additional name) where it doesn't care, if the case is ruled a week or month earlier or later.

according the dispute against philipp this is a small bug, which causes no acts against the assurance policy ... but think about bugs, which may cause possible actions against the assurance policy. in my eyes there should be no modifications possible at the web-server without a second person checking the patch being implemented. (hint: i don't want to rule, since i'm no arbitrator ... it's just MY humble opinion as a normal cacert-user)

according the email-adresses of the three users in this mail: these email-adresses should be well-known to any cacert-member, arbitrator etc.

according a20090518.1 there had been changes in the wiki-entry in may ... since then nothing happened there ... now we have november. the only change there was an entry in october where ulrich stepped in as case manager. there had been no answer to his request by the arbitrator or former case manager until now ...

have a nice day

ps: ... and yes ... i accept the CCA ...

Additional Dispute filing 

Hello Arbitrators,

herby I file dispute against Robert C.. He made a false
assurance. Checking Stig E. <email anonymized> I found the following
assurance:

-----------------------------------------------------------------
Assurance Punkte

Datum   Wer     E-Mail  Punkte  Ort     Methode

<date> <time> Robert C. <email anonymized> 35   TTP
Face to Face Meeting

Punkte insgesamt:       35      
---------------------------------------------------------------

Please regard the place "TTP" and Method "Face to Face Meeting"! From
the context below I assume that Robert and Stig never met face to face.

Regards, Werner Dworak

I've got a support request by someone who wanted code-signing 
activated on his account.
Included in his mail was the confirmation mail from Robert Cruikshank 
detailing a TTP assurance per 21st of September 2009. (Relation to 
a20091118.1)

Upon looking at his trust points I noticed only the one TTP assurance 
by Robert. No others given nor received.

The question is, can I give him code-signing on his account? As it 
would be based on a flawed (illegal) assurance.

Before: Arbitrator name arbitor (A), Respondent: Robert Cruikshank (R1), SebastianKueppers (R2), Philipp Gühring (R3) , Claimant: Dirk Astrath (C1), Werner Dworak (C2), Joost Steijlen (C3), Case: a20091118.1

History Log

> To the Sysadmin team:
> please add also the note on the main website page
> _https://secure.cacert.org/wot.php?id=4_
> => /pages/wot/4.php
> or if this isn't possible remove this page completely.

Done, on December 4, 2009. See also:
https://lists.cacert.org/wws/arc/cacert-systemlog/2009-12/msg00005.html

> This intermediate ruling is based on the board motions
>   * _https://community.cacert.org/board/motions.php?motion=m20090912.1_
> that freezes this program and
>   * _https://community.cacert.org/board/motions.php?motion=m20090914.2_
> take it in effect.
> If there are other pages around on the main website, handle it according.

If there are any other pages which require this modification, please
report them specifically, and we will handle them.

Intermediate Rulings

Intermediate Ruling 1

To the wiki admins: Add on all TTP assurance pages on top a warning, that the program is actualy frozen like on all wiki pages:

Note that the TTP programme is effectively Frozen

Until a subsidiary policy under AP is written, it is against AP rules.

To the Sysadmin team: please add also the note on the main website page https://secure.cacert.org/wot.php?id=4 => /pages/wot/4.php or if this isn't possible remove this page completely. This intermediate ruling is based on the board motions

If there are other pages around on the main website, handle it according.

To the Board: A blog notify hasn't been published yet that exactly states, that the TTP program is frozen right now. Please publish or order publishing an article about that motion that says, that the TTP program is frozen, asap.

Frankfurt/M. Dec 4th 2009

Comment: Users can get the impression, that the TTP progam is activly running. On uncounted number of pages on the main site and on the wiki site there are informations where and how to use TTP, but only a view pages has a remark, that the program is frozen. TTP Forms are available everywhere without a remark, that this TTP program is frozen. Also there was no announcement by mailing or an article on the blog that states, that this special assurance program is stopped. This needs to be fixed until a subpolicy for this special assurance program has been shifted to Draft and therefor in State Policy. As there is no release date available for such a policy, the hard work needs to be done. Label all occurences to the TTP program with the info, that the program is actualy frozen. Mailing out this info to the community members isn't appropriate, but such a solid cut in the assurance program needs an announcement on the blog and this can be done easily.

Intermediate Ruling 2

I hereby order that this case has to be split in 3 parts, as of complexity.

have to be seperated to individual case numbers.

Frankfurt/M. Dec 4th 2009

Comment: leaving all 3 issues in one case forces stalling this arbitration case. Seperation is an alternate solution to prevent this. The dispute against an arbitrator is limited to this special case only so it can be handled individualy. The same happens with the code modification dispute which can be handled without direct relation to the usage of the TTP program. This question is another one. Its also possible that one of the sub-disputes can be dismissed, and other sub-disputes still continues.

Intermediate Ruling 3

from my review also following pages needs such a modificaction:

https://secure.cacert.org/wot.php?id=2 /pages/wot/2.php http://www.cacert.org/index.php?id=19 /pages/index/19.php

I hereby order to also to bring this modification to the above listed pages.

Frankfurt/M., Dec 4th 2009

Critical system fix: see report https://lists.cacert.org/wws/arc/cacert-systemlog/2009-12/msg00006.html

Discovery

I was asked to remove the super-assurer status of all super-assurers.
I did modify those persons accounts to limit their CAcert-Points to 150
points, to remove their super-assurer status. (Including Robert
C. Account)
The system always enforces (previously and now), that people that have
150 points can issue maximum 35 points.
Since TTP issues more than 35 points, the person that does a TTP
assurance has to have at least 200 points, to be able to issue more than
35 points.

I only did changes to the database, by limiting the points of the
accounts, I was asked to.
[...]

Timeline of Policy Descisions and Motions

Technical

codesign

int(1)

1 if allowed to request code signing certs

1024bit

tinyint(1)

?

admin

tinyint(1)

1 if user is admin

ttpadmin

tinyint(1)

1 if user is TTP admin

orgadmin

tinyint(1)

1 if user is Org admin

board

tinyint(1)

1 if user is member of CAcert's board (?)

tverify

tinyint(1)

1 if user is tverify admin (?)

locadmin

tinyint(1)

1 if user can administer the location database

assurer

int(2)

1 if user is Assurer (100 Assurance Points plus Challenge). This field is caching only, if performance does not forbid try to select the underlying data instead.

assurer_blocked

tinyint(1)

1 if user may not become assurer 

1. The ttp flag is not enough, you need more that 150 points to grant TTP points.
As of today, I can see Robert has only 150 points and no more flag.

2. Only Robert was allowed to process the data. In the past, Duane dealt with the TTP program.
I am not sure but Robert has replaced Duane when Duane left the association. see reply #6

3. The process to complete the TTP forms was written on a wiki page. But I don't know any process to award someone as TTP admin

4. I guess the TTP admin nomination was a private discussion between CAcert board and support admins. see reply #6

5. N/A in my opinion

6. I don't know.
At first, the TTP admin was implicitely the person getting the Postal Box of the association so the Public Officer. It used to be a board member : CAcert President (Duane) or CAcert Treasurer (Robert).

We kept the same process when we "allowed" to users to send the TTP forms by emails to support@ then forwarding to the Public Officer.

We considered the Public Officer as trustable enough to handle the job.

> Can you please provide me with some answers
> to the following questions:


That which Guillaume says sounds about right.  The only one I can see 
that I can comment on is this one:

> 2. What was the proposed procedure to add TTP admins
>     to the system ?
>     Board motion ? Request to Support ?
TTP was in place before the time of written policies, so if a procedure 
existed, it would have been Board motion followed by request to support. 
  That request to Support might have gone to PG or Duane as Support 
themselves can't control the points system past 150 points.

>     Arbitration Ruling ?
No, DRP was approved well after TTP was up and rolling.

It is really hard to see what the case it about or more particularly why you 
need a respondent.

My opinion is put put CAcert as a respondent and let the arbitrator decide 
over what the ruling of policy is. CAcert has been a respondent in other 
cases.

I especially don't think it is fair to ask former board members with the 
exception of Robert (because of a non-board act) to be a respondent here as 
their actions don't seem to be in question.

If you really want to name someone name the current CAcert board collectively. 
If some info is need about TTP forms then Mark as a public officer can try to 
answer however the Robert probably still has them.

I don't see a need to seek or apply legal counsel to this case.

If the respondent is not responding then there is a greater issue than 
the loss of statements/povs:  CCA says that the email address must be 
kept in good working order, and that disputes must be referred to 
Arbitration.  As the Respondent has accepted CCA (I infer this from 
presence and voting for CCA at Pirmasens TOP, on official business of 
CAcert, etc), the Respondent appears to be in breach of CCA.

This would appear to dominate every other question.

[...]
>    3. You each need to notify me if you are seeking legal counsel (a
>       lawyer). This is not recommended. Rather, if you feel the need for
>       help, I can ask an experienced Assurer to assist you.
>
> and as Robert didn't respond within the
> last 3,5 months to any emailing until now -
> the last deadline was set after 3 mailings,
> deadline: March 8th 2010
> but also w/o response.

Robert has not requested this, clearly.

[...]
I would echo Dan's comment that the current board directors probably 
can't perform that role.  Especially the ones that were in the opposing 
faction of mid 2009, which would leave Lambert and Mario.

Also, assistance to Robert is only useful if he requests it.  That is a 
very different thing to the Arbitrator appointing a proxy without 
respondent's request.  I suppose you can do that -- appoint a proxy of 
some form -- because the Arbitrator has wide powers.  But independence 
and seniority is likely an issue.

Having made this step, I suspect you will have to *APPOINT* someone as 
the proxy, because the lack of a volunteer when you have asked for this 
proxy will be seen as a weakness in the ruling, and will be attackable 
in court if there is an adverse ruling against Robert.

Just my 2c worth.....

Have currently no time available for you to look into it.
Consider:
A representative needs comments of Robert Cruikshank in this case before he can act. The orther possibility is to ask two persons to look into this and the history. From that the arbiter can draw a conclusion.

2010-01-30:"question: is the "TTP frozen" dispute against an Inc member ? or against a community member ? 
And why there is this question, if against an Inc Member or Community Member is also incomprehensible to me.

The address was the official CAcert Adress in the past, for which the Public Officer was responsible, if he
was Inc member or not doesn't plays absolutely no role. People should sent their mail to this official adress -
so I have understand the former TTP program, why it is sent to him. As Public Officer he has dutys, he doesn't
follow them. And how the rules are for a Public Officers, are written in the Australien Law, the periods
for handout is 14 days (as I have remind it correctly).

I don't have spare time but I could volunteer.

Why ? because I was part of support team and I was able to forward
ciphered email containing TTP requests to Robert. We would need an audit
in support emails to know if I've really forwarded TTP requests during
the frozen period.

Please don't shot the messenger.

for my defense, the days of TTP were unclear until someone raised the
red flag and started a dispute.

Something comes to my mind as I today printed forms, did Robert accepted CCA ?
Or is it technical impossible, that he didn't made this.

From https://wiki.cacert.org/Arbitrations/Training/Lesson09  for the init
mailing
of arbitration cases:

"It is presumed that you, respondent <present or previous board member>,
accept Arbitration under the terms of the CAcert Community Agreement and
Dispute Resolution Policy, by presence and voting in committee motions
m20070918.2, m20070918.3 and m20070918.4 (see section Risks, Liabilities,
and Obligations of http://wiki.cacert.org/TopMinutes-20070917 ). If you
disagree with this presumption, please reply to this email within the next
7 days." 

... is the only path ....

If you add Assurances, you have 2 checkboxes:

1. I believe that the assertion of identity I am making is correct,
complete and verifiable. I have seen original documentation attesting to
this identity. I accept that the CAcert Arbitrator may call upon me to
provide evidence in any dispute, and I may be held responsible.

2. I have read and understood the Assurance Policy and the Assurance
Handbook and am making this Assurance subject to and in compliance with
the policy and handbook.

The Assurance CAP form (TTP form not checked so far), says instead:
- I am a CAcert Community Member, have passed the Assurance Challenge, and
have been assured with at least 100
Assurance Points.

CAcert Community Member implys CCA agreement

The website form relates to AP only. No CCA agreement is needed here.

CCA agreement is probably needed after the CCA rollout patches are
implemented by creating or renewing certs. But this isn't
currently in effect.

CCA agreement will be requested if you create an account.
But you can assume, that Robert had his account a time before
CCA comes in effect

If he didn't received assurances since starting CCA, he probably
never accepted CCA in a written form.
Last assurances received Sept. 2007

CCA in effect: 
https://wiki.cacert.org/TopMinutes-20070917
m20070918.4: The Registered User Agreement as discussed and modified is
promoted to DRAFT status as written in the (not yet approved) Policy on
Policies, and is therefore working policy for the community. The period of
DRAFT for this document is until the AGM.

Last 2 assurances received:  2007-09-21 and 2007-09-24
As there are no updated CAP forms available at this
time ... the Assurances were made probably w/o the CCA acceptance.
This becomes an issue after May 2008 ...

So the board that were present at the meeting and voted for CCA becomes
the main track

Meeting called to order 2007-09-17 09:20. Present: (Board) Greg Rose,
Robert Cruikshank, Evaldo Gardenali, (Advisory) Jens Paul, Teus Hagen, Ian
Grigg.
https://wiki.cacert.org/TopMinutes-20070917

But this is more another way around. R would need to name a proxy. I am 
not sure if it is allowed for the arbitrator to just seek one on his own 
(what in the policy are you referring to?).

I would appreciate an email officially answering this question. Until 
now I have only received a back-channel message (On IRC, 
arbitrator->Michael->me) that it was ok.
(Another arbitrator advised against it in an email to me directly.)

Reply send to support with "[s20100409.88]" somewhere in the subject 
line would be best.
Or you can enter a notice in s20100408.79 directly. (If you can get to 
it that is.)

An answer to your dispute filing question [s20100409.88] is given thru the intermediate ruling #4 in this case I've sent last night.

"As (R1) has an unknown count of TTP assurances given, the TTP assured users will loose all their points if the account will be terminated. This is, and will be not be an interest of the CAcert community. So therefor I order that an account deletion will be no option in this case. But the respondent should not use his account any longer. So therefor in a first execution step, the account needs to be locked."

Also written within the Deliberations to this case as a direction to this answer.

A more detailed answer is currently impossible as of the complexity of this case w/o the closing ruling.

Informations about 'old' TTP program

Deliberations

  1. What are the rules, policys under which (R1) acted as the TTPadmin ?
  2. Does (R1) followed those rules ?
  3. As AP comes to Draft, how was this TTP program affected by this new policy ?
  4. When becomes (R1) aware, about Policy change ?

    • Further questions that araises in the period of investigations in this case:

  5. What was the former concept of the TTP program ?
  6. How this was implemented into the system ?
  7. How was the data inserted into the system ?
  8. If an arbitration participient doesn't answer any question. How this affects the CCA ? DRP ? and probably the account of an user ?

    • Further questions that araises in a global view:

  9. What are the interests of CAcert Inc. and the CAcert community about this case and how the ruling affected those interests ?

This arbitration case is a walk thru the CAcert history upto currently activitys regarding the TTP program.

Questions 1 to 5

Back to the beginnings, CAcert builds programs to seed the CAcert deserts.

The effectiveness of Assurance Events is not that likely, because it needs resources to travel to events, and needs interested people to meet at those events. The assurance points that can be received are small, sometimes not enough to reach the 100 points level, the level before the CATS test to become an assurer. The essential part to increase the user count.

The TTP program is sometimes the only option in a desert, where no Assurer can travel to, to meet the interested people. So therefor this program is an essential program for CAcert.

The Super-Assurers program is an addtl. instrument, to bring people upto a level, to assure others. To seed CAcert deserts.

This was the view from the 'old' days.

Then, with p20080712.1 Assurance Policy comes to Draft and therefor binding and with p20090105.2 Assurance Policy reaches POLICY state. As AP doesn't include the special assurance programs TTP program and Super-Assurers, so both special programs are out of service from one day to the next - theoreticly

As it tooks about 1 year, that the Community still tooks notice about the AP in effect, also the special assurance programs didn't get noticed about this shift in the global Assurance program.

From the mandate, to start an Audit, Policy work started to form policys for several areas, so that those areas can be audited. To get this project running, policys doesn't cover all areas from the beginning. So also TTP program was not included to the Assurance Policy and therefor frozen until a subsidary policy is written and pushed at least to Draft.

As long the community didn't noticed that AP was in effect until mid of 2009, so nobody noticed that AP frozes also the TTP program.

The Assurers still becomes aware about the AP in effect starting with the ATE events spring 2009. Since than, also the Arbitration is under fire with dispute filings. A signal, that the Assurers becoming aware of the Policys in effect.

The special Assurance programs are not yet affected thru the regular assurer community and therefor out of view for most of the community. The way, the old board handled the Audit, it also handled the Policy work. Maybe it was a lack of communication, maybe it was the missing activity ... This doesn't change the result ... the TTP program still runs not noticed by the board, not noticed by the TTP admin.

As long as there still not exists any TTP policy, the procedures to appoint an TTP admin can be assumed as the appointment of all other Officers and Roles thru a Board motion. The appointment of the TTP admin cannot be found in the history records. The only indication is Guillaumes statement.

The only available info about the TTP program is the TTP policy proposal dated May 30th, 2008

In practice Robert gots an appointment from the Board or he got this job from Duane.

As long i didn't got answers from Robert directly, I have to assume, that he acted under Boards decision while doing the TTP admin work aside the Public Officers role and the Treasurer role.

Remembering about the first dispute filing a20090518.1 that was merged into this case, gives the date the first time Robert could get the first notice, that the TTP program maybe frozen. As long as he acted under the Board authority, he still continued with his dutys as TTP admin, as board didn't decided otherwise.

The history log of former arbitration case a20090518.1 doesn't show any signs, that the initial mailing has been started before mid of Nov 2009.

In the meanwhile board runs a motion, that all special assurance programs are frozen: m20090912.1 that freezes this program and m20090914.2 take it in effect (mid Sept. 2009).

So the next action item was about end of November, beginning December 2009 by picking up those TTP program frozen cases, and starting with the intermediate ruling #1, to inform a) the community, that the TTP program is frozen, b) to inform all interested people into the TTP program, that the program is frozen and c) to inform the TTP admin that the program is frozen.

There is no indication, that the notification was sent before 2009-12-04 to the TTP admin Robert. So here we have a paradoxon, that Robert acted against AP by issueing points as TTP admin, but also following the Board order he was appointed for back in the 'old' days.

By sending the notification to the TTP admin and also publishing the boards motion, that all special assurance programs are frozen, one now could subordinate the accused knowledge about the frozen program.

The last TTP assurances given is dated November 11th, 2009. So this relates to the activitys by starting this arbitration case.

Questions 6 + 7

By starting the investigations about the TTP program, I'm running into a problem to understand, how the TTP points are transfered into the system by the TTP admin.

Back to the 'old' days, the concept was to give the TTP admin 200 points and set the TTP admin flag onto the user account. So he is able to add TTP assurances into the system with type "TTP assurance".

On a review over the Assurances given by Robert, the records indicates the assurance type "Face-2-Face" meetings with a notification set into the locations field that those assurances are TTP assurances while Robert has only 150 assurance points and no TTPadmin flag set.

So here Robert did falsery assurances by entering the TTP related assurances as regular assurances into the system under the 'old' design build by the software developers. But thus was never communicated, nor described in any document (lack of policy, interpretation of source code).

As the transfered assurance points are not added AP conform, those assurances are probably invalid. But thus then also imply all assurances between 2008 (AP comes to policy) and about mid 2009 are invalid as long as nobody takes care about AP.

Question 8 + 9

As the history log shows, Robert has been emailed several times over the last 3,5 months. No response so far. Also a deadline passed w/o response.

This raises the question, what action to take next.

An account termination affects also the unknown, but heavy count of TTP assured users. The loss of those users cannot be the interest of CAcert and the community. So therefor, thus needs attention in the ruling.

The outcome of the question: 'Does (R1) accepted CCA / DRP yet before' makes no difference if he yet accepted the CCA or not. Within the upcoming CCA rollout program, all members will be informed about the existing CCA as every arbitration participient will be informed about. And also arbitrators has to check if there is a CCA / DRP acceptance beforehand an arbitration starts. So, if a member doesn't agree to the CCA or doesn't respond to the acceptance request will automaticly result in a membership termination.

The arbitration case started under the Presumptions - CCA / DRP Acceptance "It is presumed that you, respondent <present or previous board member>, accept Arbitration under the terms of the CAcert Community Agreement and Dispute Resolution Policy, by presence and voting in committee motions m20070918.2, m20070918.3 and m20070918.4 (see section Risks, Liabilities, and Obligations of http://wiki.cacert.org/TopMinutes-20070917 )."

The membership termination follows the 'Delete my Account' procedure with all the side effects that this case has. DRP 2.2 Preliminaries says 'Participating Users may not resign until the completion of the case.'. As long (R1) didn't resigned by himself, this part of DRP doesn't affects an arbitratos ruling.

There are other actions running, that may affects the account termination:

As long, as there are no infos available, an account termination needs to be made with consideration. So an account termination in this case has to follow the procedure outlined as 'Delete an Account with Assurances given'.

Question 10

The answers found by Questions 1 to 5 relates to a user, bound by the CCA from within the Community. But in fact, Robert was a Board member (also community member). But the question that araises here is:

The disputes both starts back in 2009 (this arbitration case and the merged one), so probably this case is to handle by the former Arbitration system of CAcert Inc. ?

CAcert and the structure

The Systems are under CAcert Inc. authority. TTPadmin is no critical system admins role. TTPadmin is part of the Assurance (RA) system. Like the Assurance Officer, TTPadmin is an addtl. role to enter TTP assurances into the system. Like other Officers and Roles, board appoints Officers and Roles by board motions. But this doesn't influences the Officers work to be a community work and acting according to the Policys.

Special interest becomes the state of the TTP admin, as it was implicitely the person getting the Postal Box of the association so the Public Officer.

The Public Officer is the first person, who gets the TTP CAP forms in hand. But thus doesn't implicites that the Public Officer also have to enter the TTP assurances into the system. This role can be delegated by sending those TTP CAP forms to the TTP admin(s).

As long thus hasn't been written into a policy or procedure its worth to debate about this issue, but its interesting to this arbitration case and needs a result to decide the further proceeding. CAcert Inc Arbitration system or the Communitys arbitration system ...

Intermediate Ruling 4

Regarding Questions 8 + 9, I hereby state that (R1) didn't follow the rules

of the CAcert community under this arbitration by not responding to any mails sent to him.

This is not an statement of a debt or not relating to this arbitration issues. This alone relates to the non-respondence in an arbitration case.

Therefor I hereby rule, that the account of respondent (R1) has to be locked immediately.

As (R1) has an unknown count of TTP assurances given, the TTP assured users will loose all their points if the account will be terminated. This is, and will be not be an interest of the CAcert community. So therefor I order that an account deletion will be no option in this case. But the respondent should not use his account any longer. So therefor in a first execution step, the account needs to be locked.

Following the 'Delete an Account with Assurances given' I order further, that the respondent has to handover the TTP CAP forms in a sealed envelop to the arbitrator in this case.

The cacert email address should be removed.

Further actions with this account should not be taken, until further infos are available, how the renaming of the primary email adress affects the TTP assurances given and how the removal of the cacert email adress can be done without affecting the overall account.

Frankfurt/M., Apr 12th 2010 

Despite the fact, there is a 'Delete an Account with Assurances given' intermediate ruling,  please don't hijack the account at the moment, until further infos about how to execute the ruling and how the execute steps affects the account in question except the execution steps below:

@Support -> Execution order:
please lock the account, so that the user cannot longer use this account.

User:  ...  Primary Email ...

Please send me a reply once this execution step has been executed.

Roberts account should now be blocked.

regarding arbitration case a20091118.1 intermediate ruling #4 there are still two open questions regarding removal of the email address  <email address> from the system.

1. Did the handover of the Public Officer paperwork finished yet ?
   Is therefor the @cacert.org email adress needed ?

2. For the removal of the email address from Robert's account,
   is therefor a hijacking of the account needed ?
   or can this been handled thru the default Support Engineer's
   console like revoke an assurance ?

> 2. For the removal of the email address from Robert's account,
>    is therefor a hijacking of the account needed ?
>    or can this been handled thru the default Support Engineer's
>    console like revoke an assurance ?

That seems to require hijacking.

>     3. Who has decided about this procedure in the past ? (before TTP
> program was frozen)

http://svn.cacert.org/CAcert/CAcert_Inc/Board/board_review_actions_20040820_20070525.html

Intermediate Ruling 5

With the CCA acceptance received by Robert Cruishank I hereby withdraw the intermediate ruling #4 dated Apr 12th 2010 and order Support to undo the account locking actions followed by the intermediate ruling #4 and accept Robert's statement, that he has done his duties in good faith.

Frankfurt/Main, 2010-08-30

Discovery II

Ruling

Ruling covers 4 questions:

On doing analyze about this case, there was a huge count of assurances discovered that doesn't conform to the standard. So the database content seems to be corrupt or doesn't state the correct state of assurances. So the forth question araises:

Question i. Has respondent acted against CAcert rules ?

Question ii. if assurances were made falsery, how to handle TTP assurance points ?

Question iii. Review of the intermediate rulings

Question iv. What to do with the data with unclear state ?

Frankfurt/Main, 2010-11-26

Execution

Similiar Cases

a20090518.1

People is getting 150 points from TTP while the programme is frozen

Arbitrations/a20091118.1 (last edited 2010-11-27 00:17:43 by UlrichSchroeter)