  * Case Number: a20140316.1
  * Status: running
  * Claimant: CAcert (Support - originally filed by Marcus M)
  * Respondent: CAcert
  * initial Case Manager: EvaStöwe
  * Case Manager: PietStarreveld
  * Arbitrator: EvaStöwe
  * Date of arbitration start: 2016-08-14
  * Date of ruling: 201Y-MM-DD
  * Case closed: 201Y-MM-DD
  * Complaint: database cleanup regarding deleted accounts

  * Relief: TBD

Before: Arbitrator: EvaStöwe (A), Respondent: CAcert (R), Claimant: CAcert (Support - originally filed by Marcus M) (C), Case: a20140316.1

<<TableOfContents(2)>>

== History Log ==
 . 2014-03-16 (issue.c.o): case [s20140316.67]
 . 2014-05-24 (iCM): added to wiki, request for CM / A
 . 2014-05-24 (iCM): send notification about case to C
 . 2014-07-26 (iCM): repeats request for CM / A
 . 2016-08-14 (CM): pick up case with A
 . 2016-08-14 (A): send init mail to C
 . 2016-08-14 (A): send preliminary ruling to software and critical team

'''Link to Arbitration case [[Arbitrations/priv/a20140316.1|a20140316.1 (Private Part)]], Access for (CM) + (A) only''' 

## ==> INCLUDE SECTION BOT
<<Include(Arbitrations/priv/a20140316.1)>>  
## <== INCLUDE SECTION EOT

==== EOT Private Part ====

== Original Dispute ==

 {{{
Dear arbitrators,

taken the information from the bug 1223 [1] and taken to the split bug
1259 [1]
In the support case {a support case number} a member asked for a deleted account.
He could not access it, and searching in the SE console I could not find
it either. However if he used the 'Lost password' link on the login
website, entered the email address and correct birthdate, he got to step
2 of password recovery. That means, here his account showed up.

This looked strange to me, since normally as SE I can search even for
deleted email addresses and I find all accounts this email address
belongs to or previously belonged. But in this case I didn't find it.

So I asked {a critical admin} and he told me: "This email address can be found in the
table `email`, but with the field `deleted`. It can also be found in the
table
`users`, again with `deleted`."

It thus showed up that the handling of the `deleted` field in the
software is rather inconsistent. I suggest that this handling should be
straightened in the way that an SE always can see all email addresses,
domains and accounts that ever existed. If there is more than one
account, in the list of the accounts to select, a flag should be added
to show if it is an active account, email address or domain or if it is
deleted.

Please find an advice for the software team how to handle the cleanup.


[1] https://bugs.cacert.org/view.php?id=1223
[2] https://bugs.cacert.org/view.php?id=1259
}}}

Parts in {} anonymised.

== Preliminary Ruling ==

{{{
I hereby give the following preliminary ruling:

A patch for bug 1259 may not be set productive until the arbitration
case a20140316.1 is decided or there is a ruling in that case that
allows to set such a patch productive.

Eva Stöwe - 2016-08-14
}}}

== Discovery ==
 * 2016-10-01: Board issues motion [[m20161001.1]] - "Withdraw a20140316.1 (database cleanup regarding deleted  accounts)"
{{{
Resolved, that the board considers the bugs filed referred to in the case a20140316.1 are sufficient to the underlying needs, that the case is misfiled, and that the board does not want to encourage the use of Arbitration to bypass or force other channels.
}}}

By this act, board has to be considered to take over the representation of the claimant, so the claimant is adjusted to be "CAcert (represented by board)". As head of the executive area, board is able to such a task from the teams, if board sees such a need, at least in cases where some authorisation is requested.

It has to be noted down that the motion was given at the board meeting after the Arbitrator had 
a) stated that she had gathered everything needed to come to a ruling based on earlier discussiond on board mailing list and in that board meeting and
b) given a possible overview about the considered ruling. Which included the possibility of a fine against CAcert because of the request to provide support team members access to user data which the members would consider to be removed on a regular basis, without being able to name any relevant argument and even further to make it easy for support to look up accounts (by accident or intention) which have no relation to a support case at all.

== Ruling ==

== Execution ==

== Similiar Cases ==

|| [[Arbitrations/a20110221.1|a20110221.1]] || [[Arbitrations/a20110221.1|PII and problematical sys settings on 1057 of 1074 deleted accounts cases still remains in database]] ||
|| [[Arbitrations/a20100131.1|a20100131.1]] || [[Arbitrations/a20100131.1|User wishes Account removal]] ||

See [[Arbitrations/a20110221.1|a20110221.1]] for a detailed list of Similar cases and related Bug Reports.

----

 . CategoryArbitration
 . CategoryArbCaseOthers