- Case Number: a20141027.1
- Status: withdrawn
- Claimant: CAcert (Support - originally filed by Marcus M)
- Respondent: L. I.
Initial Case Manager: BernhardFröhlich
Case Manager: PietStarreveld
- Arbitrator:
- Date of arbitration start:
- Date of ruling:
- Case closed: 2016-10-22
- Complaint: Request for precedence ruling for accounts with obviously fake or non-personal names
- Relief: For proposed relief see Original Dispute below.
Before: Arbitrator name arbitrator (A), Respondent: L. I. (R), Claimant: CAcert (C1), Case: a20141027.1
Former parties: Marcus M. for Support (C2).
History Log
2014-10-27 (issue.c.o): ticket s20141027.172
2015-05-16 (iCM): added to wiki, sent notify mail to C & R, request for CM / A
- 2015-05-18 (R): Replies to announcing mail stating the intention to not use the account anymore, and that it may be closed or disabled.
- 2015-05-18 (iCM): Forwarding R's mail to support, proposing to handle this as a normal "close my account" request.
- 2016-08-20 (CM): FrOSCon 2016 session:
- case selected for review as it fits the review criteria
- CAcert Support becomes new claimant (C1), original claimant dismissed (C2)
- CAcert Support withdraws case as claimant
- 2016-09-25 (CM): board confirms the executive decisions taken during FrOSCon 2016 session by board motion m20160921.2
- 2016-10-15 (CM): implement executive decisions taken during FrOSCon 2016 and send case withdrawal notification
- 2016-10-22 (CM): case closed as withdrawn
Link to Arbitration case a20141027.1 (Private Part), Access for (CM) + (A) only
EOT Private Part
Original Dispute
- Original dispute (anonymized)
Dear arbitration, I file a dispute for a precedent case handling of how to work on the following support case. Support observe during support case handling that the names in the account are no personal names or are otherwise obvious fake names, which is a CCA violation. This case is liked to the ticket s20141023.40. Here are the entries: [ ... Account details removed ... ] Support should have the rights to act as follows: Support asks the user if the names in the account are his personal names and rules that if the names entered are not his personal ones to change them to his personal ones within a period of 4 weeks. If there is no answer to support or the names are not change after that period the account will be locked. (If it is an assured account, an dispute is filed against the Assurer.) If the user asks for unlocking his account he needs to pay a handling surcharge of at least 15 EUR. As the software is not able to handle a note information why the account is locked, support will create a private Wiki page only accessible by support and arbitration containing these information: Primary email address, ticket number, keyword why account is locked, date when account was locked, date when the account was unlocked. If you think that it might be a good idea to delete the account after the retention time of 3 month after the latest expiration date of a certificate in the account. In this case the original email address and domains should be kept in the account so they cannot be used by the user right away. If he wants to use the entries they can be freed by support with a handling surcharge of at least 15 EUR. This dispute is indented to strength the CCA by enforcing to obey the CAcert rules as it cannot be that CAcert has no measures to react, if the user enters fake data. Please work on this dispute in a timely manner.
- Reply to case notification mail and additional confimation of R (summary):
We confirm that we are not using any certificate issued in our account. We can provide full details required in account information. You can safely disable our account.
- Subsequent request of iCM to Support (summary):
I'd assume that [R's reply] can be considered as a "delete my account" request for this account. If you agree to this, I'd put it through the normal routine. If not, we may also wait till an Arbitrator will handle this case.
Discovery
FrOSCon 2016 session - future of 25 arbitration cases from leaving team members
At FrOSCon 2016 members of Arbitration, Board and Support took part in a session on possible withdrawal of cases by CAcert(Support)/CAcert and prior clarification about claimants. On 2016-08-23 the initial report of that FrOSCon 2016 session, Protocol - FrOSCon session - future of 25 arbitration cases from leaving team members, was posted on the board and arbitration mailing lists for review and discussion.
The executive "decisions" taken during the FrOSCon 2016 Session (and also regarding additional cases) were confirmed by board motion m20160921.2 on 2016-09-25:
Resolved, that board withdraws the cases as mentioned in the emails https://lists.cacert.org/wws/arc/cacert-board/2016-08/msg00009.html and https://lists.cacert.org/wws/arc/cacert-board/2016-08/msg00017.html acting for CAcert as claimant of that cases.
The detailed background, proceedings and the initial report of the FrOSCon 2016 session are publicly available as FrOSCon 2016 Session Report.
FrOSCon 2016 session - review of case a20141027.1 - "Request for precedence ruling for accounts with obviously fake or non-personal names "
At the FrOSCon 2016 Session case a20141027.1 - "Request for precedence ruling for accounts with obviously fake or non-personal names " was put up for review as all who were present at the session agreed that it fitted the criteria for review:
- dispute is filed by formerly active member
- dispute is filed as a role based dispute
For this case this meant that Support would now assume the role of claimant and that the original claimant should be considered as former claimant, having been dismissed from the dispute.
The subsequent review of this case at FrOSCon 2016 made Support decide to withdraw the case as claimant as shown by the relevant section of the FrOSCon 2016 report posted on the board and arbitration mailinglists on 2016-08-23:
4. https://wiki.cacert.org/Arbitrations/a20141027.1 ------------------------------------------------------------------- "Request for precedence ruling for accounts with obviously fake or non-personal names" * summary of dispute: "Support observe during support case handling that" names in an accout are "obvious fake names, which is a CCA violation." [Data for one specific case] "Support should have the rights to act as follows:" - to ask the users about correct names - to "rule[s] that if the names [are incorrect] to change them [...] within a period of 4 weeks." - if there is no answer or change lock account - if assured account dispute against assurer - "if user asks for unlocking account he needs to pay a handling surcharge of at least 15 EUR." - wiki entry with prim email, ticket number, keyword why acc locked visible for all support and arbitration - maybe delete account after retention time of 3 month after last expiration of certificates in account, with keeping email address, so that user cannot create new account with that address, as long as he does not pay 15 EUR "This dispute is indented to strength the CCA by enforcing to obey the CAcert rules as it cannot be that CAcert has no measures to react, if the user enters fake data." * support: a) why does one see those accounts? b) how to know that it is fake data? c) if at all support should address those if they use their correct data with a nice mail and a reference to CCA, with no further consequences based on b) - there is no allowance to look up the account later again d) if there are assurances it has to be assumed that those assurances are valid, if there is no reason to doubt this by someone who has seen the data of that person (another assurer) [if there were assurances can be seen as supporter without looking up the assurer] => withdraw * board: ok
FrOSCon 2016 session - review of case a20141027.1 - "Request for precedence ruling for accounts with obviously fake or non-personal names " - comments received
The review of this case as reported on the board and arbitration mailinglists led to minor comments posted on the board and arbitration mailinglists on 2016-08-24 (only relevant part included here for brevity). None of the comments came from the original claimant:
[...] > * support: > a) why does one see those accounts? If support gets aware of such accounts based on support tickets, maybe. Just a wild guess ... > b) how to know that it is fake data? Maybe "Admin SomeCorp" or alike ... CCA violation by failing to fill in correct information. > c) if at all support should address those if they use their correct data > with a nice mail and a reference to CCA, with no further consequences > based on b) - there is no allowance to look up the account later again > d) if there are assurances it has to be assumed that those assurances > are valid, if there is no reason to doubt this by someone who has seen > the data of that person (another assurer) [if there were assurances can > be seen as supporter without looking up the assurer] > => withdraw > * board: ok As a community member of CAcert I see this decision as HIGHLY problematic as I cannot trust the information present in accounts. [...]
In the reply the member is encouraged to take matters in his own hands by either presenting his arguments to board or Support or file a dispute, if he truly believes this would be a sensible step towards resolving his problem:
[...] > As a community member of CAcert I see this decision as HIGHLY > problematic as I cannot trust the information present in accounts. I'll not comment here, as those were the arguments of claiming party. But I believe that [...] already commented on this a little bit from the point of view of board, as well. Or as a community member. (Not sure about which role he was using in that comment.) As did [...]. If you have issues with that position - and support accepts some superior decision of board in this context - you probably should present your arguments somehow more prominent to board (or support). Or file the same dispute on your own, if you believe this to be a sensible step as a community member. [...]
Ruling
None - claimant C1 withdrew case on 2016-08-20.
Similiar Cases
TBD