Annual Report of the CAcert Inc. 2017/2018
From the Committee of CAcert Inc.
Hereby, the Committee of CAcert Inc. presents its executive report to the members of the Association, and by extension, to the entire Community of CAcert. This report is over the customary period of 1st July 2017 to 30th June 2018.
In addition to that defined period, the Committee presents a Forward Looking Statement that covers 1st July 2018 and beyond. Note also that Team Reports are not so constrained by fixed periods.
The terms committee and board are used interchangeably. The terms CAcert Inc. and the Association are used interchangeably. The term Member means a member of the Community under the CCA where unqualified, and a member of the Association or the committee where qualified.
CAcert Inc. is incorporated under the Associations Incorporation Act, 2009 of NSW, Australia. The members of the Association are our registered participants in the governance of our wider Community. Total Association membership at 30th June 2018 was sixty-three (+3). As of the time of writing this report, Association membership still stands at sixty-five (+5). The wider Community outside the Association currently numbers some 6,720 Assurers, around 32,600 end-users with some assurances, and about 330,000 accounts with zero assurance.
CAcert Inc. has no employees – we rely fully on a cadre of volunteers to carry out all functions.
CAcert Inc. operates under the rules of the Association, as adopted by the Association members in November 2011. In addition, CAcert Inc also binds itself by means of the CAcert Community Agreement and prior decisions at Annual General Meetings and Committees to the policies of the community. Under these combined rules, the affairs of CAcert Inc. are managed by the Committee.
The Committee is elected each year at the Annual General Meeting ((AGM)). The Committee comprises the President, the Vice President, Treasurer, Secretary and three ordinary members. The Committee also can form a sub-committee under the rules, and incorporates the sub-committee into deliberations. The Committee meets on the Internet once or twice per month. Meetings are generally open, minuted on the wiki, and publicly readable.
The Committee's primary role is to manage the services and teams of the Community. The Committee is assisted by 2 other main groups, being the Arbitration Forum for the resolution of disputes and the Policy Group for the creation and approval of formal policies. The Committee directly manages the many teams of CAcert, each of which work within the policy framework of CAcert, document their activities and processes on the wiki, report to the Committee, and abide by rulings of the Arbitration Forum.
The outgoing Committee provides the Annual Report to members at the Annual General Meeting. The Annual Report includes a Financial Report, team reports, a summary of the year's events and a forward looking statement to assist the incoming Committee.
In response to two factors (being, moves by the CA industry, and accusations in the previous year that had impact over future auditors), the Board took on a far-reaching reconsideration of the primary mission of CAcert, being in short to 'get into the browsers.' This should be an important goal but not dominate everything else. The CA industry has now imposed multiple audits on the process, and browser vendors (Mozilla and others) have followed suit without any apparent question as to the costs and competitive nature of the process. The increased costs in the process are perhaps doubling and tripling that which we have faced in the past. As well, at the end of this Fiscal Year, some browsers, notably Chrome, began imposing a requirement that many web pages be served through HTTPS, rather than HTTP. As it was already in our minds that the cost of even one audit was unreachable, we are now faced with a dramatic challenge to the mission. There are yet rumours a sponsor could be found. This has far-reaching implications. In order to address this, the Committee discussed some ways to better utilise the community to get the root into the browsers on a manual basis, including browser plugins and contract changes to facilitate member-empowerment. Before we can get external audits, we need to have internal audits. Some areas of CAcert are ready for audit or have already passed an audit, in other areas essential work has to be done to be auditable.
Location of CAcert
CAcert Inc is incorporated in Australia, the original location of its founding as a community. However it has been for many years clear that the centre of members and activity for the community is located in Western Europe, mainly in Netherlands, Switzerland, Austria and Germany. France is becoming more important too. Efforts to enhance the Australian base have worked partially. Ian Grigg, in particular did excellent work. But since Ian is no longer in Australia, the situation is very deplorable. It is therefore our emerging view that we need to move CAcert's intellectual property and management vehicle to Europe, in order to better align with the strength of the community.
The Committee's Forward-Looking Statement
The Committee has to face two giant challenges, the first being finding sources of funding outside of dwindling membership fees to allow CAcert to survive the coming years, the second being to move CAcert from the present Australian CAcert Inc. to an European incorporated association or similar form of organisation to save an enormous amount of bank transfer costs and to be closer to the bigger European community to save possible travel costs in future.
There have been no new Arbitrators, Support Members or Software Assessors appointed recently. One ABC for support was triggered, but is not yet decided.
All in all we need more Arbitrators, Case Managers, Software Assessors and Support Members.
Some members are very busy with other tasks. On the other hand, a few new members are now involved.
Remaining members are under heavy load within their jobs within the CAcert community, so there is some delay in fulfilling their jobs.
Board members have to fill vacant officer positions with valuable CAcert community members.
I, the President at the time of this AGM, am writing from my memory, so it is more about the feeling and general directions. For the details, I refer you to the agendas and minutes of our numerous meetings.
This has been a challenging year for CAcert, continuing with challenges and issues that have been accumulating over the past few years.
For a start, we came into this year with a prediction that we would not have enough funds, either in the bank or in expected income, to support CAcert, either the Association or the Community at large, for the full year.
We also started the year without an Australian Government-required representative (the one that we had had resigned with no replacement) and without the required number of Australian Board Members.
We are also very short-staffed in many departments, and volunteers are quickly becoming burned out by the increasing workload.
With all of this bad news, why do we even try to continue? Some of us have been members of CAcert, particularly the Community, since it was very new, and was the "only game in town," providing well-verified and validated certificates for use in web servers and e-mail. This is still true, even with the influx of new "free" certificate providers, such as LetsEncrypt, who willingly provide certificates to anyone who asks. Because of this, those certificates have no real validation, but are accepted by all of the major web browsers.
Some events are a bit hard to place in time without going back and examining all of the Board Meeting logs.
However, over the year, we researched and considered several opportunities for grants. Unfortunately, up to the end of the Fiscal Year, none of those opportunities were suitable or successful.
That fund search continued into the new Fiscal Year.
The Board has found that it is very difficult to find a time frame that fits time zones all around the world, currently including Eastern Australia, Central Europe and Eastern North America, and also to avoid long and fruitless meetings.
Our goal is to have short, efficient meetings. We frequently aim for one-hour meetings, and are happy if we manage to limit them to less than two hours, once a month. All the people in the Committee spend a lot of their free time, so their time should be used as efficiently as possible and not lost in non-productive meetings.
Most tasks are done by Board members, perhaps with outside assistance, in small ad-hoc groups.
This efficiency is absolutely needed, as we have important tasks for the future:
- the "move" for CAcert Inc.
- review and improve the financial base for CAcert Inc.
And if we have a look to the community with its drastically falling numbers of new members, no new assurers, few people involved in the project. While these are not explicitly tasks of the Committee, it is probably the only institutionalised organ that has an eye on it.
Board members have to take care of Audit reports to be published.
Board members have to fill vacant officer positions with valuable CAcert community members.