* Case Number: a20111128.3 * Status: closed * Claimants: Tom W * Respondents: CAcert * Initial Case Manager: JoelHatsch * Case Manager: BernhardFröhlich * Arbitrator: UlrichSchroeter * Date of arbitration start: 2012-01-05 * Date of ruling: 2012-01-06 * Case closed: 2012-02-03 * Complaint: Account Removal * Relief: Remove the account, terminate CCA, make this case a precedent Before: Arbitrator UlrichSchroeter (A), Respondent: CAcert (R), Claimant: Tom W (C), Case: a20111128.3 == History Log == . 2011-12-18 (issue.c.o) case [[https://issue.cacert.org/otrs/index.pl?Action=AgentTicketZoom&TicketID=101277&ArticleID=120223&QueueID=1|s20111128.9264]] . 2011-12-18 (ICM): added to wiki, request for CM / A . 2012-01-05 (A): I'll take care about this case as (A) and appoint Ted as (CM) . 2012-01-05 (A): initmailing sent to (C) with deadline set to 2011-01-19 . 2012-01-05 (C): request confirmed == Original Dispute, Discovery (Private Part) == * Link to Arbitration case [[Arbitrations/priv/a20111128.3|a20111128.3 (Private Part)]] <> ==== EOT Private Part ==== == Discovery == * This case is to be intended to become precedent for Delete my Account cases, to be handled by Support-Engineers first (if no assurances were given, if no certs are still active) * Initial step will be the init mailing following [[Arbitrations/Training/Lesson20#DeleteMyAccountInitMailing|Delete my Account cases Init mailing]] that has to be sent by a Support-Engineer once ruled to precedent * As the precedent isn't ruled yet, I have to send the initial mailing by myself * (C) confirmed the delete account request * Next step is: discover users account state a. assurances given a. any active certs * If there is no assurance given nor any cert active, SE can handle the account through the Delete my Account procedure with CCA termination date set to action date * still awaiting patch [[https://bugs.cacert.org/view.php?id=794|bug #794]] activation * 2012-01-05 22:09 patch [[https://bugs.cacert.org/view.php?id=794|bug #794]] has been applied to production system as reported under [[https://lists.cacert.org/wws/arc/cacert-devel/2012-01/msg00013.html|Report 2012-01-05 22:09]] and [[https://lists.cacert.org/wws/arc/cacert-systemlog/2012-01/msg00000.html|Syslog notification 2012-01-05 22:05]] * No other open Arbitration cases for (C) can be found == Ruling == For the ruling I follow the simplyfied arbitration case [[Arbitrations/a20110802.3|a20110802.3]] As this current running case is also intended to becoming precedent for similar Delete My Account cases, the ruling includes some pre-exec steps, that has been handled for the running case by the arbitrator (step 1 + 2) ((C) confirmed yet the delete account request), but needs to be done by a Support-Engineer in followup precedent cases: 1. Support-Engineer shall check the users account: a. If the Claimant has given Assurances, continue step 5 a. The Claimant has not given Assurances: 1. If the Claimant has not issued any certificates (Certs.A), Support-Engineer shall continue with the next step 2 1. If the Claimant has client or server certs (excluding org client or org server certs) but the certs are expired since 3 months or more (Certs.B), Support-Engineer shall continue with the next step 2 1. If the Claimant has client or server certs (excluding org client or org server certs) but the certs are expired within the last 3 months (Certs.C), Support-Engineer shall continue with the next step 2 1. all other cases to follow step 5 1. Support-Engineer shall write an initial mail to the claimant, to confirm the delete my account request by following the example given under [[Arbitrations/Training/Lesson20#DeleteMyAccountInitMailing|Delete my Account cases Init mailing]]. Support-Engineer shall set a deadline to this initial mailing for 2 weeks 1. Either the claimant confirms the delete account request or the given deadline passed: a. Certs.A and Certs.B case: . If the Claimant has not issued any certificates or certs are expired for 3 months or more and Claimant has not given any Assurances the account shall be hijacked by SE and shall be anonymized following the [[Arbitrations/Training/Lesson20/DeleteAccountProcSEv3|Delete Account Procedure]] (by using the next free number x^1^) and the CCA with the Claimant is terminated immediately. SE shall then report to the Claimant that the account has been terminated and the CCA termination date set to exec date a. Certs.C case: . If the Claimant has certificates that expired within the last 3 months and Claimant has not given any Assurances the execution shall be delayed until the 3 months hold period after the last cert in the users account expired. Support-Engineer shall send a notification to the user about the delay in execution, given the reason for expiring certs. Once the delaytime passes the user account shall be hijacked by SE and shall be anonymized following the [[Arbitrations/Training/Lesson20/DeleteAccountProcSEv3|Delete Account Procedure]] (by using the next free number x^1^) and the CCA with the Claimant is terminated immediately by given exec date. SE shall then report to the Claimant that the account has been terminated and the CCA termination date set to exec date 1. In case of delete account action, SE shall document the delete account issue by adding it to the table at the end of this case file [[Arbitrations/a20111128.3|a20111128.3]] with: a. Support ticket number a. Arbitration number + consecutive number, eg. a20111128.3.# (increasing number starting with 1) x^1^) a. CCA termination date (this is the SE's exec date) 1. If Support finds any certificates that disqualify for rule 1.b.1 (Certs.A) and 1.b.2 (Certs.B) and 1.b.c (Certs.C) or Assurances given, Support-Engineer shall refer this case back to arbitration (move ticket to disputes queue) with informations found in the users account (assurances given, certificates state) and another ruling shall determine further steps and the CCA termination and anonymization date. In this case, the documentation doesn't need to be added to this case file. The initial mailing and confirmation by (C) has been yet applied. In the running case, SE shall start with step 3 of execution. I hereby order that Support is allowed to execute subsequent dispute filings following the conditions given by this ruling using this case as precedent. An Arbitrator shall walk thru the pending arbitration cases not yet picked up by an Arbitrator and Case Manager and shall set the state to dismiss for the moment for all Delete Account cases still in the Arbitration queue and shall transfer them back to Support-Engineer queue to handle the cases given under this precedent ruling. Also an Arbitrator shall move all yet still awaiting dispute filings regarding delete my account cases in disputes queue to the Support-Engineer queue to be handled by a Support-Engineer given by this precedent ruling. A Support-Engineer shall update the Support-Engineer handbook in handling dispute filings by Triage members regarding delete account cases, to move tickets to Support-Engineer queue first instead of moving them to the disputes queue so a Support-Engineer can first check if the precedent ruling applies for a new case. Frankfurt/Main, 2012-01-06 {{attachment:certs-expire-ranges.jpg}} . ''Certs expire ranges'' == Execution == . 2012-01-06 (A): ruling and exec request sent to (Support) . 2012-01-06 (Support): executed ruling and first case. However, the consecutive number in the arbitration number is missing . 2012-01-06 (A): reply to (Support) to correct the arbitration number + consecutive number for this case . 2012-01-06 (Support): corrections made, corrections for clarification under [[Arbitrations/Training/Lesson20/DeleteAccountProcSEv3|Delete Account Procedure]] . 2012-01-06 (A): added current case to precedent list under [[Arbitrations/Training/Lesson12|Arbitrations - Training - Lesson12 - Precedent cases]] . 2012-01-06 (A): moving 20 delete account cases sitting in disputes queue to SE - please to check to be handled under precedent, 1 ticket returned into disputes queue [s20111226.39] . 2012-01-07 (A): dismissed 13 delete account cases from [[Arbitrations|Pending Arbitration Cases]] list that hasn't been picked up yet by a Case Manager and Arbitrator, to be checked by (Support) if the case qualifies for the precedent ruling, by setting a note to the related ticket numbers and move them to the SE queue . 2012-01-07 (Support): notification to (C) hasn't been sent out yet ((A): info received by phone from (SE)) . 2012-02-03 (A): last ticket from Delete my Account cases queue that was dismissed for handlink by (Support) has been closed and added to list below. a. pending arbitration cases not yet picked up - handeled a. move all yet still awaiting dispute filings regarding delete my account cases from disputes to SE queue - handled a. [[Support/Handbook|Support Handbook]] and detailed description under [[Support/Handbook/PrecedentCases/a20111128.3|Support Handbook: precedent case a20111128.3]] documented by (SE) a. added note to [[Arbitrations/Training/Lesson04|Arbitration / Training - Lesson 4 - Creating a new Arbitration case]] that (Support) should check in certs misuse cases that there is no open/running/pending Delete my Account case in the SE queue regarding the members name and email in question. This procedure shall be used instead of a pro-active check for open/running "certs misuse" cases by (Support) on every Delete my Account request ||<#c0c0c0 -5>Pro-active check for open Arbitrations vs. Check on Critical cases only<
> 1. By default each arbitration case preliminaries check is for other open/running arbitration cases. If there is any, this needs to be documented in the new case. Delete my Account cases cannot be closed before the other cases are closed. <
> 2. There still exist no workable, simple procedure, where Support can check the full username and email of all current Arbitration cases. <
> 3. There still exist no workable, simple procedure, where an Arbitrator can check the full username and email of all current Support cases pending "Delete my Account" request. <
> 4. In the discovery process of this arbitration case the potential critical cases, that may prevent a fast path processing of Delete my Account cases by SE by following this precedent ruling has been broken down to a dispute filing caused by misuse of a certificate issued by the member in question <
> 5. So therefor, an Arbitrator has to send a request to Support to check for a given username/email in "certs misuse" cases only. <
> 6. The procedure has been turn around, not SE's checks for open arbitration cases everytime a Delete my Account case arrives, instead an Arbitrator initiates a request to (Support) in "certs misuse" cases only, thats to be considered critical in "Delete my Account" cases and that stops a running Delete my Account processing, so the member can be brought into Arbitration <
> <
> For "Critical cases" the 3 months delay time after the latest expire date of a certificate exist before a CCA termination can be given. If there is a new misuse case that needs filed as a dispute, this dispute filing needs arrival at least 3 months before the delay hold time expires. Therefor the ruling of this precedent ruling takes into account that if the latest certificate has expired before the dispute filing of a Delete my Account case, these cases can be handled by Support. If one or more certificates are not yet expired or revoked, this case needs to be moved to Arbitraton. With every day active certificates aren't expired or revoked at dispute filing date, the risk on certs misuse may increase. The precedent ruling follows the practicable direction, that a Support-Engineer can handle Delete my Account cases easily and the risk near zero regarding related certs misuse cases. This precedent ruling don't want to cover all Delete my Account cases, but following the Pareto principle, if 80% of all Delete my Account cases can be handled by the restrictions given under this precedent ruling the task of this precedent ruling is fulfilled, to handle the easy cases by a Support Engineer directly and to transfer the difficult ones to arbitration. Currently there are still 6 Delete my Account cases in the Arbitration queue vs. 29 Delete my Account cases handeled by (SE) following this precedent. So the Pareto principle is fulfilled. || . 2012-02-03 (A): final notifications to (C), (CM), (Support), case closed. == Similiar Cases == || [[Arbitrations/a20080702.1|a20080702.1]] || [[Arbitrations/a20080702.1|User requests to delete account with Assurance Points]] || || [[Arbitrations/a20090618.3|a20090618.3]] || [[Arbitrations/a20090618.3|Assurer requests to delete account]] || || [[Arbitrations/a20090618.5|a20090618.5]] || [[Arbitrations/a20090618.5|User requests to delete account with no Assurance Points]] || || [[Arbitrations/a20090826.1|a20090826.1]] || [[Arbitrations/a20090826.1|User wants account deleted, no Assurance Points, no certificates]] || || [[Arbitrations/a20090926.1|a20090926.1]] || [[Arbitrations/a20090926.1|User wants account deleted, no Assurance Points, no certificates]] || ||[[Arbitrations/a20110120.2|a20110120.2]] ||[[Arbitrations/a20110120.2|Account Removal w/ intermediate ruling]] || ||[[Arbitrations/a20110110.1|a20110110.1]] ||[[Arbitrations/a20110110.1|Please Delete my Account (Is Assurer)]] || ||[[Arbitrations/a20110131.1|a20110131.1]] ||[[Arbitrations/a20110131.1|Account Removal Olivier F (Is Assurer)]] || || [[Arbitrations/a20090510.3|a20090510.3]] || [[Arbitrations/a20090510.3|Assurer with alter-ego even assured himself more than once]] || || [[Arbitrations/a20110802.3|a20110802.3]] || [[Arbitrations/a20110802.3|Can you please delete my account?]] || || [[Arbitrations/a20110221.1|a20110221.1]] || [[Arbitrations/a20110221.1|PII and problematical sys settings on 1057 of 1074 deleted accounts cases still remains in database]] || see also: [[Arbitrations/Training/Lesson20|Arbitrations Training Lesson 20 - Arbitration Case - Delete Account Request]] == Post Arbitration Documentation == <> . The Post Arbitration Documentation has been moved to [[Arbitrations/Audit/a20141024.1|Arbitrations/Audit/a20141024.1]] please continue logging cases there. <> ---- . CategoryArbitration . CategoryArbCaseAccountDelNonAssurer