BoardMinutes-20090328
- Raw draft
- Meeting topics :
- Philipp Dunkel board position clarification
- Despite the unclear position of Philipp Dunkel statements during the previous meeting and following board list emails, Philipp Dunkel remains Board member (overall consensus)
- m20090328.1: Terminate all NDA-bound agreements, and give them the option to agree with SP, or terminate the current involvement (carried)
- m20090328.2 Creation of Security Policy Subcommittee (carried)
- report proposal Rasika team,
- DPOA measurements inclusion
(23:00:24) GregStark: 2. NDA is voted terminated and NPA people transfered to SP
(23:00:24) GregStark: 3. DPA filed
(23:00:32) TeusHagen: I do not think Gui
(20:01:34) mode (+nt ) par irc.cacert.org
(20:50:56) PhilippDunkel [philipp@77.119.216.63.wireless.dyn.drei.com] a rejoint le salon.
(20:57:47) Vous tes dsormais connu sous le nom de GolfRomeoLogs
(21:45:39) UdontKnow [evaldo@evaldo.gardenali.biz] a rejoint le salon.
(22:01:09) mnemoc [amery@shell.opensde.net] a rejoint le salon.
(22:01:19) mnemoc: hi
(22:02:15) UdontKnow est dsormais connu sous le nom de EvaldoGardenali
(22:03:18) PhilippDunkel: Hi
(22:03:51) mnemoc est dsormais connu sous le nom de AlejandroMery
(22:25:43) TeusHagen [chatzilla@theus.xs4all.nl] a rejoint le salon.
(22:26:14) EvaldoGardenali: hi TeusHagen
(22:26:41) TeusHagen: hallo, somehow identify did not work. But it seems to be ok now.
(22:27:24) TeusHagen: Who do we miss still?
(22:27:38) EvaldoGardenali: Greg is online but seems away
(22:27:48) EvaldoGardenali: nick CAcert (on #cacert)
(22:28:05) EvaldoGardenali: Robert didnt show up
(22:28:30) TeusHagen: Can we wake up Greg then?
(22:30:17) EvaldoGardenali: not sure, he seems offline on skype... do you have his number?
(22:30:47) TeusHagen: No I do not have his skype entry point.
(22:31:46) TeusHagen: Alejandro mentioned that Greg was on IRC today?
(22:33:01) EvaldoGardenali: yes, he is connected
(22:34:19) TeusHagen: not yet on #board it seems.
(22:35:04) EvaldoGardenali: yes, just on #CAcert
(22:36:09) AlejandroMery: 19:52:16 < CAcert> thank you for the link, i will give it a read.
(22:36:13) AlejandroMery: ^--- last from him
(22:36:15) AlejandroMery: hi TeusHagen
(22:37:13) TeusHagen: What is is nick name so we can chase Greg to join on #board?
(22:37:20) EvaldoGardenali: CAcert
(22:37:25) EvaldoGardenali: thats his nick
(22:39:14) TeusHagen: Seems Greg is inactive at #cacert channel...
(22:39:42) AlejandroMery: yup :\
(22:39:47) EvaldoGardenali: yes, and his client doesnt help much
(22:40:06) GregStark [Greg_Stark@netblock-208-127-148-114.dslextreme.com] a rejoint le salon.
(22:40:06) EvaldoGardenali: if it were another client, not pidgin, I could try making some beep noises
(22:40:13) EvaldoGardenali: ah, there he comes
(22:40:17) TeusHagen: Prefer to see Greg on this meeting (he lost the last week call)
(22:40:28) AlejandroMery: 20:40:07 <GregStark> I am busy at this moment be back in a half hour
(22:40:28) AlejandroMery: 20:51:33 <mnemoc> cu
(22:40:30) TeusHagen: OK
(22:40:35) AlejandroMery: that's the last I got from him
(22:40:38) EvaldoGardenali: CAcert: can you please /nick GregStark ?
(22:40:51) AlejandroMery: oh, wb GregStark!
(22:41:50) AlejandroMery: so Guillaume granted proxy powers to TeusHagen, and we are all here :)
(22:41:59) TeusHagen: Did not see any notice from Robert. So my guess is he will not join tonight.
(22:42:09) AlejandroMery: :(
(22:42:33) AlejandroMery: I forgot about Robert
(22:42:35) GregStark: Hi all, Any thing iI need to do on my side per this intereface to register/
(22:42:39) TeusHagen: This means he has some right if he wants to after the meeting.
(22:42:41) PhilippDunkel: Hi
(22:42:49) PhilippDunkel: Sorry I missed the start
(22:43:03) EvaldoGardenali: GregStark: not needed right now, we can do it after the meeting if you wish
(22:43:04) AlejandroMery: GregStark: type: /nick GregStark
(22:43:06) TeusHagen: Let us try to see who is there. Please say hi with your full name.
(22:43:19) EvaldoGardenali: GregStark: for now, just change your nick, for log keeping made easier :)
(22:43:21) PhilippDunkel: Hi: Philipp Dunkel
(22:43:31) AlejandroMery: Hi, Alejandro Mery
(22:43:35) EvaldoGardenali: hi, Evalfo Gardenali
(22:43:45) TeusHagen: hi, TeusHagen hagen
(22:44:03) TeusHagen: CAcert?
(22:44:26) TeusHagen: who is cacert?
(22:44:39) AlejandroMery: CAcert is Greg
(22:45:05) AlejandroMery: or a very low prio thread of him :(
(22:45:16) TeusHagen: I am not sure CAcert (alias Greg Stark) can write....
(22:45:26) EvaldoGardenali: Greg told me he is a slow typist the other day, then we did voice
(22:46:00) TeusHagen: Greg say hi and say stop if you need space
(22:46:23) TeusHagen: Let me open the meeting now.
(22:46:34) GregStark: hi
(22:46:47) TeusHagen: Present are 5 board members.
(22:47:02) TeusHagen: TeusHagen is proxying Gullaume.
(22:47:20) TeusHagen: Evaldo is there so Greg does not need to proxy Evaldo.
(22:47:41) GregStark: Hi TeusHagen
(22:47:45) TeusHagen: The agenda has been sent this afternoon. Excuses for late distribution.
(22:47:53) TeusHagen: Hi greg.
(22:48:03) TeusHagen: Any change needed to the agenda?
(22:49:01) TeusHagen: No response we continue with DPA road map.
(22:49:16) TeusHagen: Got response from:
(22:49:25) TeusHagen: Guillaume: ok with road map.
(22:49:26) PhilippDunkel a quitt le salon (quit: Ping timeout: 180 seconds)
(22:49:33) TeusHagen: Philipp: had concerns.
(22:50:01) TeusHagen: others?
(22:51:07) EvaldoGardenali: TeusHagen: reviewing it quickly, I had no chance to read it before
(22:51:32) TeusHagen: Ok give some seconds/minutes. Say when ready.
(22:52:53) PhilippDunkel [philipp@77.118.103.198.wireless.dyn.drei.com] a rejoint le salon.
(22:52:58) PhilippDunkel: Why doe connections always die when an IRC starts :(
(22:53:41) AlejandroMery: PhilippDunkel: EvaldoGardenali is reviewing, TeusHagen mentioned you had concerns with the agenda
(22:53:53) PhilippDunkel: ???
(22:54:03) TeusHagen: There are four items: Sec Policy accepts, SubCmtee CAsec, report proposal Rasika team, DPOA measurements inclusion (if needed).
(22:54:08) PhilippDunkel: No concerns from me. I think TeusHagen summed it up well in his Mail
(22:54:43) PhilippDunkel: I interpreted it as adding: Motion to Notify DCC on Monday
(22:54:43) EvaldoGardenali: TeusHagen: it seems fine for me
(22:54:53) TeusHagen: Alejandro/Philipp: no with the road map. Ie probably second point the CAsec cmtee.
(22:55:05) AlejandroMery: TeusHagen: ah, ok... sorry
(22:55:43) PhilippDunkel: So:
(22:55:45) PhilippDunkel: 1. Accept the Security Policy
(22:55:45) PhilippDunkel: 2. Potential Security Subcommitee
(22:55:45) PhilippDunkel: 3. seems identical to 2
(22:55:45) PhilippDunkel: 4. Is what I interpreted as DPA Notification
(22:56:32) TeusHagen: Philipp: to avoid misunderstandings: the list in my email started with 0.
(22:56:49) PhilippDunkel: By the way: As I have suspended my membership for now, I will abstain from any votes for now. Until there is some consensus on what to do. At this point I feel anything I do may be interpreted as adding fuel to the fire, so I just want to step lightly.
(22:57:11) PhilippDunkel: @TeusHagen: Sorry for the renumbering ;)
(22:57:48) GregStark: Not so
(22:58:06) PhilippDunkel: Do you want to start with the Agenda? I have no qualms with it and it seems pretty accepted
(22:58:26) PhilippDunkel: @Greg: ????
(22:58:29) GregStark: NDA
(22:58:45) TeusHagen: Philipp: to make things clear: you have resigned from board? The word "suspending" is new to me. Or were you saying you will resign when you think no progress was there to your opinion within siz weeks?
(22:59:59) PhilippDunkel: After last week Guillaume requested on the board list that I change my resignation to a suspension.
(23:00:24) GregStark: I see three items I see important.
(23:00:24) GregStark: 1. SP is in place.
(23:00:24) GregStark: 2. NDA is voted terminated and NPA people transfered to SP
(23:00:24) GregStark: 3. DPA filed
(23:00:32) TeusHagen: I do not think Guillaume used the word suspension.
(23:00:55) EvaldoGardenali: Greg, thanks for the input, we were missing that step
(23:01:07) TeusHagen: Greg: can we first identify who is voting or not and is on the board or not?
(23:01:13) PhilippDunkel: To let things cool and move on, I agreed to the board mailing list. As TeusHagen requested in the last chat the it was done via mailing list.
(23:01:50) GregStark: The board never accept PD resig, or supension
(23:02:11) PhilippDunkel: I quote Guillaumes Mail:
(23:02:16) PhilippDunkel: Hi Philipp,
(23:02:16) PhilippDunkel: Philipp Dunkel a crit :
(23:02:16) PhilippDunkel: Dear board members,
(23:02:16) PhilippDunkel: as said in the IRC meeting. I hereby resign from all post I hold within
(23:02:16) PhilippDunkel: CAcert.
(23:02:17) PhilippDunkel: That includes:
(23:02:17) PhilippDunkel: * Board
(23:02:19) PhilippDunkel: * Arbitrator
(23:02:19) PhilippDunkel: * Documentation Officer
(23:02:21) PhilippDunkel: Regards, Philipp
(23:02:21) PhilippDunkel: P.S.: I will be open at any time to commit myself again if my
(23:02:23) PhilippDunkel: prerequisites for productive working are met.
(23:02:23) PhilippDunkel: Would you just "suspend" instead your commitment @CAcert ? And declare
(23:02:25) PhilippDunkel: to resign if Board commitment is not enough ?
(23:02:25) PhilippDunkel: --
(23:02:26) PhilippDunkel: Cordialement, Best regards,
(23:02:26) PhilippDunkel: Guillaume
(23:02:29) PhilippDunkel: Tiebogos (by L'Oreal), parce que je le 'veau' bien.
(23:02:29) PhilippDunkel: Vision without action is a daydream.
(23:02:31) PhilippDunkel: Action without vision is a nightmare. -- Japanese Proverb
(23:02:38) GregStark: OK
(23:03:03) AlejandroMery: AFAIK the board has to "accept" or "declane" it, and it hasn't done any
(23:03:24) PhilippDunkel: Yes, thank you Greg, that looks like a good agenda.
(23:04:33) TeusHagen: Philipp: again: what are you asking the board: suspension (there is not such a thing in the rules :-( or resignation.?
(23:04:51) PhilippDunkel: Actually the board does not really have a choice to accept/decline, but that is irrelevant in this case. Let's just move on an be productive. I still feel that at this point I should abstain from voting, until I feel there is confidence in me.
(23:04:54) EvaldoGardenali: current association rules on http://wiki.cacert.org/wiki/CAcertIncorporated?action=AttachFile&do=get&target=CAcert_Rules2008.pdf do not open the suspension possibility
(23:05:22) PhilippDunkel: I am actually not asking for anything at all. I am just stating, that for the time being, I will abstain from votes.
(23:05:50) AlejandroMery: abstaining sounds fair
(23:06:17) TeusHagen: Philipp: it is up to you to vote or not. So I only can conclude for now the resignation issue does not put a place on this meeting now.
(23:08:02) PhilippDunkel: Yes, it is not something that needs to be debated now. We should just move on.
(23:08:06) TeusHagen: I will continue; Greg is adding the aganeda point about NDA: cancel the NDA. Put this as agendapoint 0. before DPA Road map as SP is covering this.
(23:08:27) GregStark: Of all the people here, who unstertand the aspects of the DPA
(23:08:27) GregStark: We need to get to the DPA.
(23:09:05) AlejandroMery: but NDA comes before DPA, or not?
(23:09:17) AlejandroMery: (on the table)
(23:09:30) TeusHagen: Yes I think the NDA can come first. Any objections?
(23:09:46) PhilippDunkel: None from me
(23:09:51) EvaldoGardenali: SP needs to come before NDA, in my opinion
(23:10:01) EvaldoGardenali: so we can move agreements from NDA to SP
(23:10:05) TeusHagen: Please vote
(23:10:50) AlejandroMery: EvaldoGardenali'suggestion make sense
(23:10:51) GregStark: Important who is on NDA, get NDAA people to agree to SP and then kill NDA
(23:11:29) TeusHagen: Evaldo wants to swap current SP with NDA. Problem is that DPA can introduce a restriction. But if that is still possible we can swap them.
(23:11:55) EvaldoGardenali: TeusHagen: I want, with SP approved, to make a motion like this
(23:12:15) TeusHagen: Who is under NDA: Philipp G, Guillaume, Alejandro, Wytze, Mendel.
(23:12:26) EvaldoGardenali: TeusHagen: I am too (oops, just broke it)
(23:12:40) TeusHagen: yes soory. true.
(23:12:50) PhilippDunkel: @Greg: Wytze and Mendel are ok with the switch as indicated when I met them. (They actually helped write the SP)
(23:13:15) TeusHagen: This means: support, crit systems, system admins.
(23:13:17) EvaldoGardenali: "Terminate all NDA-bound agreements, and give them the option to agree with SP, or terminate the current involvement"
(23:13:19) PhilippDunkel: TeusHagen & Evaldo could agree tight now
(23:13:48) TeusHagen: Evaldo: yes good you mentioned this.
(23:13:54) PhilippDunkel: That leaves Philipp G. I recall him working on the SP with me. But I don't recall him explicitely agreeing to move from NDA to SP
(23:14:40) TeusHagen: Philipp: that is up to PG. Please vote on Evaldo his motion.
(23:14:46) GregStark: PG has a list
(23:14:51) GregStark: of people
(23:14:54) PhilippDunkel: But as he may/may-not/? no longer have live access to the data, I think we could assume that he would be OK. If there are complaints from him we could address that then?
(23:15:18) AlejandroMery: he has access
(23:15:19) TeusHagen: There is noi way to avoid that.
(23:15:26) PhilippDunkel: Ok
(23:15:46) PhilippDunkel: I think Evaldo's motion is a sensible step for this board.
(23:15:47) TeusHagen: If rules change people should have the opportunity to say no.
(23:16:23) TeusHagen: Votes please
(23:16:31) GregStark: Must have SP active in place to cover
(23:16:32) PhilippDunkel: Agreed to that sentiment. People should always be able to withdraw when they don't agree with changes. That is actually one of the rules of contract law ;)
(23:16:51) EvaldoGardenali: so, to make this straight: m20090328.1: Terminate all NDA-bound agreements, and give them the option to agree with SP, or terminate the current involvement
(23:16:53) PhilippDunkel: @Greg. As the Policy Group has already put the SP in DRAFT it is active
(23:17:15) AlejandroMery: aye to m20090328.1
(23:17:24) PhilippDunkel: This board would just explicitely agree as it has done with all previous important policies (CCA, PoP, ...?)
(23:18:01) GregStark: TeusHagen has good point theet we as the board should vote on iit also, am i right on that TeusHagen
(23:18:05) TeusHagen: CCA and POP CAcert Inc. had veto right and that was not used...
(23:18:30) TeusHagen: Sorry greg go on.
(23:19:00) GregStark: That we the board should also vote on the SP.
(23:19:26) PhilippDunkel: @Greg & @TeusHagen I agree with you fully (Just saying there is no requirement to vote on SP before terminating NDA. This board should still explicitely agree to the SP!)
(23:20:16) TeusHagen: SP: that is later on the agenda. SP has a condition for the DPA issue...
(23:20:30) AlejandroMery: so SP should have come first :|
(23:21:28) EvaldoGardenali: if its done on the same meeting, there is no problem in my opinion, as we are not giving people an ultimatum exactly now
(23:21:38) PhilippDunkel: No worries. Let's just do Evaldo's motion and then immediately the SP and it'll be fine.
(23:21:39) TeusHagen: Well that was an earlier question of me. So I go to motion m20090328.2
(23:22:18) PhilippDunkel: Did m20090328.1 carry or did we postpone until after m20090328.2 ? Confusion
(23:22:25) TeusHagen: Board agrees with SP with the amendment of needed measurements of DPA can be included if needed so.
(23:22:29) ***PhilippDunkel is confused now
(23:22:51) AlejandroMery: TeusHagen: yes
(23:22:51) TeusHagen: Postpone m20090328.1 for now.
(23:23:13) TeusHagen: Got 1 Aye for m20090328.2
(23:23:24) EvaldoGardenali: aye for m20090328.2
(23:23:54) GregStark: aye for m20090328.2
(23:23:59) TeusHagen: Aye from TeusHagen
(23:24:20) TeusHagen: Aye from Guilaume
(23:24:32) TeusHagen: Back to m20090328.1
(23:24:40) AlejandroMery: :)
(23:24:47) PhilippDunkel: Ok then m20090328.2 has carried
(23:25:11) TeusHagen: Votes for .1
(23:25:20) AlejandroMery: aye
(23:25:23) TeusHagen: Aye from TeusHagen
(23:25:35) EvaldoGardenali: mine is implicit
(23:25:48) TeusHagen: Have no saying from Guilaume so no vote.
(23:26:03) TeusHagen: So this is carried.
(23:26:04) GregStark: aye for m20090328.1
(23:26:55) TeusHagen: OK proceed now on DPA road map. We have had point 0.
(23:27:12) TeusHagen: Point 1. SubCmtee. Any comments?
(23:27:46) EvaldoGardenali: should we agree who to invite, and deadline?
(23:28:32) AlejandroMery: probably
(23:28:33) TeusHagen: There is some deadline mentiuoned as 30th for installment. Membership is only open for CAcert Inc. members.
(23:28:49) PhilippDunkel: I think a subcommittee has little benefit. As such. But it would be good to have a dedicated and specified group that will deal with DAP issues for the board.
(23:29:19) TeusHagen: See explanation on top of email: DPA contact, legal adviser, tech sec officer/member
(23:29:25) PhilippDunkel: TeusHagen: Could you explain again, what the purpose of the subcomittee is? Maybe I have understood wrongly.
(23:29:54) ***PhilippDunkel has read the mail and does still not understand what it means.
(23:30:09) TeusHagen: SubCmtee has assoctaion power so can enforce things. See associtation rules.
(23:30:31) TeusHagen: Someone without any power makes no sense.
(23:31:10) PhilippDunkel: Yes, but then why do we need a subcommittee? We already have such a committee and it is called the board. I guess I just don't understand the point
(23:31:18) TeusHagen: It is similar to the public officer.
(23:31:53) PhilippDunkel: What would this subcommitte actually do?
(23:31:55) TeusHagen: If it is board it would imply the person is always in the board. There is no need to that.
(23:32:37) TeusHagen: See it as sub board with not the problem of board rulings.
(23:32:57) PhilippDunkel: What is the "problem of board rulings"
(23:32:58) PhilippDunkel: ?
(23:33:02) TeusHagen: actually do: make a task description.
(23:33:14) TeusHagen: voting.
(23:33:26) AlejandroMery: is the SubCmtee directly in charge or it has to re-delegate?
(23:33:39) ***PhilippDunkel is not saying "NO" here. I just want to understand the point.
(23:33:59) EvaldoGardenali: AlejandroMery: it has powers to be in charge, and to delegate if needed
(23:34:02) TeusHagen: SubCmtee it is formally in charge. See the rules of the association.
(23:34:35) EvaldoGardenali: http://wiki.cacert.org/wiki/CAcertIncorporated?action=AttachFile&do=get&target=CAcert_Rules2008.pdf
(23:34:38) EvaldoGardenali: "Delegation by committee to sub-committee"
(23:34:52) PhilippDunkel: So basically you are proposing a secondary board that can just do stuff without voting as it sees fit? But what would it be tasked with?
(23:35:37) TeusHagen: Task: eg DPA alignement, sec measurements and ruling, etc.
(23:35:40) PhilippDunkel: "actually do: make a task description." does this mean it would research what we need to do and describe it to us?
(23:36:09) PhilippDunkel: what does "sec measurements and ruling" mean?
(23:36:36) PhilippDunkel: Let us maybe talk about it from another angle. Maybe that enlightens me what you want.
(23:36:43) TeusHagen: exploration is of course part of it. Say data moves to another country. Then rules change. So exploration is needed. And maybe this can lead to another string advise.
(23:36:48) PhilippDunkel: Who would you propose to be on this subcommittee?
(23:37:25) TeusHagen: See email: DPA contact person, security officer.
(23:37:46) TeusHagen: eg legal adviser (desater recoivery)
(23:38:22) PhilippDunkel: Moving data is actually a big deal. So it would need a board decision anyhow.
(23:38:40) TeusHagen: That is the decison level.
(23:38:43) AlejandroMery: (TeusHagen: I think it's good to re-say the things form the mail when corresponds so it gets in the minute)
(23:38:46) PhilippDunkel: So you would want The Privacy Officer on it and create a new DPA Office
(23:39:14) PhilippDunkel: And then get our lawyers in there for advice.
(23:39:33) PhilippDunkel: BTW, what kind of agreement do we have with these lawyers?
(23:39:41) ***PhilippDunkel is thinking about cost for a second
(23:39:54) EvaldoGardenali: for subcommittee, they need to be members of association
(23:40:32) AlejandroMery: if they are it means it's for free :p
(23:40:47) TeusHagen: So these people are not on salary as consultancvy. That is secondary to that.
(23:40:58) EvaldoGardenali: AlejandroMery: no, doesnt :)
(23:41:00) PhilippDunkel: To be honest, it might be easier to just name a contact person and make them "DPA Officer"
(23:41:00) PhilippDunkel: If there is a need to act that person can then contact the board and|or file a dispute to get authority
(23:41:24) PhilippDunkel: So they have signed a pro-bono agreement? Great!!!
(23:41:51) TeusHagen: Philipp: no that will not work. That person needs possibity to empower things.
(23:42:21) GregStark: Why not an Arbitrator
(23:42:31) EvaldoGardenali: in fact, 'officer' has no authority in CAcert Association
(23:42:34) PhilippDunkel: Well he does have it, by either asking the board or going into a dispute. THen he gets the power of the Arbitrator.
(23:42:41) TeusHagen: Arbiter is there for disputes. Do not misuse arbiters.
(23:42:53) EvaldoGardenali: because all we have in current rules are committee (Board) and sub-committees
(23:42:55) PhilippDunkel: We could also just name our Arbitration Officer. He can the assign an arbitrator to handle it.
(23:43:21) PhilippDunkel: I think the DRP is pretty clear in broadly defining "dispute" to include such events
(23:43:44) TeusHagen: There is a second argument: an arbiter does not need to be an association member.
(23:43:48) EvaldoGardenali: we are mixing arbitration in a community level with law compliance on an association level
(23:44:00) EvaldoGardenali: these are two completely separate things
(23:44:10) AlejandroMery: yes, sounds wrong
(23:44:22) PhilippDunkel: I actually don't think that the Association matters much in this case. It is the community that is registering. Then the community is delegating things to the Association.
(23:44:52) TeusHagen: That is not the way the law looks at it...
(23:44:53) EvaldoGardenali: Arbitration is no good because DPA will never agree to our DRP
(23:44:53) PhilippDunkel: The association, in terms of dutch law, may as well not exist. It does not exist as a matter of dutch law.
(23:45:03) GregStark: Arbitrator has control on data
(23:45:13) PhilippDunkel: So making it "The Community" or "CAcert Inc." is the same thing for dutch law
(23:45:42) PhilippDunkel: Actually TeusHagen it does. For dutch law CAcert Inc. is not existent.
(23:45:46) TeusHagen: PD: no. Community is no handle. Association is.
(23:46:02) EvaldoGardenali: PhilippDunkel: not registered != nonexistent
(23:46:18) TeusHagen: It is pretty much existant. If not well why bother.
(23:46:29) PhilippDunkel: Due to european law the Association in AU does not exitst here. It could not hold property, it could not be taken to court, etc... There is no handle there!
(23:47:07) EvaldoGardenali: PhilippDunkel: international tribunal?
(23:47:19) PhilippDunkel: @evaldo ???
(23:47:23) TeusHagen: That is the issue why Rasika and others thought about Oophaga or another to be started entity CAcert.nl
(23:47:33) PhilippDunkel: @TeusHagen exactly.
(23:47:50) PhilippDunkel: The point is, we just need to appoint a contact person that can be reached.
(23:48:10) PhilippDunkel: It does not have to be a committtee and he needs no powers! It is just someone to call.
(23:48:17) TeusHagen: PD: that is not the point see also the Rasika emails.
(23:48:43) PhilippDunkel: (I actually checked this with a lawer in Germany (friend of my sister) who double checked with a friend in NL)
(23:49:09) PhilippDunkel: As he is not retained by me I can't take that as official legal advice, but it is good info.
(23:49:19) TeusHagen: Well it is your word then against Rasika and his legal friends as well kine.
(23:50:15) TeusHagen: Thing is that I heard only from you: different opinion but not the reasoning.
(23:50:35) PhilippDunkel: Well how about this then. Let's just try it out. We'll name an individual as a "point of contact" ("Anspreekpunten") and then wait if the DCC disagrees?
(23:50:42) TeusHagen: More comments? Looks like we go in circles...
(23:51:12) EvaldoGardenali: maybe run a quick yes/no poll and see which direction to go?
(23:51:27) TeusHagen: PD: it does not make any sense to nominate a contact person with no background or control.
(23:51:32) PhilippDunkel: @TeusHagen: Question: Who have you heard from otherwise? And have you asked that specific question?
(23:51:51) PhilippDunkel: I'm open to be convinced. But I just don't see the point of a subcommittee
(23:52:12) TeusHagen: PD: you made your point. Now to the others. Comments?
(23:52:22) PhilippDunkel: He does have control by using the DRP ! And in terms of background, let's choose the Arb Officer!
(23:52:46) GregStark: He? DRP Who
(23:53:02) TeusHagen: PD: this is going in circles again. See remarks of Evaldo and mine.
(23:53:21) TeusHagen: Thanks Gerg: DRP who?
(23:53:43) TeusHagen: PD is Aye.
(23:53:47) GregStark: Oh got it
(23:54:01) PhilippDunkel: He= Contact Person.
(23:54:06) PhilippDunkel: I'm all with Evaldo. Let's take a quick poll.
(23:54:38) TeusHagen: Question is: DPA contact is with DRP.
(23:54:57) TeusHagen: PD was Aye still?
(23:55:36) TeusHagen: TeusHagen: Naye
(23:56:03) TeusHagen: Guillaume was in favour of SubCmtee: so Naye
(23:56:43) AlejandroMery: I like the idea of the SubCmtee instead of single person
(23:57:10) EvaldoGardenali: I don't think the regulators will accept our DRP, so I think we need a SubCommittee
(23:57:22) TeusHagen: Greg?
(23:57:25) GregStark: Is the concern once we file thats it, they (DCC) won't work with us on it?
(23:57:56) PhilippDunkel a quitt le salon (quit: Ping timeout: 180 seconds)
(23:57:57) TeusHagen: I do not understand your question.
(23:59:22) GregStark: The agency we file or form to, they wont work with us/
(23:59:41) TeusHagen: Thing is that DPA contact person is contact from anyone who has trouble with his private data within CAcert. As well he is contact to DPA and should be able to answer and deal with thoise questions. This is only related to the work area as define in the application,
(29.03.2009 00:00:17) TeusHagen: Which also means that privacy data in another area say wiki service is another application with the DPA.
(00:01:07) TeusHagen: The DPA is a governmental institute which is headed by a cmtee with ruling power.
(00:01:32) AlejandroMery: so they are autonomus
(00:01:38) TeusHagen: So the DPA can be seen as a guarder for persons privacy.
(00:01:49) TeusHagen: yes autinomous.
(00:02:56) TeusHagen: DPA is able to rule if needed so. Eg as the conduct with fin. institues and assurance companies.
(00:03:10) GregStark: So why would the Arbitration Officer not be a good candidate.
(00:03:11) ColloquyUser [colloquyus@94.245.208.172] a rejoint le salon.
(00:03:34) ColloquyUser: Sorry my Connection died. iPhone now
(00:03:46) EvaldoGardenali: ColloquyUser: who are you? Philipp?
(00:03:48) AlejandroMery: ColloquyUser: please renick
(00:04:04) ColloquyUser: Phil here
(00:04:23) PhilippDunkel [philipp@77.117.120.95.wireless.dyn.drei.com] a rejoint le salon.
(00:04:35) TeusHagen: @Gteg: Arbitration Officer has no legal power as of CAcert Inc.
(00:04:42) PhilippDunkel: Ping
(00:04:48) PhilippDunkel: Ok, I'm back
(00:05:00) GregStark: Ok
(00:05:12) PhilippDunkel: @TeusHagen: yes he has, because the board has agreed to DRP
(00:05:32) PhilippDunkel: Did you do the poll?
(00:05:47) TeusHagen: Well we differ here in opinion.
(00:05:57) EvaldoGardenali: its bad to mix arb officer with DPA, because Arb Officer will be involved in disputes against support for example
(00:06:05) AlejandroMery: PhilippDunkel: I'll paste it to you in private
(00:06:12) TeusHagen: Yes we did the poll. Greg was asked to vote as final.
(00:06:25) EvaldoGardenali: its like giving judge powers to the police officer ;)
(00:06:53) PhilippDunkel: Please hold a sec, while alejandro pastes me the log
(00:07:10) GregStark: Yes, I see that.
(00:07:57) TeusHagen: Greg: question is: are you in favor of the arbiter (DRP implicit) or subcmtee (or an individual CAcert Inc member)?
(00:08:02) ColloquyUser: Please someone paste me the log as my connection is still spotty
(00:08:34) ColloquyUser a quitt le salon (quit: Remote host closed the connection)
(00:08:43) ColloquyUser [colloquyus@94.245.208.172] a rejoint le salon.
(00:08:58) GregStark: SubCmtee - Aye
(00:09:11) AlejandroMery: :(
(00:09:13) AlejandroMery: ColloquyUser: received it?
(00:09:42) EvaldoGardenali: pass: boardmeeting http://pastebin.ca/ITUhbwKD
(00:09:43) TeusHagen: I will recall what the votes were: all votes (except from Greg so far, and expressions of PD) were in favor not to do it via the arbitration (DRP).
(00:09:54) EvaldoGardenali: ColloquyUser: thats the log for you
(00:10:06) TeusHagen: OK which means: no DRP.
(00:10:17) PhilippDunkel: Thanks
(00:10:34) TeusHagen: Question now is back to point 1 of the road map:
(00:11:11) PhilippDunkel: So you really want to pass a lot of power to this subcommittee? Ok.
(00:11:22) TeusHagen: need to staret sub cmtee for this or use single indivudual. Please vote for in favor of subcmtee (the alternative is single person).
(00:11:53) EvaldoGardenali: I choose subcommittee.
(00:11:53) AlejandroMery: group
(00:12:11) TeusHagen: TeusHagen: aye for subcmntee
(00:12:14) AlejandroMery: err, yes subcommittee
(00:12:31) TeusHagen: Guilaume: aye for subcmtee (he missed part of the other arguments however)
(00:12:43) GregStark: I choose subcommittee.
(00:13:18) ColloquyUser: Ok. Then the next thing should be to nominate the committee
(00:13:19) TeusHagen: SubCmtee is accepted. We need to define the precise tasks and persons. This can be done in the following week?
(00:13:54) EvaldoGardenali: TeusHagen: should we name some people to invite?
(00:14:00) ColloquyUser: No, because we need to name them in the application
(00:14:05) TeusHagen: Of course name some.
(00:14:29) GregStark: Is there a short list?
(00:14:45) AlejandroMery: do we need to inform them about changes of the members of the subcommittee?
(00:14:51) TeusHagen: Probably a dutch cacert association member?
(00:14:52) EvaldoGardenali: is there any volunteer on the Board for participating on such subcommittee?
(00:15:13) AlejandroMery: we can pick TeusHagen for now ;-)
(00:15:29) ColloquyUser: My short list would consist of rasika, TeusHagen and the three lawyers
(00:15:30) AlejandroMery: he is the only .nl present
(00:16:02) ColloquyUser: That would be nl + privacy officer
(00:16:04) AlejandroMery: TeusHagen: are those lawyers interested in joinging?
(00:16:37) ColloquyUser: They don't need to join if they are our legal cousel
(00:16:46) AlejandroMery: it may be good to reserve a sit for a board member there
(00:17:03) TeusHagen: TeusHagen will only be there for intermediate period. But I think there are alternatives. Alex was not willing to join as association member. Arnoud is not asked for that. Bert-Jaap is not even Community Member yet.
(00:17:57) TeusHagen: Herman XYZ is also a name. Problem is probably he has conflict of interest.
(00:17:57) ColloquyUser: TeusHagen is there for the intermediate period? Why?
(00:17:59) AlejandroMery: so for now board member + .nl + privacy officer = TeusHagen + rasika ?
(00:18:17) EvaldoGardenali: can we start the subcommittee with TeusHagen and Rasika, then change in the future as appropriate?
(00:18:31) TeusHagen: I will not be with CAcert forever. I do not have the time for that.
(00:18:39) ColloquyUser: I don't think the lawyers need to be members if they are counsel
(00:18:40) EvaldoGardenali: (is Rasika a member?)
(00:19:12) TeusHagen: Rasika is fine. I do not know if he is association member. But he can be asked.
(00:19:27) ColloquyUser est dsormais connu sous le nom de philipp
(00:20:01) TeusHagen: But for a start off it is a simple choice for now?
(00:20:35) TeusHagen: Tasks concept is in my email. I will negotaite with Rasika for definition.
(00:20:39) GregStark: I thought Rasika did not want to, would interfere
(00:20:46) PhilippDunkel: Ok, so can we just agree on TeusHagen & Rasika (as members) + the lawyers as counsel?
(00:21:13) AlejandroMery: may we define _how_ (and not only who) will the subcommittee be composed?
(00:21:51) GregStark: We can look for more persons, people retire...things change
(00:21:52) TeusHagen: How: association members should be asked. Process should be open.
(00:21:52) PhilippDunkel: For the HOW: I suggest "A NL Assoc member + Privacy office + counsel"
(00:22:15) AlejandroMery: TeusHagen: I mean a formulae
(00:22:27) TeusHagen: So it is really on temp base as tart off.
(00:22:44) PhilippDunkel: Can we agree to that formula?
(00:22:58) PhilippDunkel: And then name TeusHagen, Rasika + Counsel for now?
(00:23:06) AlejandroMery: PhilippDunkel: no sit for the board?
(00:23:36) PhilippDunkel: The board has controll anyhow, since it can overrule at any time. It can also remove people from the committee
(00:24:15) TeusHagen: Do you mean: dutch citisen, legal gay, tech sec guy, always one board member?
(00:24:35) TeusHagen: PD: right
(00:24:55) PhilippDunkel: He means something like: "A NL Assoc member + Privacy office + counsel" (I think)
(00:25:01) AlejandroMery: the legal advisor doesn't need to be gay I suppose
(00:25:12) TeusHagen: sorry typo
(00:25:15) PhilippDunkel: @alejandro ;) good one
(00:25:49) TeusHagen: does this anser your question Alejandro?
(00:26:22) TeusHagen: Can we move on to point 2 of the road map: report Rasika?
(00:26:25) PhilippDunkel: Can we agree on that formula?
(00:26:42) PhilippDunkel: Can we agree on TeusHagen & Rasika & Counsel for now?
(00:26:48) PhilippDunkel: If yes can you make a motion?
(00:26:52) AlejandroMery: I agree with the formula without sit reserved for the board
(00:26:58) AlejandroMery: and agree with the two initial names
(00:27:13) EvaldoGardenali: yeah, that works
(00:27:30) TeusHagen: TeusHagen: have to retain from this.
(00:27:48) AlejandroMery: you can say if TeusHagen hates the idea
(00:27:48) TeusHagen: Guilaume: have no information from Guilaume on this.
(00:28:15) GregStark: Aye agree to the formula and persons proposed
(00:28:35) EvaldoGardenali: TeusHagen: you have the choice of accepting or not the role
(00:29:17) TeusHagen: Well I hate it at this moment (too much influence). As well I do not understand all implications yet. So if I can accept this now is as with Rasika impossible to say.
(00:29:51) EvaldoGardenali: so, we need a contingency plan
(00:29:57) PhilippDunkel: Well the point is we need to put some names on the application.
(00:29:58) TeusHagen: Looking at some comments last month I have to think about it well.
(00:30:14) EvaldoGardenali: if the subcommittee cannot be formed this weekend, we need a contingency plan
(00:30:21) PhilippDunkel: Oh and we also need a "Responsible Party" in NL
(00:30:23) TeusHagen: PD: yes but you cannot enforce it.
(00:30:28) AlejandroMery: if we define the formula as .nl + privacy rasika can only accept or resign
(00:30:35) PhilippDunkel: I don't need to enforce
(00:30:56) TeusHagen: you = one
(00:31:27) PhilippDunkel: @TeusHagen ? you=one (What do you mean?)
(00:31:41) TeusHagen: Can I now move on to road map point 2. Rasika report.
(00:31:42) AlejandroMery: "one cannont enforce it"
(00:31:49) PhilippDunkel: Ahhh
(00:32:24) PhilippDunkel: Then what do you mean with: One cannot enforce it?
(00:32:42) TeusHagen: Question is: we ask Rasika to proceed with his exploration and come with a proposal.
(00:32:49) PhilippDunkel: Well we still don't have a subcommittee
(00:33:25) TeusHagen: PD: yes you have, the seats are there.
(00:33:30) PhilippDunkel: Ok
(00:33:40) AlejandroMery: :)
(00:33:50) AlejandroMery: how many sits? matters?
(00:34:21) TeusHagen: AM: see the algorithm.
(00:34:47) TeusHagen: Road Map: Rasika Report. Any comments?
(00:34:56) PhilippDunkel: @TeusHagen: Could you also check with the lawyers. This might be more than they bargained for. If they accept, please extend them our thanks and invite them to send their views directly to the board list.
(00:35:17) GregStark: This is jut to get us registered and to show we have poilcy and people in place, both change in time.
(00:35:41) PhilippDunkel: From what I have seen from Rasika, I have a feeling that he does not fully understand the DPA. Maybe we should just delegate that investigation to the subcommittee
(00:35:46) TeusHagen: @PD: will do. Note that Rasika has been informed already. But time did not permit him yet to get back to the lawyers with this idea.
(00:35:56) GregStark: So when they change they get informed
(00:36:33) PhilippDunkel: @TeusHagen: we should also get ourselves a pro-bono agreement with them, so that we are covered
(00:36:54) TeusHagen: PD: that was done.
(00:37:11) PhilippDunkel: Can you put that on the record somewhere?
(00:37:14) EvaldoGardenali: TeusHagen: Board never received a copy, or did us?
(00:37:23) EvaldoGardenali: s/us/we/
(00:37:53) TeusHagen: No as there is no contract made up with Alex or Arnoud. That would have been required board agreement.
(00:37:54) PhilippDunkel: Then we should also motion to agree to the pro-bono (once we have seen it) so that it becomes formal
(00:38:16) PhilippDunkel: Ah, so there is currently no agreement. Well then we should get it
(00:39:04) TeusHagen: And so delay things heavily and probably make it impossible.
(00:39:12) PhilippDunkel: Otherwise, what they say cannot be taken as advice!
(00:39:38) PhilippDunkel: So what you are saying is that we actually don't have legal counsel after all?
(00:40:27) TeusHagen: Right. That is all in the game. If board want formal legal counsil on this say so. I will not promise it is pro bono.
(00:40:52) EvaldoGardenali: I am fine with informal for now
(00:41:00) PhilippDunkel: Ok, then I guess we need to think hard whether we want real counsel.
(00:41:21) AlejandroMery: the only document I got from rasika was "Notification form"
(00:41:21) PhilippDunkel: Because Lawyers are trained not to respond to questions with real answers unless they are counsel.
(00:41:40) PhilippDunkel: And that means that their input has little value to us as a base for decisions.
(00:41:41) GregStark: EU FOSS Legal is free
(00:41:49) GregStark: i think
(00:41:51) PhilippDunkel: @Greg: Good Idea!
(00:42:00) PhilippDunkel: Maybe we should talk to them.
(00:42:05) AlejandroMery: absolutely
(00:42:09) TeusHagen: PD: maybe true. in this case I doubt that severely. As with the staements made from University of Tilburg.
(00:42:35) PhilippDunkel: The University of Tilburg? Have you a written statement from the University? From whom?
(00:42:45) PhilippDunkel: Why do you doubt it in this case?
(00:43:17) PhilippDunkel: Any lawyer worth his salt will tell you he is not giving advice if he is not counsel.
(00:43:35) TeusHagen: Have no written statement. Statement6s are from Bert-Jaap koops. Oophaga president.
(00:43:49) PhilippDunkel: And what statements has he made?
(00:44:10) PhilippDunkel: Would he be willing to be counsel for CAcert? (As I understand it he is a Law Professor)
(00:44:43) PhilippDunkel: (I highly doubt that he would be giving advice unless he was counsel. He would just copy/paste from the web and say so.)
(00:45:15) TeusHagen: The start statement was: why do you guys at CAcert make such a fuss about this. He got the Rasika report and has been asked to comment. No answer yet as this report is pretty young.
(00:45:30) PhilippDunkel: But maybe we should just ask him. If he says he is willing to give us advice, that would be great!
(00:45:54) TeusHagen: PD: again he has been asked.
(00:46:23) AlejandroMery: may we return to the rasika report thingy?
(00:46:59) TeusHagen: So: basic thing is: we go ahdead asking the Rasika report. It probably belongs within the SubCmtee.
(00:47:02) PhilippDunkel: Ok, let's summarize:
(00:47:02) PhilippDunkel: We have no legal counsel right now.
(00:47:02) PhilippDunkel: We have a professor that asks: "Why the fuss"
(00:47:03) PhilippDunkel: We agree that we should get real advice
(00:47:03) PhilippDunkel: We agree to contact FSF Europe for help
(00:47:12) PhilippDunkel: Ok let's move on
(00:47:45) GregStark: When might the board receive copy to review?
(00:47:51) PhilippDunkel: Let Rasika make up the report. Then ask a lawyer (formal counsel) to check it over.
(00:48:01) GregStark: As background
(00:48:32) TeusHagen: Note on FSF Eur: Shane has been apporached on legal affairs. He has been put in contact with Ian more as a year ago. Shane is THE guy for this. But things did not progress well till jow.
(00:49:13) PhilippDunkel: Ok, now that we have the SubCommittee, let's ask rasika for the report and then ask this Shane for proper evaluation.
(00:49:55) TeusHagen: So far point 2 of the road map.
(00:49:56) PhilippDunkel: When Shane answers, the board is informed and can then prudently act on his findings
(00:50:56) AlejandroMery: When might the board receive copy to review?
(00:51:21) PhilippDunkel: (According to TeusHagen Road Map at the end of March, we might add a week or two)
(00:51:21) TeusHagen: Point 3: DPA impkication will follow automatically. This is with the agenda point 0. Agree?
(00:51:49) EvaldoGardenali: yes
(00:51:53) ***PhilippDunkel does not understand the meaning of that sentence
(00:52:04) TeusHagen: PD made a point: add two weeks to Rasika report. Anyone problem with that?
(00:52:14) AlejandroMery: no problem
(00:52:39) EvaldoGardenali: 3. More DPA and security measurements will be defined by 1) and 2) and
(00:52:39) EvaldoGardenali: road map will follow from this.
(00:52:43) TeusHagen: Ok we add two weks.
(00:52:48) EvaldoGardenali: PhilippDunkel: thats point 3
(00:53:04) TeusHagen: Thanks Evaldo for the longer sentence.
(00:53:06) PhilippDunkel: Now all we need to do is make the notification
(00:53:17) GregStark: Ok
(00:53:42) PhilippDunkel: The only missing piece is the "Responsible Party".
(00:54:06) TeusHagen: Ok for road map point 3 I think.
(00:54:15) PhilippDunkel: It needs to be someone in NL.
(00:54:32) TeusHagen: PD: responsible party. Explain what you want to talk about.
(00:55:07) PhilippDunkel: Well, we still need to submit the Notification by monday, or we will have a fight on our hands. One that could end very badly.
(00:55:22) PhilippDunkel: The only thing missing is the "Responsible Party"
(00:55:36) PhilippDunkel: So if we can find someone to do it for now, we could file.
(00:55:39) AlejandroMery: what makes monday special?
(00:55:42) PhilippDunkel: We could then change it later
(00:56:20) PhilippDunkel: Well, because we are currently violating the DPA. And that's a crime (according to the DPA docs). Monday is the earliest we can file.
(00:56:45) TeusHagen: PD: you cannot change the contact person that lightly. For now you have none. DPA violation was already there when systems moved to EU boundary.
(00:57:34) TeusHagen: So the motion from Philipp is: apply / notify dutch DPA on Monday? Votes please
(00:57:53) PhilippDunkel: Yes, but until now, it was just "an oversight". Now that it's on the record it has become "intentional". And that moves it from not a big deal to "gross negligence" if we don't act!
(00:58:05) AlejandroMery: we have waited quite a lot already 1-2 days more wont change that and doing it in a rush may be worst
(00:58:25) AlejandroMery: tuesday at least has a meaning "the last day of march"
(00:58:42) PhilippDunkel: We can submit information to the DCC and ask them for their opinion. There is no harm there.
(00:59:12) PhilippDunkel: Is there anything we will know by tuesday that we will not have by monday?
(00:59:32) PhilippDunkel: Is there any real benefit from waiting until tuesday?
(00:59:45) PhilippDunkel: I'm fine with tuesday, I just want to know.
(01:00:24) TeusHagen: So PD says: (correct me if I am wrong) not appliy or register which needs a contact person. But send a letter to the dutch dpa basicalkly saying: this is who we are, what we do.
(01:00:26) GregStark: Is this because the SP is in place now?
(01:00:35) PhilippDunkel: Oh and on the record we did not wait a lot. We became aware of the facts last saturday and have acted promptly if we notify by monday
(01:01:08) PhilippDunkel: We just voted on a contact person. All that is missing is the official responsible party.
(01:01:22) PhilippDunkel: So we need to find that now and then file
(01:01:37) AlejandroMery: PhilippDunkel: that's why tuesday is better than monday
(01:01:47) PhilippDunkel: Then our information is complete. We can still change/adapt it later if we find it to be better.
(01:01:56) AlejandroMery: PhilippDunkel: it give the appointed one business days to accept
(01:02:02) PhilippDunkel: Who will find a responsible party if we don't now?
(01:02:03) AlejandroMery: gives*
(01:02:29) PhilippDunkel: @alejandro: good point. So tuesday it is.
(01:02:46) PhilippDunkel: So now we need to find a responsible party so that party can also decide on monday.
(01:02:53) PhilippDunkel: But what do we do if they decline?
(01:03:04) PhilippDunkel: Then we become liable!
(01:03:44) AlejandroMery: what's the quote they use in crisis management? "don't panic"?
(01:04:07) ***PhilippDunkel is not panicing, Just planning for eventualities.
(01:04:11) TeusHagen: Best solution for now is: write the DPA that you exist. Proceed from that point. Mean time we get SubCmtee started and have responsible party.
(01:04:40) AlejandroMery: TeusHagen: can we file the form without a person as responsible party?
(01:04:47) PhilippDunkel: So we shoulf file with incomplete information. And move from there.
(01:05:05) PhilippDunkel: I think they will just throw that back at us, but i could buy some time
(01:05:15) TeusHagen: No we cannot. We can try and that is similar as just the letter, but not that good.
(01:05:23) PhilippDunkel: But in that case our research for solutions becomes urgent!
(01:06:05) AlejandroMery: PhilippDunkel: do you offer yourself as "fallback" ?
(01:06:19) PhilippDunkel: Because while if we name someone, the DCC will just accept and work for a while with it. If there is no info the secretary there will immidiately reject it.
(01:06:29) PhilippDunkel: So then we don't have the 2 weeks for Rasika
(01:06:46) TeusHagen: Sending aform without the proper field filled is just asking for sending the form back to you. Which is much different from trying to be as good as possible with gining info as much as possible.
(01:06:50) PhilippDunkel: @alejandro: I can't, becasue the DPA requires the responsible party to reside in NL
(01:07:20) PhilippDunkel: If I could, I would, because I don't think that it would be a big deal as long as we are compliant otherwise.
(01:07:37) EvaldoGardenali: but the DPA says, among other things
(01:07:40) EvaldoGardenali: The responsible party shall implement appropriate technical and organizational measures to secure personal data against loss or against any form of unlawful processing. These measures shall guarantee an appropriate level of security, taking into account the state of the art and the costs of implementation, and having regard to the risks associated with the processing and the nature of the data to be protected. These measures shall also aim ...
(01:07:46) EvaldoGardenali: ... at preventing unnecessary collection and further processing of personal data.
(01:07:52) EvaldoGardenali: so, who else has the power, if not CAcert?
(01:08:06) PhilippDunkel: Well I guess that is what we are all doing already. After all we have just passed the SP.
(01:08:19) EvaldoGardenali: PhilippDunkel: yes, but who has that power?
(01:08:30) PhilippDunkel: CAcert can do so. And someone in NL just needs to represent CAcert for the DCC
(01:08:44) PhilippDunkel: The subcommittee does for one thing
(01:08:57) PhilippDunkel: The board just gave it that power
(01:09:56) AlejandroMery: should we then define the resposibly party as one of the .nl in the subcomittee?
(01:10:11) GregStark: Yes
(01:10:20) PhilippDunkel: I think that may be a good idea
(01:10:51) PhilippDunkel: But same as for the subcommittee, we need their agreement.
(01:11:20) GregStark: That would be a requirement for the Sub Cmtee one person from .nl
(01:11:26) PhilippDunkel: @TeusHagen: you obviously need time to think about this. Please ask Rasika to give you access to the form iuf you don't have it yet.
(01:12:04) PhilippDunkel: And then decide by monday night and send the application if you agree by tuesday mornign
(01:12:21) AlejandroMery: if we don't have a .nl by monday at HH:mm we have an urgent meeting monday night? (and move forward now?)
(01:12:45) PhilippDunkel: @TeusHagen: what yre your thoughts about it right now. Can you indicate to us whether we should worry about finding a different solution?
(01:13:00) PhilippDunkel: s/yre/are/
(01:13:20) TeusHagen: PD: conclusion this cannot be done on Monday. I have received today some type of form but I am unable to add any string into it. Purely a technical problem. So far I was unable to look into it as it required technical tooling I did not have (Windows system).
(01:14:05) PhilippDunkel: If you want to I can give you my password for now (it is only used for this doc anyhow) then you would have access.
(01:14:17) PhilippDunkel: The URL is: http://sites.google.com/site/dutchdpaapplication/
(01:14:19) AlejandroMery: http://sites.google.com/site/dutchdpaapplication/
(01:14:45) AlejandroMery: TeusHagen: suggestion?
(01:15:07) TeusHagen: I do not see the urgency at all. It is theory and far from practice. Best thing is still ask I said: send a letter to the dpa which brings you time.
(01:15:38) TeusHagen: The google gave me via Rasika pdf....
(01:15:41) PhilippDunkel: That's the one. @TeusHagen: If you could go over it anyhow, it would help, as my knowledge of dutch is limited to being able to read it. I can't really conjugate or declinate. And my vocabulary is limited to stuff one could find in a newspaper. So the dutch in the form will probably be horrible
(01:15:45) EvaldoGardenali: Sorry, evaldo.gardenali@gmail.com does not have permission to view this page. Please verify you are using the correct account, or contact the site owners.
(01:16:36) PhilippDunkel: @evaldo: try with your cacert email. As Rasika has invited them. I usually have a different account but have to use p.dunkel@cacert.org for this
(01:17:33) PhilippDunkel: @TeusHagen: that would only buy us minutes as they will just send us the text of the DPA and say "Stop processing!" which would mean we would have to shut down. We don't want that!
(01:17:36) AlejandroMery: can we just move this to the svn?
(01:18:05) TeusHagen: Well the form will appear somehow at some time.
(01:18:09) PhilippDunkel: So we need to send them something that says we are registering. Even if we don't have all the info perfect yet.
(01:18:10) EvaldoGardenali: we keep adding external tools and data formats we cannot handle
(01:18:14) EvaldoGardenali: that is real bad
(01:18:44) PhilippDunkel: Rasika chose to work with google docs and I just did not make a fuss, because I just wanted to move forward.
(01:18:59) PhilippDunkel: He has been working with google docs on this for a long time
(01:19:32) AlejandroMery: that's not even google docs, it's google _sites_
(01:20:12) PhilippDunkel: I myself use neither realyy. So I couldn't tell you the difference ;)
(01:20:30) AlejandroMery: one is for making documents, the other for making websites
(01:20:40) ***PhilippDunkel shrugs
(01:20:48) PhilippDunkel: Any case:
(01:21:09) TeusHagen: Well I can send someone the Windows exec that should create some type of form in dutch. Hope we can add english on that so we know what we are talking about. That cannot be done now. But as soon as possible for now. Who can I send the Windows exec?
(01:21:46) AlejandroMery: is this form Classified? may I copy it to the wiki?
(01:22:05) EvaldoGardenali: TeusHagen: as I can see, the exec is dutch only
(01:22:09) PhilippDunkel: I can send you the PDF with the translations, then the dutch version would be enough?
(01:22:17) PhilippDunkel: http://www.pastebin.ca/FKYV9P68
(01:22:24) PhilippDunkel: Password: b20090328
(01:22:26) TeusHagen: The form is not classified as far as I know off. At least it would violate the dutch openess law.
(01:22:41) PhilippDunkel: You can find there the current state of things
(01:22:57) PhilippDunkel: It is basically a "Printout" of the google sites document
(01:23:19) PhilippDunkel: It contains all the dutch text and in parehtesis (or underneath) the english translation
(01:23:25) AlejandroMery: Configuration Management should save us from this :(
(01:23:53) GregStark: How are we on the agenda at this point?
(01:24:11) AlejandroMery: (bad)
(01:24:11) PhilippDunkel: The fields are filled in in my horrible dutch and in english as well
(01:24:27) PhilippDunkel: We still need to decide what to do with the DCC
(01:24:32) TeusHagen: Talking about DPA notifaction on Monday or not (ie later).
(01:25:07) PhilippDunkel: @TeusHagen: what are your thoughts on responsible party & contact person
(01:25:20) TeusHagen: Again: who can I send the Windows exec so I get the form and can add english on to it?
(01:25:27) PhilippDunkel: So that we can judge whether we need to find another solution by monday/tuesda
(01:25:45) Vous tes dsormais connu sous le nom de GolfRomeo
(01:25:56) GolfRomeo: hi
(01:26:13) EvaldoGardenali: TeusHagen: send me, I'll try to help
(01:26:26) EvaldoGardenali: the CAcert laptop came with a Vista license
(01:26:46) PhilippDunkel: Note: the form in the pastebin was actually created by Rasika from the Windows Exec
(01:27:11) TeusHagen: Responsible party is CAcert Inc. (or Oophaga or CAcert NL if you ask Alex/Arnoud). Contact is one of SubCmtee. With that board has created solutions and is acting on the DPA but of course not yet ready (how could they).
(01:27:23) GregStark: Msft Excel?
(01:27:25) AlejandroMery: Hi Guillaume
(01:27:40) PhilippDunkel: So I think we could just use that as it is almost identical to the original except that I added the english for easier understanding
(01:27:45) PhilippDunkel: Hi GR
(01:27:48) GolfRomeo: Hi Mnemoc :)
(01:27:59) GolfRomeo: Hi All :)
(01:28:42) AlejandroMery: TeusHagen: so we are done with that for now?
(01:28:53) PhilippDunkel: Well there is no "CAcert NL", Oophaga does not qualify because "The responsible party shall implement appropriate technical and organizational measures to secure personal data against loss or against any form of unlawful processing. These measures shall guarantee an appropriate level of security, taking into account the state of the art and the costs of implementation, and having regard to the risks associated with the processing a
(01:29:03) TeusHagen: Guillaume: we are at the point of DPA to be done on Monday (has problems) or urgently later via the SubCmtee.
(01:29:09) PhilippDunkel: And CAcert Inc. can't do it because it is not in NL
(01:29:29) GolfRomeo: TeusHagen : ok
(01:29:46) TeusHagen: So you do not have a responsible party in your opinion.
(01:30:02) GregStark: No, CAcert is doing business inn NL
(01:30:27) GolfRomeo: any agreement on who is the Responsible Party ? not yet ?
(01:30:28) PhilippDunkel: No. We either need to create one, or find someone who will be it.
(01:30:30) GregStark: So, theey have to comply just like IBM
(01:30:36) PhilippDunkel: CAcert inc is not doing business in NL
(01:30:42) TeusHagen: As far as I see it is CAxcert Inc. Greg thinks so as well.
(01:30:49) PhilippDunkel: But IBM actually has a registered company in NL
(01:30:54) GregStark: IT is operating in NL
(01:31:04) AlejandroMery: who is being doing business in NL?
(01:31:12) PhilippDunkel: Nope it is not! Oophaga is operating servers for CAcert Inc.
(01:31:16) PhilippDunkel: That's it
(01:31:22) EvaldoGardenali: we should file it as CAcert Inc.
(01:31:41) EvaldoGardenali: the regulator will tell us if it thinks CAcert Inc. is not fit
(01:31:48) PhilippDunkel: Oophaga is contracting with CAcert internationally. That does not put CAcert Inc. into the netherlands
(01:31:53) GolfRomeo: EvaldoGardenali : I guess CAcert Inc.
(01:31:54) TeusHagen: No I saw explanation of Arnoud who says: Oophaga has the data on its mnachine so is responsible party.
(01:32:09) EvaldoGardenali: TeusHagen: no, its the processor
(01:32:33) AlejandroMery: if we file it as CAcert Inc., do we gain time?
(01:32:33) PhilippDunkel: But it cannot be the responsible party, because it does not have any controll over the processing nor the measures CAcert adopts to secure it
(01:32:53) TeusHagen: Problem is: Oophaga has no insight or control on the data at all. See the Rasika report.
(01:32:58) PhilippDunkel: Acutally it's not even the processor. It is simply the "ISP"
(01:33:18) GregStark: Oophaga has control over the contents on the servers/
(01:33:18) PhilippDunkel: @TeusHagen: exactly! that is why oophaga can't be it!
(01:33:23) AlejandroMery: TeusHagen: we don't have the rasika report!
(01:33:29) TeusHagen: No it is not the ISP. The disks are owned by Oophaga. This is much different from an ISP.
(01:33:34) PhilippDunkel: @Greg: nope it does not: Our admins do
(01:33:45) PhilippDunkel: They are bound to us as members and as under the SecPol
(01:33:54) GolfRomeo: Wytze and Mendel are CAcert people !
(01:34:11) EvaldoGardenali: TeusHagen: hosting provider
(01:34:15) AlejandroMery: is Wytze willing to be apointed?
(01:34:26) PhilippDunkel: They are not acting as part of Oophaga. Because if they were we would need to either audit them or requre an audit from them, which will never hapen!
(01:34:30) GregStark: This gets us back to DPA is none issue.
(01:34:35) TeusHagen: Have not asked him.
(01:34:41) EvaldoGardenali: TeusHagen: I have rented servers in US datacenters. they own the disks, I own the data
(01:34:56) PhilippDunkel: @evaldo: exactly
(01:35:27) PhilippDunkel: We need a responsible party.
(01:35:47) TeusHagen: We will not solve it now.
(01:35:50) AlejandroMery: beside the responsible party, what does it left for tonight?
(01:36:09) TeusHagen: Nothing more in my opinion.
(01:36:34) PhilippDunkel: There are solutions I can think of.
(01:36:34) PhilippDunkel: 1. We name the SubCommitee (or the NL person)
(01:36:34) PhilippDunkel: 2. We create CAcert Inc-NL and transfer everything to them and dissolve CAcert Inc-AU
(01:36:44) EvaldoGardenali: can we file CAcert Inc. as responsible party?
(01:36:55) TeusHagen: Conclusion: need to have the DPA form text in a workable way. Who can see into the Windows exec?
(01:36:56) AlejandroMery: PD: all for monday morning?
(01:37:04) PhilippDunkel: No because it is not in the NL
(01:37:08) EvaldoGardenali: TeusHagen: me
(01:37:20) EvaldoGardenali: TeusHagen: send me the url
(01:37:44) TeusHagen: Evaldo: will do.
(01:37:48) PhilippDunkel: @TeusHagen just download it from pastebin and edit the HTML
(01:37:55) PhilippDunkel: it comes from the windows exec
(01:38:15) EvaldoGardenali: I'll restate my question
(01:38:35) AlejandroMery: EvaldoGardenali: I have asked that already, no reply
(01:38:56) EvaldoGardenali: can we file CAcert Inc. as responsible party, and wait for DCC to evaluate and eventually ask us for an alternative Responsible Party ?
(01:39:19) GregStark: THat works
(01:39:34) GregStark: Also FSF input
(01:39:34) TeusHagen: The notification link: http://www.dutchdpa.nl/downloads_melden/cbpweb.exe
(01:40:19) AlejandroMery: the trust is we are CAcert Inc.@AU, then stating that in the form (invalid or not) will be correct, transparent and fair
(01:40:22) EvaldoGardenali: in such case, we'd be acting righteously, early, and have appropriate feedback in case they dont accept our RP application
(01:40:24) AlejandroMery: truth*
(01:40:24) GregStark: I think we need to look at this from AU company has data cervers in nL
(01:41:01) TeusHagen: I would suggest to file CAcert Inc. as responsible party. And deal with it from there. This is reflecting the current situation and the rest is opinions and speculations.
(01:41:10) AlejandroMery: aye
(01:41:29) EvaldoGardenali: so, can we make it a motion?
(01:41:32) PhilippDunkel: @Greg: In which case we need to file or stop. If we file we still need a responsible party. But let's go with registering CAcert Inc. for now
(01:41:36) GregStark: Aye
(01:41:56) TeusHagen: OK this solves the repsoble party issue.
(01:42:11) AlejandroMery: great, session closed? :)
(01:42:11) PhilippDunkel: But that also means that this transscript must not be made public, because we acknowledge here that we are filing with information known to be wrong!
(01:42:28) GregStark: @ pd MY COMMENT WAS OUT OF PLACE.
(01:42:29) AlejandroMery: PhilippDunkel: known to be the truth
(01:42:57) PhilippDunkel: Which means that we also have to formally retake the votes/motions from earlier!
(01:43:04) TeusHagen: Conclusion: it is up to subcmtee and DPA notification is handled as soon as possible. We cannot promis today or tomorrow that this is done on Monday. It is as it is.
(01:43:18) PhilippDunkel: So someone just send a mail to the board list with the motions and let's "Vote" again
(01:43:53) PhilippDunkel: Didn't we jsut decide to file by tuesday with CAcert Inc as responsible party and the subcommittes as contac?
(01:43:58) EvaldoGardenali: PhilippDunkel: CAcert is committed to Openness, and I do not think we are acting wrongly here
(01:44:20) EvaldoGardenali: PhilippDunkel: we are being sincere to the DCC, we are CAcert, Inc. and we are the responsible party
(01:44:30) PhilippDunkel: Oh you don't? I think what is happening here is actually criminal!
(01:44:54) TeusHagen: Agree. But all may have opinions on their own.
(01:45:04) PhilippDunkel: @evaldo: Yes that's true, but we also know that the responsible party MUST be in NL!
(01:45:28) GolfRomeo: "this transscript must not be made public," I will keep a full copy and remove all undisclosable parts
(01:45:35) TeusHagen: PD: that cannot be solved now. So we do what is possible.
(01:45:37) PhilippDunkel: So we are willfully providing the DCC with incorrect information. And that is a problem
(01:45:39) EvaldoGardenali: PhilippDunkel: I didnt find it in the DPA text that its NL-only
(01:46:42) PhilippDunkel:
(01:46:42) PhilippDunkel: Article 4
(01:46:42) PhilippDunkel:
(01:46:42) PhilippDunkel: 1. This Act applies to the processing of personal data carried out in the context of the activities of
(01:46:43) PhilippDunkel: an establishment of a responsible party in the Netherlands.
(01:46:58) EvaldoGardenali: TeusHagen: http://img25.imageshack.us/img25/1522/dpa01.jpg
(01:47:25) EvaldoGardenali: TeusHagen: the program is interactive, with many text screens like that, and some input fields
(01:47:39) PhilippDunkel: Click "Volgende"
(01:47:46) PhilippDunkel: (means "Next"
(01:47:56) EvaldoGardenali: another textfull screen
(01:47:59) EvaldoGardenali: next again
(01:48:10) EvaldoGardenali: and again
(01:48:15) TeusHagen: Evaldo: so no way to get that in a workable format :-(
(01:48:47) PhilippDunkel: As I said before: the thing in the pastebin was originally generated by this Exec
(01:49:09) PhilippDunkel: http://www.pastebin.ca/FKYV9P68 password b20090328
(01:49:10) EvaldoGardenali: 4th screen is like that http://img25.imageshack.us/img25/445/dpa04.jpg
(01:49:21) PhilippDunkel: Just use it. It also has most of the fields already filled out!
(01:49:48) EvaldoGardenali: TeusHagen: indeed
(01:49:59) PhilippDunkel: Rasika & I spent quite some time on it
(01:50:43) TeusHagen: PD: can you send it to me in a format I can work with?
(01:51:27) PhilippDunkel: Which formats can you work with? I'll send it to you anyway you want
(01:51:31) TeusHagen: Remains: responsible body needs tro be in Nld. That is not now solvable. So that needs to be investigated.
(01:52:01) PhilippDunkel: So the decision is to file with CAcert Inc. on tuesday?
(01:52:13) PhilippDunkel: That leaves whether the subcommittee accepts
(01:52:15) TeusHagen: All open source formats, all Word formats.
(01:52:21) AlejandroMery: (7 minutes to 3am)
(01:52:22) PhilippDunkel: Ok
(01:53:17) GolfRomeo: m20090328.1 : ok
(01:53:28) TeusHagen: Yes: sub cmtee has to accept. DPA notication is worked on but will not be ready on Monday probably.
(01:54:01) PhilippDunkel: @TeusHagen: you have mail (RTF)
(01:54:04) TeusHagen: OK thanks for the ack Gullaume.
(01:54:16) EvaldoGardenali: AlejandroMery: its a 'Raving with CAcert' session
(01:54:25) TeusHagen: Hope Open office can read RTF..?
(01:54:34) PhilippDunkel: Ok so will we file on Tuesday morning?
(01:54:58) PhilippDunkel: @TeusHagen: there isn't anything much more open than rtf (OO can do it)
(01:55:36) TeusHagen: Hopefully on Tuesday. It is not all in my hands.
(01:55:50) TeusHagen: RTF: id OOo can do it it is ok.
(01:56:07) TeusHagen: More to be discussed?
(01:56:26) TeusHagen: If not I go to bed now.
(01:56:28) PhilippDunkel: Ok, then we need to know by Monday night if there will be a filing. If not we should have another meeting monday night
(01:56:36) EvaldoGardenali: should we move to email motions
(01:56:39) EvaldoGardenali: its late for the EU folks
(01:57:04) PhilippDunkel: @evaldo: I would strongly advise to keep this log very private. and redo the motions via email!
(01:57:11) AlejandroMery: it's even later as today the hour changes ;-)
(01:57:13) philipp a quitt le salon (quit: Quit: Get Colloquy for iPhone! http://mobile.colloquy.info/)
(01:57:16) EvaldoGardenali: PhilippDunkel: send the motions in
(01:57:30) EvaldoGardenali: PhilippDunkel: I will not publish the log myself
(01:57:30) PhilippDunkel: Ok.
(01:57:51) TeusHagen: Ok I close the meeting.
CategoryBoardMinutes
