. ''' /!\ Warning... work in progress ONLY ... /!\ ''' = Special Report on the events leading up to the SGM April 2016 = == Abstract == == Introduction == At the SGM of .... an ordinary resolution was passed by the membership: . ''6. RESOLVED, the new committee is to create a detailed and fully transparent, uncensored report of the old committee's activities since the AGM to which all members of the community may contribute. This report is to be presented to a general meeting for ratification.'' This report derives from that motion. This report is written in two large phases - the events of 2015 leading up to the AGM in November of that year, and thereafter up to the SGM in April of 2016. In that SGM was a resolution requiring the production of a report describing the events. The victors write the history - this report is written substantially by the side that prevailed in the SGM to remove the other side, and therefore might be considered biased. Even that there were sides is an uncomfortable claim, but it is fairly clear that people were forced more and more into picking one or other of the sides. That said, one goal of this report is to try and identify the causes that led to such a crisis - from both sides. As we go into this, the documented cases form the bulk of serious evidence, and they must necessarily do so because documents placed before a forum of dispute resolution are evidence of the highest form. If there was stuff happening outside a case, either it was irrelevant to the case, or it was the fault of the parties for not putting it into the case file. A further body of evidence is the email and list traffic. These are reliable in that they were sent and the systems record the traffic dutifully. Of course interpretation is left to the reader. Where strong claims are made based on email, it behoves to present a pattern so as to eliminate self-serving viewpoint. Finally, any commentary over a ruling should be seen as critique in the nature of the legal historian - looking for the effect. A ruling is final and binding, and it is not the intent of this document to challenge any arbitration or ruling. We've had enough of that for the time being, as events will show. === Legend of Characters === || '''Short forms''' || '''full name''' || '''role of relevance (beside of member)''' || || Alex || Ian Alastair Robertson || Case Manager, arbitrator || || Benedikt || Benedikt Heintel || internal auditor || || Benny || Benny Baumann || software assessor || || Dirk, DA || Dirk Astrath || president 2014/15, 2. secretary 2015/16 || || Dunkel, PD || Philipp Dunkel || Arbitrator || || Eva, ES || Eva Stöwe || Arbitrator || || Felix || Felix Dörre || 1. board 2015/16, software coder || || [[Iang]] || Ian Grigg || 2. vice-president 2015/16 || || Jürgen || Jürgen Bruckner || vice-president 2014/15, 1. vice-president 2015/16 || || Lambert || Lambert Hofstra || Arbitrator || || Marcus || Marcus Mängel || support engineer, 1. secretary 2015/16 || || Martin, magu || Martin Gummi || arbitrator, DRO, NRE TL, events TL || || Reinhard, RM || Reinhard Mutz || 1. president 2015/16 || || Stefan || Stefan Thode || 1. treasurer 2015/16 || || Uli, u60 || Ulrich Schröter || Arbitrator || || Werner || Werner Dworak || support engineer || == Events of 2015 == === Approximate Causes - Disagreement === The genesis of the troubles is a long running tension between one group of people and another group of people. The tensions came to a head over some cases ruled upon by arbitrator Eva and some of the critical teams. Factors to be considered include: Eva was the only person standing up and handling (many many) disputes over the key period, and therefore took the lion's share of the difficulties; Eva is a detailed/obsessive person which is a fine and valuable skill for an arbitrator, critical even for difficult cases, but can be overwhelming to others unused to the complex dictats of DRP and SP; security policies require intervention of arbitrator at many detailed and important areas. Critical team were doing good work and wished that they could just get on and do it, but SP and the fabric of CAcert imposed important requirements over process. The tensions also existed in other areas. Members of the board throughout 2015 was also at loggerheads with those that became members of the board of November 2015. See a [[https://lists.cacert.org/wws/arc/cacert/2016-02/msg00006.html|2016-02 post by Iang]] for view at that time. === A List of Cases of Tension === Not all these cases show difficulties, but some form of pattern is found: || '''Case Nr.''' || '''Case Manager''' || '''Arbitrator''' || '''Status''' ||'''Synopsis''' || || [[Arbitrations/a20120614.1|a20120614.1]] || MartinGummi || EvaStöwe || {g} closed || Emergency Patch || || [[Arbitrations/a20121228.1|a20121228.1]] || BernhardFröhlich || EvaStöwe || {g} closed || Abuse of position || || [[Arbitrations/a20140124.1|a20140124.1]] || MarioLipinski || MartinGummi || {o} running || Arbitrated Background Check over Eva S || || [[Arbitrations/a20140126.1|a20140126.1]] || MartinGummi || EvaStöwe || {o} running || Request for Analysis of Data Consistency || || [[Arbitrations/a20140130.1|a20140130.1]] || MartinGummi || EvaStöwe || {o} running || Dispute due to wrong data because of UTF8/ISO-char || || [[Arbitrations/a20140322.1|a20140322.1]] || BernhardFröhlich || EvaStöwe || {g} closed || Maybe lost information in the database || || [[Arbitrations/a20140324.1|a20140324.1]] || MartinGummi || EvaStöwe || {g} closed || Arbitration against the removal of Dominik G from all mailing lists || || [[Arbitrations/a20140422.1|a20140422.1]] || BernhardFröhlich || EvaStöwe || {o} running|| Gather evidence about the SQL injection/ shell execution discovered in #1272 || || [[Arbitrations/a20140422.2|a20140422.2]] || BernhardFröhlich || EvaStöwe || {o} running || Unapproved modification on Critical System || || [[Arbitrations/a20140518.1|a20140518.1]] || BernhardFröhlich || EvaStöwe || {g} closed || Maybe exclusion of a member || || [[Arbitrations/a20140625.1|a20140625.1]] || EvaStöwe (iCM) || || {g} dismissed || Dispute against Critical || || [[Arbitrations/a20140627.1|a20140627.1]] || || || {-} init || critical team certificate || || [[Arbitrations/a20140712.1|a20140712.1]] || || || {-} init || Dispute against the acting supporter in s20140623.75 || || [[Arbitrations/a20140815.1|a20140815.1]] || EvaStöwe (iCM) || || {g} merged into [[Arbitrations/a20140712.1|a20140712.1]] || Attempted privacy data breach || || [[Arbitrations/a20140925.1|a20140925.1]] || MartinGummi || EvaStöwe || {g} closed || Dispute for privacy violation || || [[Arbitrations/a20141022.3|a20141022.3]] || || || {-} init || Dispute about who decides how support organizes its work internally || || [[Arbitrations/a20141024.1|a20141024.1]] || MartinGummi || EvaStöwe || {0} execute || terminate assurer account Bruno || || [[Arbitrations/a20141027.2|a20141027.2]] || || || {-} init || Dispute against the arbitrator of case [[Arbitrations/a20140518.1|a20140518.1]] || || [[Arbitrations/a20150114.2|a20150114.2]] || MartinGummi || BernhardFröhlich || {o} running || Wrong version of CCA on website || || [[Arbitrations/a20150114.3|a20150114.3]] || || || {-} init || Dispute against the Arbitrator and CM of [[Arbitrations/a20150114.1|a20150114.1]] || || [[Arbitrations/a20150116.1|a20150116.1]] || || || {-} init || appeal against [[Arbitrations/a20150114.1|a20150114.1]] - update of first Arbitration case entered by me at 2015-01-14 [[Arbitrations/a20150114.3|a20150114.3]] || || [[Arbitrations/a20141118.1|a20141118.1]] || MartinGummi || EvaStöwe || {o} running || Investigation on bug 1339 || || [[Arbitrations/a20150125.1|a20150125.1]] || || || {-} init || Dispute for sending out a mail from the webdb regarding bug 649 || || [[Arbitrations/a20150216.1|a20150216.1]] || || || {-} init || appeal against the second ruling of [[Arbitrations/a20150114.2|a20150114.2]] || || [[Arbitrations/a20150420.1|a20150420.1]] || AlexRobertson || PhilippDunkel || {g} closed || Dispute against: Block of SE and other HR issues, abuse of authority, assumption of authority || || [[Arbitrations/a20150423.1|a20150423.1]] || EvaStöwe || || {g} rejected || [[Arbitrations/a20150420.1|a20150420.1]] ... || || [[Arbitrations/a20150725.1|a20150725.1]] || || || {g} declined || Harm to swift processing of security issue || || [[Arbitrations/a20150823.1|a20150823.1]] || PhilippDunkel || EvaStöwe || {g} closed || ABC for Stefan T || || [[Arbitrations/a20150825.1|a20150825.1]] || || || {-} init || Req. to remove EvaStöwe as (A) and (CM) from cases of (C) || || [[Arbitrations/a20150908.1|a20150908.1]] || || || {g} merged, closed || dispute against Dirk -> joined into a20150916.1 || || [[Arbitrations/a20150916.1|a20150916.1]] || EvaStöwe || PhilippDunkel || {o} running || remove defamatory statement || || [[Arbitrations/a20150924.1|a20150924.1]] || || || {-} init || Appeal against a20150420.1 || || [[Arbitrations/a20151021.1|a20151021.1]] || || || {-} init || appeal against case a20140518.1 || || [[Arbitrations/a20151028.1|a20151028.1]] || || || {-} init || Dispute based on report of attack on arbitration || || [[Arbitrations/a20151125.1|a20151125.1]] || AlexRobertson || EvaStöwe || {0} execute || Strike down AGM resolutions || || [[Arbitrations/a20151208.1|a20151208.1]] || || || {-} init || review over removal of access for 2 arbitrators by board order || || [[Arbitrations/a20160330.1|a20160330.1]] || MartinGummi || LambertHofstra || {o} running || Dispute to cancel the rebel meeting || || [[Arbitrations/a20160913.1|a20160913.1]] || || || {-} init || Appeal of Arbitration Case a20150823.1 || || [[Arbitrations/a20161128.1|a20161128.1]] || || || {-} init || Appeal against dismissal of a20150725.1 || === a2015xxxxx - The Critical SE case === Things came to a head when Arbitrator (Eva) ruled in a duly filed dispute that a critical team member had made key mistakes in handling of important issues and ruled on retraining. A group of supporters became very upset by this ruling and decided to fight it. A dispute was filed (a20150420.1 below) to have the original ruling overturned and to have Eva removed as Arbitrator. (To this author's knowledge, nobody ever presented evidence against the key ruling.) === a20150420.1 - The Heads of Power case === This case became the key point from which open conflict emerged and it is therefore important to treat it fully. ==== Cause ==== Claimants Bruckner, Maengel, Mutz and Baumann filed dispute which was determined to be ''"the Respondent has continuously abused and exceeded the powers granted to her by CAcert in a way detrimental to both CAcert generally as well as CAcert Arbitration particularly. This case is filed with the intent to determine if the actions taken do in fact represent abuses and excessions, and if so found determine remedies to prevent the Respondent from doing so in future."'' It should be noted that the claim above is as stated by the Arbitrator. The actual claims as presented were not clear. ==== Preliminaries And Summary ==== Arbitrator Ulrich accepted the case, but had a potential conflict (he had advised on how to file the dispute). Dunkel then accepted the case as second Arbitrator. Arbitrator (Dunkel) went through all the evidence presented and relevant rulings. Talked to who was involved. Ruled that that Eva's rulings were "exemplary," Arbitrators could only be removed by all three heads of power, and members could only serve as officer in one head of power at once. ==== Interpreting the case as a challenge to Arbitrator ==== This was an unprecedented challenge to a sitting arbitrator for causes to be found, but it also raised a lot of issues. Was this an appeal against a ruling? Was it a case against a person? Or, against an Arbitrator? In relationship to a sitting case? What was the process for this? Was the case to order less excess, or to remove the person concerned? None of this was obvious at the start, and although the DRP protects the Arbitrator at several points: . DRP 1.5 ''Arbitrators ... should be independent and impartial, including of CAcert Inc. itself where it becomes a party.'' . DRP 2.1 ''The Board of CAcert Inc. and the Members of the Community vest in Arbitrators full authority to hear disputes and deliver rulings which are binding on CAcert Inc. and the Members.'' . DRP 3.5 ''All liability of the Arbitrator for any act in connection with deciding a dispute is excluded by all parties, provided such act does not constitute an intentional breach of duty.'' it remains silent on how exactly an Arbitrator could be challenged on these points, where for hypothetical example, an intentional breach of duty or a fault of independence were to be found. ==== Independence ==== Indeed, the first point was raised quickly - by the respondent. When the first Arbitrator was challenged on a conflict of interest, to whit ''that he was involved in the creation of the dispute,'' he withdrew. Dunkel took over the case, and was at that point unaware of practically all of the foregoing events and the personalities involved. In short, there is every reason to believe that Dunkel entered the case independent and unbiased. ==== Claim ==== The best public record of the claim is likely [[Arbitrations/a20150420.1#Final_Dispute_filing_modified|Final Dispute filing modified]]. Unfortunately it is not clear from that description whether any activities of the arbitrator would have crossed the above tests, that is, an intentional breach of duty or a fault of independence. Indeed, every one of them as written could be classified with some squinting as a mistake, an overreaction, a ''so what'' or sour grapes. Overall, the complaint reads as exasperation with a person who is over-present and under-aligned with the other team mates. These essentially personal remarks could only really be proven with abundant and further evidence. But unfortunately this complaint was against an arbitrator, stating ''"...the arbitrator of the said case may have exceeded his authority with the suspension, but at least overshooting the mark"'' which raises the stakes rather high - the (new) Arbitrator may have to consider the possibility that behind the sour grapes is an underlying cause against the prior Arbitrator. As each (and prior) Arbitrator is held to a high bar of independence and careful judgement, but wields significant power, the potential for abuse is clear. Therefore, it may be that sour grapes may have to be deferred for the moment, and a cause sought underneath. In the event then, the Arbitrator decided to do exactly that - to treat the case as a review over the prior Arbitrator, as much as other factors, even though DRP does not speak to that issue. In this decision, the case may be seen as a precedent in how to deal with this question, but such a precedent is likely unfinished business because it opens the door to abuse, more of which to be seen below. ==== #4 - Ruling on the direct claims ==== In the ruling, ''much evidence has been viewed in regards to the specific allegations made by the claimants as well as additional material sought out by arbitration itself. While there is ample evidence for conflict, there is no evidence whatever to suggest that Eva has ever acted against policy.'' Finally, Dunkel said: . #4 ''> Ruling: This arbitrator holds that none of the reviewed material has given any indication of an abuse of power or authority nor any violations of policy by the respondent Eva Stöwe. In fact her work as an arbitrator has been exemplary. She has not acted in any evident way contrary to the best interests of CAcert in either her role as arbitrator or policy officer.'' The claim against Arbitrator therefore fails completely. . personal remark by [[Iang]]: ''I have also read the rulings and evidence where published, and am of the opinion that the evidence was empty, the claims had no merit, and the conclusion is representative (i.e., "exemplary"). But, note that the rulings do not capture personalities above. Arguably, they shouldn't as rulings, but bear in mind that here we write about the events to follow, and not about what a ruling should or should not do.'' ==== Ruling on the wider implications ==== Because of the gap in coverage over the question of an abuse by an Arbitrator, Dunkel felt impelled to cover these issues as well. ''As [such] this case has to ask how can officers be removed as well as how can arbitrators be removed.'' The full case is decidedly important, the logic will effect affairs in CAcert for some time, and as this case was the lightning rod of future conflict, it behoves to examine each point. In order, with our numberings: . #1 ''CAcert Inc. officers can only be removed by the board of CAcert Inc.'' . #2 ''An arbitrator can only be removed if all three branches of CAcert governance agree that the bar of acting contrary to "good behaviour" has been met, which means that a wilful act contrary to policy is required.'' . #3 ''A single individual may not hold active roles or offices in more than one branch of CAcert governance at the same time. ...'' . #5 ''The claimants acted entirely proper in bringing this case as a tool for investigating and adjudging a possible abuse/excess of powers.'' ==== #2 - How to remove an Arbitrator? ==== On the question of how to remove an Arbitrator, we have a quandary. Dispute Resolution Policy (DRP) does not say, and it's never happened before in an adverse context. Dunkel decided to create a 'precedent ruling' on the question: #2 created a new rule that said that an Arbitrator alone cannot remove another Arbitrator - so the case filed by the complainants must also fail on the very question it posed. Further, the Board ''alone'' could not remove an Arbitrator, a point that should be borne in mind as events unfold. Indeed Dunkel went so far as to state that only with all three heads of power operating together could an Arbitrator be removed. Some comments: * This ruling is within the right of the Arbitrator. It was a valid question put before the case by complainants, there isn't a rule nor policy nor power in place for this, and therefore the Arbitrator is entitled to make a rule. * The ruling sets a high bar. Some might say it is too high a bar, but from the position of an arbitration ruling over this question, it is actually far wiser to be high than low, because there are two clear alternatives: * Policy group's jurisdiction over the DRP itself. In short, Dunkel deliberately laid down the gauntlet: it is up to policy group to rewrite DRP or similar to come up with a more nuanced approach. * And, an appeal may still be heard. In summary, many have issue with this ruling. But the situation is clear - we have a precedent ruling, and if we want to change it, to policy group we go. Clear as glass. Until we change the ruling, it is our ruling. Or so we would hope... ==== #3 - Conflicts between roles ==== #3 - On the questions of conflict of interest, Dunkel ruled that no-one can hold office with more than one head of power. Little was written in the causes of the case to suggest that this was an issue, but the Arbitrator thought it worth ruling upon. Whether this implicitly suggests the respondent may have been wearing too many hats or not is open to question, because in practice Eva was not holding an executive position with Board nor was current as policy officer. Wearing too many hats - being both an Arbitrator and a participant - can be confusing, it takes a lot of experience to deal with the potential for conflict, and it isn't always apparent to others. Dunkel therefore ruled to place a barrier to too many hats. It might be interpreted that this was a nod to the claimants, but it also can be seen as a defect in their own competences to deal with complicated situations as others did not have the same difficulty. Some notes: * Where Dunkel placed the barrier is debatable. It doesn't stop a person holding too many critical team leader roles. It doesn't stop an Arbitrator taking on too many cases. * It also doesn't address one of the core difficulties of CAcert - that too few volunteers were doing too much of the work, so conflicts were inevitable and commonplace. * In the event, Eva was not effected because she was not acting in effect or actively as policy officer. * At least four others were impacted by the ruling. As a consequence we actually lost hats and possibly work because of this ruling. But, again, that debate should be necessarily outside the ruling. What should be recognised is that the Dunkel accepted that the respondent may have had too many hats, and that may have led to confusion amongst others less adept at dealing with either personal conflict or complex roles. ==== #5 - Was the case appropriate? ==== In addition to the above olive branch, Dunkel also laid out #5, that the case was proper. This was a substantial admission to the claimants. ==== Interpretations, Conclusions and Consequences ==== But, the case being proper was another troubling area of the case, because there are differing ways of reading the case: . Way 1. That ''"This case can be considered a legitimate attempt to ascertain whether an arbitrator or a CAcert officer have abused or exceeded their authority. Such cases have an important function in the CAcert governance scheme and should not be discouraged."'' This could be read as if it is reasonable to file this case and all others like it. . Way 2. That, as ''"arbitration could also be abused to harass or embarrass an individual it is also prudent to examine whether this has been the case and potentially sanction the claimants for such behaviour"'' and although this case was not seen as harassment, ''"the bar for adjudging abuse needs to be set exceedingly high."'' Claimants should therefore be warned that the chances of their case being seen as harassment are much higher than their chances of prevailing against another individual, and especially high against an arbitrator because of the protections in DRP 2.1, 3.5. Finally, recall that DRP 3.3 ''the Ruling is ordinarily final and binding on CAcert Inc.and all Members.'' Therefore, this case is closed, you lost, now it is time to get back to work. And, if you were to be file again, you will be doing so in the face of warnings of potential abusive behaviour. These are hypothetical interpretations of course. Either of those particular messages could have been reasonably read from the case - i.e., go file a better case, or alternatively, don't flirt with the bar of harassment again. In the event, however, the claimants took a third path and challenged the ruling directly, at its core. Thus, not only was the Dunkel Ruling a trigger for future events, it was also treated - read as if - the claimants took the ruling as yet more evidence of abuse by arbitrators, which led them to ''carte blanche'' defy future rulings and arbitrators, and to a general project to disassemble arbitration entirely. === Other events... === ==== Challenges to the Dunkel Ruling ==== The group of claimants and their immediate supporters chose to challenge the ruling on as many grounds as they could think of (none particularly relevant). They also proposed to the membership of CAcert Inc a resolution for the upcoming AGM saying "to reform Arbitration" being an instruction to CAcert Inc to change arbitration to something else, although this was not clear, and the motion as posted would have created an open mandate for board. Unfortunately, this resolution would have placed CAcert Inc in conflict with Arbitration (independence) and policy group (responsibility for changing policies). This was pointed out loudly on CAcert Inc members list and the resolution was eventually withdrawn. Somewhere in this mix, some of the group filed dispute against Iang for making defamatory statements, such as "you've breached CCA by disputing arbitration." XXXX research this. Iang filed a cross-complaint saying they had breached CCA, and requested their termination. That dispute was handled by Dunkel as Arbitrator and Eva as CM. Reinhard did challenge the choice of CM but Arbitrator dismissed the challenge. === The AGM of November 2015 for FY 2014/15 === At the association's [[AGM/AGM20151122|AGM of 2014/15]] a committee consisting of the above malcontented group was accepted without opposition. Unfortunately, there was no effective opposition at the board level as the opponents to the group were old timers who had done their time on board, or were in arbitration, and were in no hurry to return. == Post-AGM Activities of the new Committee November 2015 to April 2016 == === Challenge to (resolutions of) the AGM === At the AGM, the presentation and voting on some resolutions raised issues as to what the resolutions were supposed to be about. For example, ''"Sub committee for transition"'' in the business agenda become ''"to create a sub committee, staff it and delegate the needed power to it, to prepare and conduct the transition of assets and information from CAcert Inc"'' being a refinement of some materiality! Iang filed dispute requesting relief, including ''All Resolutions of the recent AGM be declared null and void where they were not correctly voted upon as presented in the Business call'' [[Arbitrations/a20151125.1|a20151125.1]]. Although the intent was to only analyse those ordinary business resolutions lacking announced content, it was possible to read it more broadly. Indeed, the arbitrator Eva felt obliged to warn the board that it was possible that the entire AGM would be ruled invalid. Although there was never an intention to challenge more than the ordinary resolutions for their presentation as listed in the complaint, and although none of the results had any great impact on anything, it then became possible to interpret the dispute as a challenge the entire board. It is believed that the board responded to this dispute over resolutions as an attack to replace them prematurely. === First meeting of the board === The board met and accepted Reinhard as President, Jürgen as vice-President, Marcus as Secretary, Stefan as Treasurer [[https://lists.cacert.org/wws/arc/cacert-board-private/2015-11/msg00086.html|Transcript]]. Felix as ordinary member. In later correspondence, Kevin was confirmed as Public Officer. Peter and Robert were confirmed as ordinary members of the committee after the AGM. A motion was passed to request handover of documents. Committee took on as 'first serious task' the re-signing of the roots, with intent to present a solution at FOSDEM. Committee also adopted the mission statement of '[[https://blog.cacert.org/2015/11/get-audit-ready/|Get Audit ready]]!' Benny was appointed to Software team lead, and Martin as temporary Events Officer. Marcus was re-appointed to support. === Private Meetings === There was very little discussion in the meeting [[https://wiki.cacert.org/Brain/CAcertInc/Committee/MeetingAgendasAndMinutes/2015-11-28|Minutes & transcript]], in comparison to prior boards, and this is a pattern that repeated for the remainder of the board's term. The board also routinely did not disclose the contents of the private mailing list to the community. It was later discovered that in order to conduct their meetings, the committee had set up a password-protected 'teamspeak' VoIP system [[https://lists.cacert.org/wws/arc/cacert-board-private/2015-11/msg00079.html|private email]]. Details of the teamspeak meeting channel were shared privately to members of the committee, but its existence was never announced to the community as far as we know. It is unknown what happened on teamspeak, although one Australian member commented much later that the one time he'd been able to get on to the system, it appeared hard to follow because the meeting was held in German. Given the lack of content on the main IRC channel, it is reasonable to suggest that teamspeak was where the real meetings were held. The IRC channel, which was both more customary and where Reinhard typically invited that the meetings were to be held, was used only to push through the motions already decided. Poignantly, Reinhard commented "''We all see that there are rumours and hidden activities backstage''" [[https://lists.cacert.org/wws/arc/cacert-board-private/2015-12/msg00008.html|Private email to auditor]], although it is unclear to what he was referring. === Miscellaneous actions of the board conducted in private channels === During the time of this board, they took the following additional discussions into the private mail area: * [Board] ''"are planning to create a template page for a set of mail templates need to be sent out for a new CAcert Inc member. As discussed today this should be private for board"'' [[https://lists.cacert.org/wws/arc/cacert-board-private/2015-12/msg00061.html|private list]]. * Discussion and reports of root Re-signing was planned for FOSDEM 2016-01-29 [[https://lists.cacert.org/wws/arc/cacert-board-private/2015-12/msg00016.html|private email]] with Wytze and the assistance of others in NL. * Discussion of insurance for legal protection and liability for all board members and/or board and/or CAcert Inc. * Requested that Kevin (PO) request all documents ever lodged at OFT. * Formally requested handover from prior board members. Although the committee acknowledged receiving mails to that effect, they did not accept that documents were handed over [[https://lists.cacert.org/wws/arc/cacert-board-private/2015-12/msg00031.html|transcript]]. In part this was due to the committee's demand for signed statements that all documents had been handed over, and in part due to committee's demand for documents that the prior board claimed did not exist or had not been received. Due to the board's aggressive pursuance of this issue, it seemed entirely reasonable to not provide a signed statement. * Discussion of whether to use CAA records in DNS names to signal other CAs not to issue certificates over our domains. * Discussion with '''some''' members about Parts A,B,C (below) [[https://lists.cacert.org/wws/arc/cacert-board-private/2015-12/msg00066.html|private post]] including reference to private voice meetings with additional non-committee members. * notifications of things done in motions. * invitations to purported board meetings [[https://lists.cacert.org/wws/arc/cacert-board-private/2015-12/msg00082.html|private post]] albeit including association members as well. It is unclear why any of these were required to be kept private, nor why they were not reported to the community. The volume of routinely private communication on matters of community interest for no good reason leads to a conclusion that this board widely and routinely breached the community's principle of transparency and also the association rules 23B: . ''23B Open and transparent governance . (1) The committee must, except as provided in this rule, cause any and all business transacted by it to be published on the association's website. . (2) The committee may, by its own motion, close its deliberations to the public, restrict access to any document, or do any other thing as necessary for the proper administration of the association. . (3) In the event of the use of rule 23B(2), the committee must record and publicly disclose the reasons for its decision.'' === Parts A,B,C 'under seal' === In its very first meeting, the new board also convened a meeting 'under seal' to discuss a secret matter. The matter became know for most of the term of this board as ''Parts A,B,C'' due to absence of other information, including within the text of the motion that authorised it (m20151206.17-19). It was much later found to be the decision to suspend members Eva, Dunkel ('''including as Arbitrators,''' both) and Dirk from roles, and to block these members from access. The decision to do Parts A,B,C was led by Reinhard who substantially predicted the outcome in mail in the private list [[https://lists.cacert.org/wws/arc/cacert-board-private/2015-12/msg00001.html20151201]]. There is no known record or transcript of any meeting discussed the issues properly or even laying out the case against the persons concerned, although such was demanded of the board post-SGM. === Incident === In a related thread, in a meeting 2015-12-06 [[https://lists.cacert.org/wws/arc/cacert-board-private/2015-12/msg00031.html|transcript]] it was motioned to set up the 'investigative committee' surrounding an incident at FROSCON, which related to "''Parts A,B,C.''" . ''11:22 <@ReinhardM> 2.5.3 FROSCON, sha256-resign --> session2015.4 investigate . During Froscon the procedure for root resign was tested and disturbed. Our internal auditor labelled this as incident; several witnesses (members from FSFE, several sponsors) gave descriptions with similar content. The person in question denies any responsibility. We have to setup an investigation committee to find out the facts. Our plans should be to find a lawyer from the community members to lead the investigation and report to board the final stat. We have to setup an investigation committee to find out the facts. Our plans should be to find a lawyer from the community members to lead the investigation and report to board the final status. Based on this report a decision must be made. . MOTION: appoint an investigation committee to find out what happened during the public test of the root resigning procedure at Froscon 2015. . (5 votes aye) . <@benball> if it was reported as an incident then why wasnt a dispute lodged and the DRP followed? . <@ReinhardM> it was given as a task to the former board and the president had not taken any actions. . <@ReinhardM> We should never ignore this. . <@benball> abstain . (motion carried.)'' It is instructive to note that the incident related to an active case and was therefore under Arbitration; had been reported to prior board; had been marked as an incident by internal auditor; and had '''not''' been referred to dispute resolution, yet the new board now sought a 3rd method of dispute resolution being an 'investigative committee'. === Blocking of Access === Shortly thereafter, motions were passed by the board (20151206) to cause the above into effect without any public notification as to their nature. Email was sent to the members concerned on or around 2015-12-09. The board proceeded to block access to services to the two arbitrators listed above. On asking to block access, one administrator (Mario) asked for authority, and filed dispute against the board. As arbitrators were blocked from the wiki, this meant that all cases on which they were working on were interfered with (e.g., [[Arbitrations/a20151125.1|a20151125.1 2015-12-07]]). This was unprecedented, and was specifically ruled against in the earlier Dunkel ruling - only the three heads of power may together impeach an arbitrator. ==== Responses ==== When the blockage became evidence, members became irate, including the members being blocked. Significantly, * [[https://lists.cacert.org/wws/arc/cacert/2015-12/msg00006.html|post]] ''2015-12-09 13:10 the former internal auditor (Ian Grigg) replied to the president's mail to the members with a warning to anybody “who have followed instructions of the board in recent days” that they are “sub judice” and “although we do not normally advise this in CAcert, you may find it wise to consult your own legal counsel. Individually, and at your own cost.”'' * That mail also was a warning that the people concerned were to keep evidence safe, and not to destroy it. Destruction of evidence would be treated dimly once a serious case had been alerted. * Arbitrator Eva responded [[https://lists.cacert.org/wws/arc/cacert/2015-12/msg00003.html|cacert list 2016-12-09]] with rulings under case [[http://wiki.cacert.org/Arbitrations/a20151125.1|a20151125.1]], declaring: * the blocking actions are invalid, * ''"2. These acts are an intervention with a running case and an attempt to violate arbitration processes."'' * those members who were involved in the acts are to be removed from all security policy or assurance capabilities. * all board members plus Martin were named. * the membership was encouraged to pursue an SGM route. * two long standing members resigned * The Critical Sysadmins pulled their support for the board [[https://lists.cacert.org/wws/arc/cacert-members/2016-01/msg00014.html|Bas]], making access to the servers impossible for root re-signing. * causing Reinhard / board to launch an opinion survey to reenforce support for the board and the re-signing process. * Responses by Eva caused the board / Reinhard to attempt to stop Eva discussing the investigation committee on public lists [[https://lists.cacert.org/wws/arc/cacert-board/2016-01/msg00000.html|2015-12-12]]. Unfortunately, the board lacks the power to do that which Reinhard asserted, it only has power to pursue a complaint under Rule 12.2 under the association rules. Reinhard's demands however were strident beyond even the limited powers of a proper Rule 12 investigation: a demand for a "show cause" in the absence of a complaint placed the board as the judge, jury and executioner! * Iang [[https://lists.cacert.org/wws/arc/cacert/2016-02/msg00000.html|1]], [[https://lists.cacert.org/wws/arc/cacert/2016-02/msg00005.html|1.bis lack of protection]], [[https://lists.cacert.org/wws/arc/cacert/2016-02/msg00006.html|timeline & consequences]], * Information [[https://lists.cacert.org/wws/arc/cacert/2016-02/msg00052.html|posted on Board's Investigative committee]] at [[InvestigationCommittee]] by Dunkel. Many more posts were made, the above is only a selection. === Public Prosecutor & legal representation === In response to an arbitration, or perhaps in response to the serious words of Iang above to consult own counsel, on or about 19th December 2015, the five active members of the committee notified the arbitrator that '''they rejected the arbitrator and case manager'''. Further, some of them nominated counsel in Austria and Australia, un unprecedented step. Even more dramatically, Jürgen Bruckner notified that [[https://lists.cacert.org/wws/arc/cacert-board-private/2015-12/msg00088.html|private post by Bruckner]]: . ''.... - the complaint which was filed on 2015-12-10 at the office of Public Prosecutor of Vienna against Ian Grigg, Eva Stoewe, Alexander Robertson, Philipp Dunkel et al. This case is pending at the prosecutor's office, and several additional information have been filed since that. The last update was on 2015-12-17. With the last update the Vienna public prosecutor's office has been also asked and adviced to forward the filed facts and information to the authorities which are responsible for the seat of CAcert Inc. in NSW, Australia.'' Also see the ... This event was dramatic. Some notes. * This was the only information of any firmness that was forthcoming related to the complaint into Vienna Public Prosecutor's office. It was understood to be a criminal complaint filed with the court (although many months later it was alleged to be an 'administrative complaint'). As a criminal complaint, this caused the arbitrator Philipp Dunkel to immediately suspend the arbitration. * Although all of the notifications were different, with differing points, they had a common theme, used similar wordings, and arrived in a 12 hour period. They were clearly all related and coordinated, however there is no record of any meeting where such a process was determined. * It was therefore believed that the members of the board, acting as board, were acting as one unified voice, and the five members were all fully aware of the process. The combined effect of this was to suspend all arbitration. * There was a unified claim that the case was ''illegally extended'' by permitting the respondent (iang) to file a complaint. Arbitrator Dunkel rejected that notion, stating that it was indeed the right of a respondent to file a complaint, this is clearly a part of the common law, and DRP 2.2 says ''"The Arbitrator may request any written pleadings, '''counterclaims''', and/or statements of defence."'' * There was a unified rejection of the Arbitrator and Case Manager, which Dunkel ruled against. See also Alex, point 2. Whatever the points of detail, the CAcert was now in crisis as the board of CAcert Inc had denied a running arbitration against it. === Responses === Alex, Case Manager for cases hit by the action, posted on members list the following [[https://lists.cacert.org/wws/arc/cacert-members/2015-12/msg00012.html|in members mail list]] and [[Arbitrations/a20151125.1|a20151125.1]]: . ''1) it is a rule of the association that all disputes are subject to DRP (Rule 11) - by following/attempting to follow alternatives such as the proposed external review, there may be a breach of fiduciay duty by failing to follow the rules if the association. If this is the case, the Board may be jointly and severally personally liable for any incurred costs. . 2) Normal legal process does not normally allow for the selection or rejection of court officials - the DRP clearly states that the CM selects the arbitrator. There is no allowance for any choice or challenge of this process by claimant or respondent . 3) Board has jointly and severally accepted both CCA and DRP - by failing to follow the rulings of a duly empanelled arbitrator they have broken that acceptance. . 4) In respect of 3) there is also an issue of "contempt of court" on the grounds of failure to obey the rulings of duly empanelled arbitrators. This is an offence under NSW law which is punishable by a fine and/or imprisonment. . 5) Philipp Dunkel ruled in case a20150420.1 that removal of an arbitrator requires the agreement of all three heads of power to commence any form of impeachment process. There is no allowance for "suspension" of an Arbitrator, and considering that the President and other members of Board have had cases that they did not like the result of, the action of suspension (and possibly other actions has to be considered malicious, particularly in the light of threats made by the current President and others prior to the AGM that installed the current Board. As a further reference, according to the rules of the association (Rules 12 and 13) the only actions that Board can take directly to discipline a member of CAcert Inc. is the suspension of or expulsion from that membership - this then is open to appeal requiring an SGM. . 6) The removal of priveleges (and/or threats thereof) falls into the category of interference with a court official. This is regarded as an extremely serious criminal offence falling under section 322 of the New South Wales 1900 Crime Act and carries a potential sentence of up to 10 years imprisonment. Since it is a criminal act, perpetrators may be liable to arrest and prosecution if AU residents, or if not AU residents, may face extradition to face charges in NSW.'' Kevin, public officer posted: Jeffery posted a call for an SGM [[|2015-12-27]], quoting ''RESOLVED, that the committee as constituted no longer enjoys the confidence of the members, and each committee member is removed from their position.'' ==== Arbitration was Frozen. CAcert Inc likely in breach of CCA ==== Dunkel, the arbitrator that had ruled on the Heads of Power case that specified that only the three heads of power could suspend an arbitrator, was also the current arbitrator in a defamation case between Iang and the members of the committee and some others. In responding to the above filing, he announced that in his opinion but not ruling, there was sufficient evidence to declare that the members of the board, some others, and CAcert Inc itself were now '''in breach of CCA''', and termination was a possible result. However as the board had filed a criminal complaint, '''the/all arbitration was now frozen'''. ==== Meeting 2016-01-10 ==== At the 2016-01-10 board meeting, . ''[2016-01-10 11:59:44] next topic 2.6 Investigation committee . [2016-01-10 12:00:06] Currently 2 persons has agreed to join the investigation committee. . [2016-01-10 12:00:42] sorry, fire-brigade-alarm, have to run... . [2016-01-10 12:00:45] One is of profession lawyer, the second one is a data privacy professional. . [2016-01-10 12:01:09] I move to implement the investigation committee and try to fill it up with a third person.'' . (carried) In question time with Eva, Reinhard revealed that all questions on the investigation committee were to be answered by the committee itself, and that ''names are privat concerns.'' Complaints and/or demands for information were received from * [[https://lists.cacert.org/wws/arc/cacert-board/2016-01/msg00010.html|Iang]], * [[https://lists.cacert.org/wws/arc/cacert-board/2016-01/msg00002.html|Guillaume]] * [[https://lists.cacert.org/wws/arc/cacert-board/2016-01/msg00011.html|Lambert]] Only Lambert's was answered, and only in part [[https://lists.cacert.org/wws/arc/cacert-members/2016-01/msg00003.html|Reinhard]]: . ''Dear Lambert, dear all . the two persons that are willing to take part in the Committee of Investigation are active CAcert assurer and agreed to work pro bono. CAcert only need to cover any additional expenses e.g. travel costs. Therefore the cost should be in a reasonable range. . Currently we do not want to publish the names. . Once the committee has finished its work the final report will be published. If there is a private part that will be closed as usual. . The final report will be signed by the members of that committee of investigation. . Kind regards . Reinhard Mutz, President of CAcert Inc. in the name of board'' The board's demands to keep the investigatory committee private were challenged with information on the wiki [[https://wiki.cacert.org/InvestigationCommittee|InvestigationCommittee]]. === Checkpoint === It is important to establish the breathtaking departure from CAcert's principles in the actions of the board [[https://lists.cacert.org/wws/arc/cacert-members/2016-01/msg00010.html|Iang]] that had occurred within 1 or 2 months. The board, in establishing an investigatory committee, ignoring prior arbitrations, ignoring that arbitration is the forum of dispute resolution, ignoring the principle that all complaints be duly filed and made available to the respondent, ignoring the requirement that any committee be given a mandate, and ignoring that any investigator be named, had established itself as an island disconnected from the community. At the same time, the board and/or members of the committee were running: * an investigatory committee without a mandate and without authority in the rules (but motion [[https://lists.cacert.org/wws/arc/cacert-board/2016-01/msg00009.html|m20160110.6]]), * a secret filing into the public prosecutor's office in Vienna, * a Rule 12 investigation without a complaint, * a board-initiated suspension of arbitrators in direct conflict of the Dunkel Ruling, * a declared intent to 'adjust Arbitration', and * participation in numerous arbitrations. Most of which were not supported by board motions, and all of which was now outside the protection of Arbitration [[https://lists.cacert.org/wws/arc/cacert-board/2016-01/msg00016.html|Iang]] which was at that point suspended, and therefore acting flagrantly in this fashion amounted to negligence. === The next three months... === With CAcert in crisis, the next three months were characterised by ... a lot of email traffic. However the die was cast at this stage. What happened after the events summarised above was pitched battle, which was ultimately resolved by the numbers. A brief summary of key elements will suffice: * Reinhard / the board launched a Rule 12 complaint against Iang 2016-02-28 [[https://lists.cacert.org/wws/arc/cacert-members/2016-02/msg00019.html|Eva]]. In this case, stretched over 2.5 months, * the board and/or Reinhard made up the complaint within a board meeting [[https://lists.cacert.org/wws/arc/cacert-members/2016-02/msg00021.html|transcript]], and presented it to itself as it was making it up. The board therefore ruled itself out of judging the complain for conflict of interest. * the board provided its demand for response at [[https://lists.cacert.org/wws/arc/cacert-board-private/2016-03/msg00000.html|private mail]] then stored at [[Iang/Hearing|Hearing]]. * Board held a meeting 2016-03-23 on three days notice [[https://lists.cacert.org/wws/arc/cacert-board-private/2016-03/msg00014.html|private mail]] in which the board also ignored the voluminous defence from Iang, pretending it had not been received, and declared its decision to oust Iang from the association [[https://lists.cacert.org/wws/arc/cacert-board-private/2016-03/msg00030.html|private mail]]. * An SGM was called, but the dates were problematic to nail down. * Throughout, the members of the board withheld information concerning the filing into Public Prosecutor's office in Vienna * [[https://lists.cacert.org/wws/arc/cacert-members/2016-03/msg00013.html|summarising post]]. * [[https://lists.cacert.org/wws/arc/cacert-board-private/2016-04/msg00014.html|not criminal]] but no information as to what it was, and evidence that Jürgen knew what it was. * In the same meeting 2016-02-28 the board expelled Guillaume summarily, citing some emails and claiming they were wrong [[https://lists.cacert.org/wws/arc/cacert-members/2016-02/msg00021.html|transcript]]. Also, they relied on a 5 years old ruling by a board that Guillaume could be expelled if he posted false emails again [[https://lists.cacert.org/wws/arc/cacert-members/2016-02/msg00019.html|Eva]]. * Re-signing of the roots to replace MD5 with SHA256: * Motions m20151018.2 and m20151018.1 had already laid the path for re-signing. * A survey on re-signing [[CAcertInc/OpinionSurveyRe-SigningRoot]] launched by the board did not work out so well as 10 of 30 people voted NO [[https://cacert.eu/survey/audit/]], presumably not against the question, but against the board's position in general. * Re-signing of the roots was reported successfully by Benedikt [[https://lists.cacert.org/wws/arc/cacert-board-private/2016-03/msg00006.html|post to private mailing list]] and [[Audit/Results/session2016.1|public wiki page]] and [[https://blog.cacert.org/2016/03/successful-root-re-sign/|blog page]]. * Failures in open governance: * Surprisingly, it was discovered in [[https://lists.cacert.org/wws/arc/cacert-board-private/2016-03/msg00010.html|private mail list]], that Board was signing documents for CABForum that presumably entered CAcert Inc into contractual relationships with CABForum. Is any motion from Board aware of this? * Reinhard started holding straw polls on the [[https://lists.cacert.org/wws/arc/cacert-board-private/2016-03/msg00020.html|private board list]] to adjust agenda items. * Incident reports from internal auditor were reviewed and accepted in [[https://lists.cacert.org/wws/arc/cacert-board-private/2016-04/msg00023.html|private mail list]]. * Of the many complaints that were received on the members list and board list, few were responded to. Here are some exceptions: * [[https://lists.cacert.org/wws/arc/cacert-board-private/2016-03/msg00020.html|Answers to Lambert]] at [[Brain/CAcertInc/Committee/proposal/answers01]] which missed his questions about "investigation committee" and "criminal filing" (rejoinder by Eva on board list). * Board quizzed new members on their critical remarks about the board [[https://lists.cacert.org/wws/arc/cacert/2016-04/msg00000.html|post 2016-04-08]] and [[https://lists.cacert.org/wws/arc/cacert-board-private/2016-04/msg00030.html|response]]. * Iang launched an informal vote (members list 2016-04-03) to elect an additional secretary. * Iang brought more bad news: audit, policies and practically every other system in CAcert were all imperilled by the suspension of arbitration [[https://lists.cacert.org/wws/arc/cacert-members/2016-02/msg00000.html|Iang]]. Subik pointed out this meant also re-signing was threatened [[https://lists.cacert.org/wws/arc/cacert-members/2016-02/msg00008.html|Subik]]. * Eva posted a legal summary on [[https://lists.cacert.org/wws/arc/cacert-members/2016-02/msg00003.html|removal of arbitrators]] * Board launched a campaign to re-model [[https://www.cacert.org/policy/DisputeResolutionPolicy.html|DRP]] under UNCITRAL: * [[https://lists.cacert.org/wws/arc/cacert-policy/2016-03/msg00006.html|post to policy]]. * [[https://wiki.cacert.org/Brain/CAcertInc/Committee/proposal/answers01|wiki on UNCITRAL]] as proposed as "answers to members' questions". ==== Arbitrations concerning the SGMs ==== Lots of discussion led to a call for an SGM as early as 9th December 2015 [[https://lists.cacert.org/wws/arc/cacert/2015-12/msg00003.html|cacert list 2016-12-09]]. It was finally called 2016-03-xx, and the board responded with its own call for SGM a day later, and against which first call the board filed dispute. The board issued a second call for SGM beforehand to remove Iang as member. The board negotiated directly with Lambert [[https://lists.cacert.org/wws/arc/cacert-board-private/2016-03/msg00034.html|private email 2016-03-31]], a senior and experienced arbitrator, to take on the case [[https://lists.cacert.org/wws/arc/cacert-board-private/2016-03/msg00033.html|filed 2016-03-30]] to review the multiple SGMs and rule. Lambert as Arbitrator ruled that while two SGMs might be valid, they can only vote on the same agenda and each item can only be voted on once [[https://lists.cacert.org/wws/arc/cacert-board-private/2016-04/msg00028.html|private mail list]]. The SGM to confirm the removal of Iang was ruled invalidly called, and would have to be rescheduled to 2016-04-25. === The SGM to eject the committee === At the SGM held 2016-04-09, the committee considered the proxies for over an hour, slowly and painfully. When they realised the numbers were against them, they resigned en masse, clearing the way for a new committee. [[https://lists.cacert.org/wws/arc/cacert/2016-04/msg00011.html|Eva wrote]]: . ''Quick summary: a new board has been elected. . After counting proxies, the European board members of the prior board resigned. . Guillaume and 4 new members were accepeted as members . Results of resolutions: . 1. Disenheartened with committee and disrespect for arbitration. --> CARRIED. . 2. the committee removed. --> CARRIED. . 3. CAcert Inc was placed in unacceptable breach of CCA. --> FAILED by one (Resolution 4 was then skipped) . 4. CAcert Inc with new committee, treat liabilities as if arbitration was not suspended. --> CARRIED. . 5. Create a report. --> CARRIED. . 6. Elect a new board: Ben Ball (AU), Piers Lauders(AU), Kevin Dawson(AU), Ian Grigg, Gero Treuner, Dirk Astrath, Mathias Subik . For 2016-04-10 11:00 UTC the former board had invited for another SGM, but it will have no business according to an arbitration ruling. . The new board needs to convene and asks everyone for patience as it gets started on this task.'' == Post-SGM Activities of the Committee April 2016 to June 2016 == In the SGM, a committee was appointed. At the first meeting, the committee accepted Piers as President, Iang as vice-President, Dirk as secretary and Gero as Treasurer. In addition to these appointments, Kevin and Matthias also joined the board, and Ben remained on board.