• Support
• Handbook
• PrecedentCases
• a20111128.3

Support / Training

Support Handbook / Precedent cases / Precedent case a20111128.3

How to handle "delete account" cases that are similar to precedent case a20111128.3 "Delete Accounts with no Assurances and all certificates expired" (WIP)

TRIAGE shall move all account deletion requests to the SE queue.

Preconditions

• the account shows no given assurances
• all certificates have been revoked or expired

If these preconditions are not fulfilled, the request needs to be moved to the dispute queue.

Step 1

Write a mail to the user to make sure that they really want their account deleted. The mail is similar to the one from Delete my Account cases Init mailing.

Initial mail to user

Dear <user>,

We've received your account deletion request dated ####-##-##.
If this was sent by accident, please respond to this notification within 14 days
(deadline set to: ####-##-##) or confirm your deletion
request. Otherwise this case will be acted upon automatically.

If the reason for your delete request is, that you lost access to your 
account, you can try to recover your account. If an account is 
recovered, your assurance points, experience points, domains, client 
certificates and server certificates are retained. If an account is 
deleted, all is lost. Just look at 
http://wiki.cacert.org/FAQ/LostPasswordOrAccount 
for possible ways and tell us how to proceed.

I'll take this case as Support Engineer.

The process for the deletion of an account is laid out in the precedent 
arbitration case a20111128.3 [1]. 

Like every normal arbitration case this also is opened by some formalities:

  1. Please reply to this email and confirm that you accept the
     Arbitration under the CAcert Community Agreement [2] and the
     Dispute Resolution Policy [3].
  2. The governing law will be that of NSW, Australia. It is possible
     to request a change of law, but it is unlikely to be helpful in
     this case.
  3. You need to notify me if you are seeking legal counsel (a lawyer).
     This is not recommended. Rather, if you feel the need for help, 
     I can ask an experienced Assurer to assist you.

Finally, please remember: this forum is about sorting out our common 
difficulties and improving our ability to secure ourselves. Unlike 
other forums, I ask you to maintain a positive and helpful spirit 
at all times!

The proceedings of the Arbitration have to be in English. If you have 
troubles expressing yourself in English we can try to find a translator 
for you.

[1] http://wiki.cacert.org/Arbitrations/a20111128.3
[2] http://www.cacert.org/policy/CAcertCommunityAgreement.php
    CAcert Community Agreement
[3] http://www.cacert.org/policy/DisputeResolutionPolicy.php   
    Dispute Resolution Policy
-- 

Kind Regards
<SUPPORT TEAM MEMBER>
CAcert support

The deadline needs to be set to 14 days from the date of processing.

Before sending the initial mail to the claimant:

• set the next ticket state to "pending reminder"
• the pending date to the deadline date
• the type of issue to "Delete account precedent".

Step 2

• if the user confirms the deletion, continue
• if there is no response until the deadline, continue
• otherwise see what has to be done

The data for the anonymising string is taken from the next number at the bottom of the precedent case a20111128.3 following this structure a20111128.3.x where x is the next free number.

Depending on the latest expiry date of the certificates, there are two different steps to proceed.

a: No certificates used or the last certificate has expired more then 3 months ago

SE hijacks the account and anonymizes the account following the Delete Account Procedure using the anonymising string stated above.

As the CCA is terminated immediately with the execution of the delete account procedure, the user needs to be informed that the execution was successful. The CCA termination date is the date of the execution.

Hello <user>,

I executed your request to delete your account following the ruling of the precedent case a20111128.3 [1].

The account is now deleted and CCA [2] is terminated on <yyyy-mm-dd>.

[1] http://wiki.cacert.org/Arbitrations/a20111128.3
[2] http://www.cacert.org/policy/CAcertCommunityAgreement.php
    CAcert Community Agreement

-- 

Kind Regards
<SUPPORT TEAM MEMBER>
CAcert support

Continue with step 3.

b: the last certificate has expired less than 3 months ago

Inform the user that the delete account procedure is put on hold until a 3 month period after the last certificate has expired.

Dear <user>,

your request to delete your account is on hold until <yyyy-mm-dd> due to the fact that there is a 3 month retention time to the latest certificate expiration date which is <yyyy-mm-dd>.
This retention time is given by arbitration ruling [1].

In the meantime I will lock your account so nobody except support is able to access your account. 

I will execute the account deletion when <yyyy-mm-dd> is reached, so you do not need to take any actions.

[1] http://wiki.cacert.org/Arbitrations/Training/Lesson20#CCATermCalc


-- 

Kind Regards
<SUPPORT TEAM MEMBER>
CAcert support

Before sending the mail to the user:

• set the next ticket state to "pending reminder"
• the pending date to the retention date

Lock the account for the retention time. (Needs to be clarified by arbitrations)

Once the retention date is reached, continue with "a:" with the execution date as CCA termination date.

Step 3

Document the delete account issue by adding it to the table at the end of the precedent case a20111128.3 with:

• Support ticket number

• Arbitration number + consecutive number => a20111128.3.#

• CCA termination date (this is the SE's execution date)

Reference documents

[1] Precedent case a20111128.3 [2] Delete Account Procedure [3] Delete my Account cases Init mailing

• CategorySupport

• CategorySupportPrecentCase