Please close my CAcert account and delete all my personal data.


Attending <snip> ATE in <snip> I have realised that because of a
pending Mozilla auditing CAcert is undergoing massive and disruptive
changes in its policies, processes and its requirements of members and

This move is not too smooth, for example I have retrieved and printed
out old CAP forms from my CAcert account just an hour before the event
and still do only get those old forms, although the CCA acceptance is
vital since April or something like that. Which was totally unannounced,
by the way.

So far I have not decided whether I can accept the new policies
(specifically the dispute resolution policy). I need to think about that
for some time (specifically the whole issue of local courts, but also a
few other points).

As far as I see it I have not accepted them so far (surely not by just
using the CAcert web site), and in order to delay or avert accepting
them I have decided not to take part in today's assurances at ATE.

This whole transition is kind of murky, in my eyes. Why haven't I been
presented with a big yellow pop-up "please review our new policies and
our CCA and confirm your acceptance, otherwise you cannot proceed"?  And
would such an online acceptance really be enough?

Isn't a real signature on a CAP form much better? Are you sure that you
could fight that through the courts if somebody claimed that any member
of his household just opened a few of the sites in his browsing history
(maybe a wife suspecting adultery) and logging in using the installed
client certificate or the password saved in the browser?

So even though I really haven't decided whether I'd like to take part in
CAcert under the new policies, I believe that resigning is the best way
to go. Either way.

If I want out, I'm out. If I want in (after some deliberation), I can
start on a blank slate without this whole "old member"-baggage and both
CAcert and I can be sure about under what circumstances and agreements
my memberships exists.

Please note that I don't consider this to be an arbitration matter under
the dispute resolution policy, because I'm not a party to the CCA or the
dispute resolution policy, although I suppose you might handle it as
such for practical reasons.

I do not wish to have my identity publicly disclosed, for instance on
your web site's arbitration section or on any mailing list that can be
subscribed to by the general public. The information about me attending
the ATE and not participating in the assurances is only included as part
of an explanation why I'd like my account closed and is also potentially
identifying information that should be hidden from any public venue.

(There is a precedence case, a20090328.1)

I would like to request a clarification to the abovementioned ruling:

There is no mention under what circumstances the sealed envelope may be
opened or what happens after such an opening (Is the seven years' term
renewed? And by the way: why seven years from now, not seven years from
the last assurance, because that's the point when I would destroy the
CAP forms if I retained them). Furthermore I'd find notification of the
claimant in case of the envelope's opening both practical and
appropriate (only if claimant is still reachable under the old address).

Before: Arbitrator Bernhard Frohlich (A). Respondent: CAcert Incorporated (R) Claimant: Identity withheld pending ruling (C) Case: a20090618.3

20090619 A: Sent initial mail. Asked for explicit acceptance of Arbitration under CCA and DRP for this case.

20090621 C: Answered initial mail. Does not accept CCA and DRP for this case.

20090622 A: Sent proposed ruling similar to a20090328.1 to Claimant


I see no significant difference to a20090328.1, so I'm giving a very similar ruling with some clarifications (italics are used for differences in formulation):

  1. The claimant shall send all CAP forms in his possession to the arbitrator
  2. A snapshot of the account information shall be taken and printed on paper.
  3. All certificates of the claimant shall be revoked and login to the account shall be disabled.

  4. After the CAP forms have arrived the account of the claimant shall be anonymised by doing the following:

    • Setting the date of birth to 1970-01-01
    • Setting all Name fields to a20090618.3
    • Removing all domains
    • Removing all secondary email addresses
    • Setting the primary email address to support@cacert.org

    • Modified ruling: Setting the primary email address to a20090618.3@example.org

    • Setting all other fields containing any identifiable information to a20090618.3
  5. The arbitrator shall print this case-file to paper
  6. The arbitrator shall put the print-out of this case-file, the print-out of the account status as well as the CAP forms into an opaque envelope and seal that envelope.
  7. The arbitrator shall designate that envelope with the arbitration number and retain this envelope for 7 years, after which time it shall be destroyed.


As requested by the Claimant I give the following clarifications:

  1. The sealed envelope may be opened only
    • if one of the included CAP forms is requested during an Arbitration, or
    • if a dispute is filed against the Claimant and an Arbitrator rules that the Claimant's personal data is needed.
  2. If the envelope is opened the ruling Arbitrator or the archiving Arbitrator shall send a mail to the Claimant's archived primary email adress about the circumstances. No further efforts will be made if this email adress is unreachable for any reasons.
  3. The opening of the sealed envelope does not by default prolong the retention period.
  4. An Arbitrator may rule that specific CAP forms shall be removed from the envelope and be archived otherwise (usually with another case, maybe for longer period).
  5. The retention period is 7 years from the date of the ruling since the Claimant's personal data have to be archived for this period (see also Paragraph 5.5 of the new (WIP) CPS). It is not sensible to open the envelope every time one of the CAP forms reaches the end of its individual retention period.

  6. The envelope may be forwarded to another Arbitrator if the archiving Arbitrator resigns from CAcert or is not able to keep it save any longer. Of course the retention period is not modified by such a forwarding.


20090624 C:

I accept this ruling and would like to express my thanks to both you and the case manager for handling this matter so professionally and quickly.

I'll retrieve the CAP forms from my bank deposit box and send them to you as soon as possible, but I cannot promise that I'll get to it before the weekend. But you should receive them by mail next week at the outside. 

20090701 A: Received mail with 7 CAP forms included

20090701 C: Confirms that he has made 7 Assurances

20090702 A: Support, please verify that the Claimant's account has made not more than 7 Assurances. If so, anonymize it like outlined above.

20090702 Support confirms all modification except changing the primary mail adress.

20090708 A: I have been notified about the technical requirement that primary mail adresses of accounts must be unique so setting it to support@cacert.org will not work. I therefore modify the ruling to set the primary mail adress to a20090618.3@example.org

20090720 Support confirms changing the primary mail adress.

20090720 A: This case is closed now.

Arbitrations/a20090618.3 (last edited 2009-12-07 15:56:04 by UlrichSchroeter)