- Case Number: a20090618.3
- Status: closed
- Respondents: CAcert Incorporated
Hi Please close my CAcert account and delete all my personal data. <snip> Attending <snip> ATE in <snip> I have realised that because of a pending Mozilla auditing CAcert is undergoing massive and disruptive changes in its policies, processes and its requirements of members and assurers. This move is not too smooth, for example I have retrieved and printed out old CAP forms from my CAcert account just an hour before the event and still do only get those old forms, although the CCA acceptance is vital since April or something like that. Which was totally unannounced, by the way. So far I have not decided whether I can accept the new policies (specifically the dispute resolution policy). I need to think about that for some time (specifically the whole issue of local courts, but also a few other points). As far as I see it I have not accepted them so far (surely not by just using the CAcert web site), and in order to delay or avert accepting them I have decided not to take part in today's assurances at ATE. This whole transition is kind of murky, in my eyes. Why haven't I been presented with a big yellow pop-up "please review our new policies and our CCA and confirm your acceptance, otherwise you cannot proceed"? And would such an online acceptance really be enough? Isn't a real signature on a CAP form much better? Are you sure that you could fight that through the courts if somebody claimed that any member of his household just opened a few of the sites in his browsing history (maybe a wife suspecting adultery) and logging in using the installed client certificate or the password saved in the browser? So even though I really haven't decided whether I'd like to take part in CAcert under the new policies, I believe that resigning is the best way to go. Either way. If I want out, I'm out. If I want in (after some deliberation), I can start on a blank slate without this whole "old member"-baggage and both CAcert and I can be sure about under what circumstances and agreements my memberships exists. Please note that I don't consider this to be an arbitration matter under the dispute resolution policy, because I'm not a party to the CCA or the dispute resolution policy, although I suppose you might handle it as such for practical reasons. *********************************************************************** I do not wish to have my identity publicly disclosed, for instance on your web site's arbitration section or on any mailing list that can be subscribed to by the general public. The information about me attending the ATE and not participating in the assurances is only included as part of an explanation why I'd like my account closed and is also potentially identifying information that should be hidden from any public venue. (There is a precedence case, a20090328.1) *********************************************************************** I would like to request a clarification to the abovementioned ruling: There is no mention under what circumstances the sealed envelope may be opened or what happens after such an opening (Is the seven years' term renewed? And by the way: why seven years from now, not seven years from the last assurance, because that's the point when I would destroy the CAP forms if I retained them). Furthermore I'd find notification of the claimant in case of the envelope's opening both practical and appropriate (only if claimant is still reachable under the old address).
- Relief: See ruling below
- Case Manager: Nick Bebout
- Date of arbitration beginning: 2009/06/18
- Date of ruling: 2009/06/25
- Case closed: 2009/07/20
Before: Arbitrator Bernhard Frohlich (A). Respondent: CAcert Incorporated (R) Claimant: Identity withheld pending ruling (C) Case: a20090618.3
20090619 A: Sent initial mail. Asked for explicit acceptance of Arbitration under CCA and DRP for this case.
20090621 C: Answered initial mail. Does not accept CCA and DRP for this case.
20090622 A: Sent proposed ruling similar to a20090328.1 to Claimant
I see no significant difference to a20090328.1, so I'm giving a very similar ruling with some clarifications (italics are used for differences in formulation):
- The claimant shall send all CAP forms in his possession to the arbitrator
- A snapshot of the account information shall be taken and printed on paper.
All certificates of the claimant shall be revoked and login to the account shall be disabled.
After the CAP forms have arrived the account of the claimant shall be anonymised by doing the following:
- Setting the date of birth to 1970-01-01
- Setting all Name fields to a20090618.3
- Removing all domains
- Removing all secondary email addresses
Setting the primary email address to firstname.lastname@example.org
Modified ruling: Setting the primary email address to email@example.com
- Setting all other fields containing any identifiable information to a20090618.3
- The arbitrator shall print this case-file to paper
- The arbitrator shall put the print-out of this case-file, the print-out of the account status as well as the CAP forms into an opaque envelope and seal that envelope.
- The arbitrator shall designate that envelope with the arbitration number and retain this envelope for 7 years, after which time it shall be destroyed.
As requested by the Claimant I give the following clarifications:
- The sealed envelope may be opened only
- if one of the included CAP forms is requested during an Arbitration, or
- if a dispute is filed against the Claimant and an Arbitrator rules that the Claimant's personal data is needed.
- If the envelope is opened the ruling Arbitrator or the archiving Arbitrator shall send a mail to the Claimant's archived primary email adress about the circumstances. No further efforts will be made if this email adress is unreachable for any reasons.
- The opening of the sealed envelope does not by default prolong the retention period.
- An Arbitrator may rule that specific CAP forms shall be removed from the envelope and be archived otherwise (usually with another case, maybe for longer period).
The retention period is 7 years from the date of the ruling since the Claimant's personal data have to be archived for this period (see also Paragraph 5.5 of the new (WIP) CPS). It is not sensible to open the envelope every time one of the CAP forms reaches the end of its individual retention period.
- The envelope may be forwarded to another Arbitrator if the archiving Arbitrator resigns from CAcert or is not able to keep it save any longer. Of course the retention period is not modified by such a forwarding.
I accept this ruling and would like to express my thanks to both you and the case manager for handling this matter so professionally and quickly. I'll retrieve the CAP forms from my bank deposit box and send them to you as soon as possible, but I cannot promise that I'll get to it before the weekend. But you should receive them by mail next week at the outside.
20090701 A: Received mail with 7 CAP forms included
20090701 C: Confirms that he has made 7 Assurances
20090702 A: Support, please verify that the Claimant's account has made not more than 7 Assurances. If so, anonymize it like outlined above.
20090702 Support confirms all modification except changing the primary mail adress.
20090708 A: I have been notified about the technical requirement that primary mail adresses of accounts must be unique so setting it to firstname.lastname@example.org will not work. I therefore modify the ruling to set the primary mail adress to email@example.com
20090720 Support confirms changing the primary mail adress.
20090720 A: This case is closed now.