What I stand for
CAcert is a great experiment to prove that communities of people that interact based on mutual respect and equality, can deliver better, more flexible and more secure systems that any company ever could.
I believe that CAcert and all its officers should be:
Below I explain what exactly I mean by these statements. They are written as if CAcert had already accomplished them all. That is of course not the case yet.
Therefore I see my task in moving CAcert into that direction.
Below these positions, you can find out more about me and my history
CAcert is Open
CAcert is an open project. Open means that we are open for community members as well as association members. Open means that CAcert welcomes with open arms a plurality of inputs from all over the world, from all races, colors, creeds and walks of life.
I believe that the artificial segregation of community activists in those that have a voice and those that are disenfranchised is wrong. We are currently taking bold steps to remove barriers and we will emerge a stronger community because of it. I stand behind those steps and fully support them.
CAcert is Transparent
In order to function as an open community, CAcert needs to be fully transparent. All decisions made within CAcert need to be fully understandable by anyone caring to look at the documentation and processes. All discussions to arrive at decisions need to be transparent to anyone wanting to follow the thread.
There is no place in CAcert for secrecy and obscurity.
Just having open mailing-lists is not enough! We need to actively go forward into our community and report on activities to it.
Just acting behind closed doors is no longer an acceptable way for CAcert to conduct itself.
CAcert is Democratic
History, both of CAcert and the world at large, have proven, that autocratic rulers and pseudo democracies always lead to ruin and chaos. Although it may not be the optimal form of governance, democracy still is the best of the available systems. I believe that CAcert needs to become a strong democracy; one where all power is directly derived from its members, controlled by its members and only ever used for the benefit of its members.
In the past CAcert has had great individuals that paved the way and through their engagement made CAcert possible: Duane, Greg, Teus. Now however CAcert is at the brink of a new era in its history; one where for the first time actual elections seem possible, even likely. One where it will be essential to bring a long lasting stability to CAcert.
A stability not derived from a single leader that carefully picks his team, but rather a stability that is based on democracy. A stability derived from the fact that no individual is capable of subverting CAcert. A stability that stems from the fact that whoever sits on the board is not as relevant as whether the community fully stands behind their actions.
No person shall lead without the full support of the membership and no leader shall be beyond accountability for their actions.
CAcert is Accountable
No democracy has ever worked if the leadership of it has not been fully accountable to is constituents. Accountability means that anyone intending to lead needs to fully disclose their program and intentions and present them to all members.
Once elected transparency enables all members to watch the actions of their elected representatives. And judge them on their faithfulness to their proclaimed agenda.
This way accountability means that if a elected representative does not act in accordance with the program presented he or she can be removed from office.
Until there is transparency there is no accountability. Until there is accountability there will not be stability.
CAcert is Policy Driven
For two and a half years Ian has worked hard with many individuals to prepare CAcert for an Audit. In order for any Audit to take place there need to be rules and procedures which can be audited. In the beginning CAcert had none of that. For the last 12 months Ian and me as well as countless others have been working hard to get those rules in place. Before I joined in there was the Policy on Policy, and the Dispute Resolution Policy, two works which have greatly shaped CAcert as an open organisation.
Since then we have added the Assurance Policy, the Security Policy, the Security Manual, the Community Agreement and the Certificate Practice Statement. As the Assurance Policy was adopted, for the first time there was something to audit. And immediately Ian began auditing Assurances. Within the last 6-8 months great efforts were undertaken to move CAcert forward and much was achieved.
Now it is time for CAcert Inc. to fully stand behind its community and its efforts. CAcert Inc. needs to embrace all policies created by the community and submit itself fully to these policies. They are what keeps CAcert fair and even. They are what gives us all a base to work together on.
Unless CAcert Inc. fully embraces the community policies, CAcert Inc. will never become a stable organisation.
CAcert is in full compliance with all applicable laws
At the same time it was realised in the same way CAcert Inc. was ignoring and circumventing its own constituency, it was also ignoring applicable law. The example of this was the handling of the Dutch Data Protection Act. Even now CAcert is in conflict with this law and still has no clear way into compliance, despite the efforts of many.
You will be able to view live another example of this play out, when the new rules for association in New South Wales take effect the beginning of next year. These changes will also require in changes in the structure of CAcert Inc. These changes may well be controversial, yet unless we want to be in conflict with laws we will have to adapt. This requires calm, reasoned and informed leadership. I think I can work well with others to provide that leadership.
However leadership without governance and oversight is a sure way into disaster. Therefore CAcert needs to establish a strong system of democracy. It is no longer enough for a strong leader to pick his cabinet. At this junction only a democratically elected leadership team can reliably navigate CAcert through its challenges.
Task number one of any new committee must be to bring CAcert Inc. into full compliance with all applicable laws and develop a mechanism to remain in compliance in the future.
CAcert is Trusted
One of the key assets that CAcert has is that it is trusted by almost 140000 people (community members). However trust needs to be earned and proven.
All the above points have as one of their goals to engender trust in CAcert. Now it is time again that CAcert both as a community and an association earn that trust by acting responsibly and in an honest fashion.
CAcert is Audited
While the primary purpose of an audit, from the perspective of the community, is to enter the browsers and thereby present a viable alternative to the commercial world of Certificate Authorities, an audit provides more value than that.
Audits in the commercial world are like car inspections for motor vehicles. They are annoying duties that need to be completed and they usually lead to, sometimes costly, repairs being required.
Yet that has merit! It makes us all safer on the roads. We can assume that most cars on the street will not in themselves present a hazard. And it gives ourselves the peace of mind to know that our own car is road worthy; that our own brakes will work when we need them; that our transmission will not fail us when we go uphill; and that we will arrive at our destination safely.
The same holds true for CAcert. An audit is a way to make sure we as a community do not present a hazard to the world at large. It assures others of the merit of our organisation and it assures us that we can safely navigate the twists and turns of the road ahead.
Again this presents a challenge for the next committee of CAcert Inc. This committee will have to make it clear to every community and association member why we need to complete an audit. We need to make it clear that we stand together behind an audit; and we may need to fix our "brakes" and "gears" if audit deems them to be problematic.
So far CAcert Inc. has acted like the individual car owner grumbling about the hassles posed by an inspection and the work required. I have tried hard as audit liaison to get CAcert to have a broader view of the process and work together to achieve the goal of an audit.
Whatever else the next CAcert committee needs to do, preparing the way for and working through an audit will undoubtedly be one of the most important things to accomplish.
Trust needs to be earned and proven. Audits are the world's way to check whether trust is well founded.
Born in 1976 I have been working in IT related fields since the mid 1990's. I started off at several small advertising agencies and later moved to Ogilvy where I was responsible for much of the development done there.
After my stint at Ogilvy I decided to obtain a degree in Computer Sciences via the University of Derby (Derby, UK) which I achieved in 2003. After receiving my diploma I joined Fabasoft which provides much of Austria as well as parts of Germany, Switzerland, Great Britain, and the US with eGovernment solutions. At Fabasoft I was responsible for the State of Vorarlberg as well as for implementing the digital submission and signing of petitions to both the federal government as well as the government of Lower Austria.
Since then I have moved on, first to consult on VoiceOverIP solutions and later to developing and managing technical teams for a venture capital and incubation firm in the web 2.0 space. Currently I am the Chief Technology Officer of an internet price comparison portal.
I got my start at CAcert searching for an easier way to manage certificates. Having found CAcert quite useful, I decided to make an attempt at joining in and helping out. My first step in that direction was to join the discussion on the Policy-List. After that I took on different responsibilities at CAcert
- Member of the Arbitration Team
- Organisation Assurer
- Policy Group
- Audit Liaison
- Helping with Events
- Documentation Officer
before being nominated to the CAcert Board of Directors in November of 2008. After that I have actively worked on writing and reviewing documents and policies such as
- Assurance Policy
- Security Policy
- Security Manual
- Certificate Practice Statement
- Management Assertion
- Software Development
in addition I worked together with Rasika (Privacy Officer) and IanG (Auditor) on resolving the problems we face due to the Dutch DataProtectionAct before handing that issue over to Teus Hagen.
I also continued to help with Events and traveled to Germany and Switzerland to promote CAcert.
2 (one of each kind)
Mac Book Air