- Case Number: a20080702.1
- Status: Completed
- Claimants (C): (Claimant Information held by arbitrator according to ruling)
- Respondents (R): guillaume at cacert.org for CAcert
- Complaint: Account removal with Assurer status
- Case Manager (CM): Bernhard Fröhlich (ted at convey.de)
- Arbitrator (A): Philipp Dunkel (p.dunkel at cacert.org)
- Date of arbitration: 2008-07-03 - 2008-09-09
Claimant claimed : I want my CAcert account removed and all datas cleared. My account has got 100 points issued in 2004. I am Assurer but have not made any assurance yet. I don't need this account anymore.
CAcert support claimed : We cannot remove an account (with trust point) without prior arbitration.
A: @Support: To initialize the proceedings please transmit the following information to me and/or verify the following:
- The contact information of the claimant
- Verify the statement that no assurances have taken place
- List of issued certificates and their expiration dates (If revoked please note but include) Only certificates with an expiration date in the future need be included.
CM: Sent formal initiating mail with request to accept arbitration at 2008-07-09
- C: I will accept arbitration because you (CAcert) claims it is the only way to get my account and information deleted.
R: CAcert accepts arbitration. Not really surprising, isn't it? :-)
C: I have not assured anyone and have not created any certificates for my CAcert account, therefore deletion should not have any side effects.
A: I have been notified by support (P.Gühring) that there have not been any certificates issued to this account and there have been no assurances made.
CM: At 2008-09-04 the claimant asked about further progress of the case. I'll try to reach the Arbitrator if a ruling can be given.
Intermediate Ruling
The originally named respondent in this case was Guillaume Romagny. This stems from the fact that he was the support person taking the filed dispute and bringing it forward to arbitration. However the naming of this individual support person as the respondent may lead to unintended consequences. The individual support person is not entitled to make any binding statements for CAcert and can therefore not be considered an agent or representative of CAcert. The dispute was filed as a regular support action (termination of a membership) and no wrong-doing has been alleged. Since being named as the respondent in a case may lead to being held liable in case such a case goes further to a court of law or is otherwise challenged, it is important to note that the respondent to a support action is CAcert itself and not the individual support person. Therefore I order that all files regarding this case be amended to reflect the true respondent as CAcert. The position of the individual support person for the purposes of this dispute is more akin to that of a clerk, that may receive notices served to CAcert. Therefore Guillaume Romagny is designated as able to receive such notices.
This reasoning may be used for all disputes filed as routine support actions where no wrong-doing has been alleged, found or is likely to be found.
Ruling
The case of this Arbitration is to terminate the membership of the claimant in CAcert. Furthermore the claimant has asked that all personally identifiable information is removed from CAcert records.
The questions posed by the request to terminate the account are:
- Has the claimant caused anyone else to rely on his statements made to CAcert
- by issuing a signature that a member may rely upon
- by making an assurance that others use to rely upon the identity of the assured person
- Has the claimant relied on any information based on the fact that he is a CAcert member. This could only take the form of relying on a certificate issued by CAcert.
The answers to these questions are in this case:
- No reliance of others upon the claimant is likely
- According to CAcert records no certificates were issued for the claimants account.
- According to CAcert records no assurances were made by the claimant.
- This is something that cannot be proven by CAcert itself. However by requiring the claimant to make a statement clarifying that he has not relied on any CAcert certificates would be proof of this.
The question of whether the claimant has agreed to the CCA or not (although in this case he has) is not relevant, since the reliance issues stem not only from the CCA but rather directly from the actions themselves.
This reasoning is suitable for use in similar cases of account termination.
As to the removal of personally identifiable information the following questions are raised:
- Is there a good valid reason to keep the information in the context of CAcert regular operations
The answer found for this arbitration is:
- There is no need for any personally identifiable information to be kept for the purposes of CAcert operations.
One could argue that a future dispute may arise in which this information could become necessary. However since there is no way to foresee such an eventuality it cannot be reasoned that CAcert is entitled to hold this information for such an eventuality. Especially since little interaction between the claimant and CAcert has been found that could constitute grounds for a future dispute.
The only requirement for access to this information stems from the fact that all arbitrations should be on the public record. This however raises some questions:
- What does "public record" mean?
- What parts of the arbitration proceedings form part of the public record? (Only the arbitration proceedings themselves or does it include the personal information of the claimant and respondent ?)
- Who should have access to what parts of the record and how should access be provided?
The answers found by this arbitrator are:
- Public record means that any person natural or otherwise should be able to gain access to the records. (However see further points for scope)
- All parts of the arbitration form part of the public record. This includes personally identifiable information of the claimant.
- For the purpose of answering this question the record needs to be split up into 2 parts:
- The proceedings of the arbitration itself
- The personally identifiable information of the involved parties.
Courts around the world, including in the common law tradition, have always accepted that while proceedings should be part of the public record the identity of the involved parties may be sealed. An example of this would be cases involving minors. Furthermore the tradition of open public records did not take into account the possible publication of these records via internet technology. In the past court records have been kept de-centrally by the courts. In order to obtain access to these records one had to physically go to the court in question and request a copy of the files. This, as a side-effect, did not provide the free, quick and easy access to these files from anywhere and in practice limited the availability of court records to parties with a particular interest in a file.
Current technology brings about many advantages. One of these is the easy access to records of all types. However privacy considerations now need to be taken into account with more particular attention. It is therefore important to strike a balance between public easy access and the privacy concerns of the involved parties.
This reasoning can be used for all cases where no overruling interest in the publication of the claimant involved has been established.
Therefore I rule thus:
- The membership of the claimant in CAcert is hereby terminated.
- The account of the claimant is to be removed from all CAcert databases.
- The claimant will be required to provide this arbitrator with a statement that he has not relied on any CAcert certificate.
- All proceedings of this arbitration will be published in the CAcert wiki. However all personally identifiable information of the claimant will be anonymized.
- The personally identifiable information of the claimant will be retained by this arbitrator.
- The personally identifiable information of the claimant is available to members of CAcert or another interested party by consulting with a future arbitrator.
- The statement of "Non-Reliance" (see point 1. will be held by this arbitrator and is also available to all members of CAcert or other interested parties by consulting with a future arbitrator.
Execution
CM: According to a message from Guillaume (17 Sep 2008 21:38:53 +0200) he has "anonymized (name, DOB) and then dropped the account."
Background reading
The CCA's statement o account deletion
The Assurance Statement in Chapter one of the WIP Assurance Policy says what CAcert members may rely on if another member stated that she is assured (by presenting a certificate)
FAQ/AccountRemoval for some earlier thoughts on account removal
The PrivacyPolicy, especially paragraph 6, but note also paragraph 9
Post Ruling Case Notes
2009-09-06 On Arbitrator Ulrich Schröter requested to know whether the identity of the claimant was that of a person in contact with him that could match by the description of circumstances. It was divulged that the claimants do not match. However the identity of the claimant in this case was not divulged.