• Arbitrations
• a20110315.1

• Case Number: a20110315.1
• Status: closed
• Claimants: Dean L
• Respondents: CAcert

• Case Manager: SebastianKueppers

• Arbitrator: UlrichSchroeter

• Date of arbitration start: 2011-05-23
• Date of ruling: 2011-06-17
• Case closed: 2012-04-18
• Complaint: Domain dispute, turned to CCA violation, administrative delete account
• Relief: TBD

Before: Arbitrator UlrichSchroeter (A), Respondent: CAcert (R), Claimant: Dean L (C), Case: a20110315.1

History Log

• 2011-03-15 (disputes) case https://lists.cacert.org/wws/arc/cacert-disputes/2011-03/msg00010.html

• 2011-03-17 (A): added to wiki, request for CM / A
• 2011-03-17 (CM): I'll take care about this case as (CM)
• 2011-03-17 (A): I'll take care about this case as (A)
• 2011-03-17 (A): sending initmailing with CCA/DRP acceptance request
• 2011-03-17 (A): request to (Support) to identify account where domain in question is linked to
• 2011-03-18 (Support): [s20110317.64] sends report
• 2011-03-18 (A): request to (Support): please forward ticket #s20110315.68 infos
• 2011-03-18 (Support): [s20110317.64] response, domain is linked to another account
• 2011-04-04 (A): request to (Support): what is the name, email of the account the domain is now linked to ?
• 2011-04-05 (Support): [s20110404.51] gives name info, a comment on DoB, 0 assurances for account #2
• 2011-04-05 (A): re-request infos about old and new account of (C) from (Support)
• 2011-04-05 (Support): [s20110404.51] detailed background infos
• 2011-04-30 (A): intermediate ruling sent to (C)
• 2011-05-03 (SE): thoughts about standardized reaction by Support at Pwd Reset requests with Names not AP conform
• 2011-05-23 (A): Intermediate Ruling #2, and Exec Request to (Support)
• 2011-05-23 (Support): [s20110523.44] Intermediate Ruling #2 exec report

Original Dispute, Discovery (Private Part)

• Link to Arbitration case a20110315.1 (Private Part)

EOT Private Part

Discovery

• User account where domain belongs to is a regular user account, but w/o personalized username
• Support ticket s20110315.68 indicates, that domain transfer yet has been completed
• Members name in account conflicts with policies in effect

  • AP 0.1. Definition of Terms

    Member
        A Member is an individual who has agreed to the CAcert Community Agreement (CCA)
        and has created successfully a CAcert login account on the CAcert web site.
     Prospective Member
        An individual who participates in the process of Assurance, but has not yet
        created a CAcert login account. 
     Name
        A Name is the full name of an individual. 

    • User is no Prospective Member per definition, User is Member, As member he has created a CAcert login account with Name -> A Name is the full name of an individual. "Administrator" is not a full name of an individual.

  • AP 2.1. The Member's Name

    At least one individual Name is recorded in the Member's CAcert login account. The general standard of a Name is:
        * The Name should be recorded as written in a government-issued photo
          identity document (ID).

  • CCA 0.1 Terms

    2. "Member" means you, a registered participant within CAcert's Community, with an account on the website and the facility to request certificates. Members may be individuals ("natural persons") or organisations ("legal persons").

  • CCA 1.1 Agreement

    You and CAcert both agree to the terms and conditions in this agreement. Your agreement is given by any of
        [...]
        * your request on the website to join the Community and create an account, 

Intermediate Ruling

I have to follow up this case as of a potential CCA violation

Support send you a reply to your request back in March/April 2011, to notify you of a problem with the name in your account.

I have to follow up this case, as your name in your account:

•   Givennamen:  Administrator
    Middlename:  ./.
    Lastname:    Acumencapital
    Suffix:      ./.

violates current policies.

So therefor I hereby order to you, that you correct your account name to your legal name or I have to continue this case with an Administrative Delete Account.

Policy violations given:

Assurance Policy: Assurance Policy (AP)

•   * AP 0.1. Definition of Terms
     Member
      A Member is an individual who has agreed to the CAcert Community
  Agreement (CCA)
      and has created successfully a CAcert login account on the CAcert web
  site.
     Prospective Member
      An individual who participates in the process of Assurance, but has
  not yet
      created a CAcert login account. 
     Name
      A Name is the full name of an individual. 
  
     * User is no Prospective Member per definition,
       User is Member, As member he has created a
       CAcert login account with Name -> A Name is
       the full name of an individual. "Administrator"
       is not a full name of an individual.
  
    * AP 2.1. The Member's Name
     At least one individual Name is recorded in the
     Member's CAcert login account. The general
     standard of a Name is:
     * The Name should be recorded as written in a
       government-issued photo
      identity document (ID).

CAcert Community Agreement: CAcert Community Agreement (CCA)

•   * CCA 0.1  Terms
     2. "Member" means you, a registered participant within
        CAcert's Community, with an account on the website
        and the facility to request certificates. Members
        may be individuals ("natural persons") or
        organisations ("legal persons").
  
    * CCA 1.1  Agreement 
     You and CAcert both agree to the terms and conditions
     in this agreement. Your agreement is given by any of
      [...]
      * your request on the website to join the Community
        and create an account, 

As you've didn't answered yet on the Init mailing (see below) I assume that you didn't accepted the CAcert Community Agreement yet.

So therefor I have to initiate an Administrative Delete Account process if you didn't reply within a 2 weeks period until

• Saturday, May 14th 2011

and didn't correct your account name to your name as defined by policies.

You can interrupt this process, if you

1. correct your username in your account -and-
2. respond to this intermediate ruling with acceptance of CCA / DRP under this arbitration.

Hopefuly I'll hear from you soon.

Finally, please remember: this forum is about sorting out our common difficulties and improving our ability to secure ourselves. Unlike other forums, we will all be required to work together after this Arbitration, so I ask you to maintain a positive and helpful spirit at all times!

Frankfurt/Main, 2011-04-30

Intermediate Ruling #2

Without any response from the user, this case turned into an administrative delete account case caused by:

1. CCA and AP violations CCA 0.1 (2), CCA 1.1, AP 0.1, AP 2.1
2. and CCA violation CCA 3.5

By following the DRP 2.2 Preliminaries the user disqualifies himself to be a member and therefor is treated as NRP:

• Any parties that are not Users and are not bound by the CPS are given the opportunity to enter into CAcert and be bound by the CPS and these rules of arbitration. If these Non-Related Persons (NRPs) remain outside, their rights and remedies under CAcert's policies and forum are strictly limited to that specified in the Non-Related Persons -- Disclaimer and Licence. NRPs may proceed with Arbitration subject to preliminary orders of the Arbitrator.

The user has received the opportunity to enter into CAcert and be bound by the CPS and these rules of arbitration. By not responding to the Intermediate Ruling #1 dated 2011-04-30, this opportunity has not been accepted.

So therefor I hereby order (Support)

1. that Support should hijack the users account
2. Please make a snapshot printout (to pdf) of the complete users account
3. revoke all existing client certs, server certs, GPG/PGP keys
4. to lock the account

Frankfurt/Main, 2011-05-23

Ruling

One of the requirements to become member of CAcert's community is to accept the CAcert Community Agreement (CCA) that includes the acceptance of Arbitration under the Dispute Resolution Policy. The user gets notified with CCA and DRP acceptance requests several times, but these are all still unanswered.

I hereby confirm the intermediate rulings #1 dated 2011-04-30 and #2 dated 2011-05-23 and follow the deliberations given.

As no CAcert Community Agreement (CCA) and Dispute Resolution Policy acceptance confirmation could be established right now between the user and CAcert, I hereby cancel the users membership (if it yet still persists). CCA termination date set to 2011-06-17.

Support should anonymize all users data (Name, DoB, Password Reset questions, Location, reset the notification settings to 0, and so on) except the primary email address used. The user account to keep locked as it violates Assurance Policy and CCA minimum requirements (see deliberations from intermediate ruling #1) as there is no secure fact established, that the user don't tries to re-use this banned account.

Frankfurt/Main, 2011-06-17

Execution

• 2011-06-17 (A): sent ruling and exec request to (Support), (CM), (C)
• 2011-06-18 (Support): [s20110617.41] exec report. Account closed, (C) email + domain preserved, account locked.
• 2012-04-18 (A): case reviewed. No more open tasks, case closed.

Similiar Cases

• CategoryArbitration

• CategoryArbCaseDomainDispute

• CategoryArbCaseAccountDelNonAssurer

• CategoryArbCaseCCAViolation