Policy-Discussion

[Ian G <iang AT systemics.com>]

Jens Paul wrote:
> Hi!
>
> > Jens Paul wrote:
> >  
> > > Hello again,
> > >
> > > it seems that the discussion about "under 18 Assurers" endet without 
> > > a conclusion.
> > >
> > > If I got it right, the majority liked the idea that "under 18" 
> > > Assurers should only be allowed to assure people if their Assurance 
> > > is countersigned by an "over 18" Assurer guardian.


I would say that if CAcert went with this idea (still under 
debate) then it might be better off if the Youth Assurer's 
papers were countersigned by *any* Assurer.  Just trying to 
think practically here, I think having to tow ones pet 
Guardian around could be annoying to both pet and Youth.


> > I was wondering whether the Assurance itself was counter-signed, or 
> > whether there is a once-only Guardian Assurer who signs the Youth 
> > Assurer into the system?
> >   
>
> Well, if you only "sign the youth assurer into the system" what does 
> that mean? Are you then liable for any action the youth assurer does?


A Guardian would pick up any additional risk, yes.  If it is 
not picked up by the Guardian, then it is picked up by ... who?

(I'm assuming that the youth has no normal legal liability, 
in this conversation ... I think that is a good baseline 
from which to work in developing the policy.)


> If 
> so I'm pretty sure that we won't find any guardians to take such a risk. 


Well, that's an issue, indeed!

If then we can't find anyone to take on that risk, why is it 
that we as a community are taking on the risk jointly?


> I think if we really wanna avoid the missuse by those youth, we need to 
> have a guardian sign every single assurance or we won't avoid any 
> missuse at all.


OK, so we have two different concepts here.  Both 
dramatically different...  and therefore we will have to 
search for more consensus in the policy group.


> Or we go back to not allowing yout assurers ...


There are now 4 options:

1.  Have a Guardian sign a Youth Assurer into the system, 
and Guardian picks up the residual liability not 
attributable to the Youth Assurer.

2.  Have a Supervising Assurer add a countersignature on 
every assurance done by the Youth Assurer.

3.  The null option -- we leave the system as is, with Youth 
Assurers limited to 10 points, and that's it.

4.  The zero option -- turn off all Youth Assurance.

What do people feel about these options?



> > That is, countersigning each form or each individual assurance is 
> > tantamount to each Assurance being done by the countersigner.  Whereas 
> > the goal is to get the Youth Assurer to do as much work as possible, 
> > efficiently, without endangering the overall governance.
> >   
>
> Correct. But again, I'm not talking about the 99.9% good youth assurers. 
> I'm talking about those 0.1% who may be used by "criminal individuals".


Well, this is a fact of life.  We have this situation with 
the entire CA -- we are building a system to cope with 
stopping the 0.1%, while keeping the 99.9% assurers working 
and certs being delivered.

The only difference between Youth Assurer and an (adult) 
Assurer is that the former has less liability, and the 
latter has more liability.  As CAcert has structured the 
organisation to work with much reduced levels of liability 
any way, I'm not sure that this difference is so dramatic as 
causes us to take huge steps to avoid it?

That is, we all know minors can't sign contracts.  So what? 
 What is the real problem that will occur, and why can't we 
fix it with our *normal* systems?


> > ( Also, as a further possibility for the distant future, we could say 
> > that the Youth Assurer gets 10 points of Assurance Grant for *each* 
> > Guardian that he finds. )
> >   
>
> OK, than direct question: would YOU in person accept that you are liable 
> for ANY fake assurances "youth 1" does?


Sure.  As long as I did my due diligence on "youth 1" ... 
things like checking he has done the education, passed the 
test, and appears to be a reliable, calm, thoughtful and 
attentive youth ... Ok, so full points in the latter might 
be pushing it, but I settle for a 50% pass and a good grade 
on the Assurer test :)

I do not see it as any different to giving driving lessons. 
  "Sure, I'll take you for a driving lesson" is something 
that an adult would say to some kid around the neighbourhood 
who they've known for a few years.  I've given quite a few 
kids lessons on driving, and the issue of the driving 
instructor being totally responsible makes me think more 
carefully, but it doesn't make me reject it out of hand.

(I have actually taken one 24 year old out for driving 
lessons, and stopped after the first.  The guy didn't 
listen, so that was that.)


> I would even think about 
> accepting that if the youth is my own child .... but for a stranger?


Oh, a stranger, no.  But this needs to be explained.

"You are taking on the responsibility for the Youth's 
actions.  Be sure that you are familiar with the Youth, and 
you have made a judgement that the Youth can fulfill all of 
CAcert's requirements, both in the letter of our law and the 
spirit of our community!"


> > > Can we "write it down" that way? If yes, how could we implement such 
> > > a procedure?
> > >     
> >
> >
> > The CPS may have something to say about this;  which is to say there 
> > might need to be a comment in the CPS.
> >
> > But, I suspect ideally the place for this is a wiki page that links 
> > off the primary Assurance area.  So, in literary terms, an Annex to 
> > the Assurance Handbook that might be "Guidelines for Young Assurers."
> >   
>
> Oh, you mean that wiki which calls itself "unoffical FAQ"? That one 
> totally outdated? That one were the core team always says "it doesn't 
> matter what's in the wiki, only the policys count? Sorry Ian for being 
> such direct, but if we really talk about the wiki for such things we 
> should make clear that the wiki IS the opinion of CAcert and we need 
> some quality control first ...


Well, ok, maybe we are all pushing each other to improve it ;)

As I understand it, the wiki *is* the opinion of CAcert ... 
the core team members tend to watch all changes to it ... 
and there are some policy statements on there.

Are you saying that it doesn't count?  I think it counts, 
myself, but I agree that the policy documents (CPS, PoP, PP, 
SM, ...) are "dominating" docuemnts (to use the phrase).

Also, the notion is to start a policy document, and then 
migrate it into some more formal version.  The policy will 
become accepted long before the document is cast in 
concrete, I suspect.

iang