Policy-Discussion

[Ian G <iang AT cacert.org>]

On 29/03/2010 12:45, Mark Lipscombe wrote:
> On 3/29/2010 10:47 AM, Ian G wrote:
> > Disingenuous or not, the words say:
> >
> > "4.6 During the period of DRAFT, CAcert Inc.
> > retains a veto over policies that effect the
> > running of CAcert Inc."
> >
> > It very clearly gives full veto and no more. Although, I think I can
> > accept that it is an easy mistake to make.
> >
> > Clearly it would be nice for the board to have a selective veto. So it
> > could just chop & change the bits it didn't like.
> >
> > Of course, it would never work. The reason that there is no selective
> > veto is because we want the policy group to work the policies;
> > selectively slicing & dicing will result in the inevitable hand over of
> > everything, so, end of policy group.
>
> The words can be interpreted in many different ways. There is nothing
> explicit in those words that prevent us from interpreting that to mean
> it to be possible to selectively apply our veto power to portions of a
> policy document.


    "4.4 Revisions of DRAFTs must be treated as
    decisions on the policy group."

That's a *must*.

I don't think you can argue that "selective" is different to "revision" 
... but hey :)


> The drafters of this policy should have contemporaneously documented
> their intent or drafted it better to reflect that intent.


The words are perfectly clear!  A veto, only.  If there had been any 
hint that the board could unilaterally strike a word or a paragraph, the 
drafters would have said that.  As it was, they said:

    "4.4 Revisions of DRAFTs must be treated as
    decisions on the policy group."


> We're now left with conflicting interpretations of what that clause
> means. Given that conflict, I would suggest the ultimate way to address
> it is by altering the PoP so that it is clear.
>
> As it relates to this current veto, I would submit it would be both
> reasonable and expedient to accept the more liberal interpretation open
> to us.


It is very clear that the board is asking for a more liberal and open 
interpretation.

But I humbly submit that the policy group is unlikely to give it for the 
very simple reason that you don't need it.  You already have all the 
ability in the world to say:

  "We think there are good reasons to drop the Board from the list
   of ABC'd personnel.  We therefore submit this to a vote, under 4.4:

   All those in favour of DROPPING the clause, say AYE."

But note the complexity.  If 7 board members vote AYE to that, and there 
is silence from the rest ... what have you got?


> > (Members of the board are encouraged to participate before hand ... PoP
> > is of course not rejecting the ability of the board members to influence
> > the process.)
>
> Yes, I agree with the underlying assertion that board members should
> have informed themselves of this matter before. However, it's reasonable
> to assume that our policies comply with our legal obligations, and so
> one wouldn't necessarily go looking for this kind of thing.


Indeed, surprises happen.

> Once becoming aware that the association may have purported rules that
> haven't been passed in accordance with the association's rules or the
> Act, as committee members we have a duty to act. The acceptance of PoP
> as it relates to the association was done adhoc and improperly. If it
> was intended to be controlling of the association's rules, it needed to
> have been passed as a special resolution.


Indeed, that is one position that the board could take.  However it 
doesn't necessarily lead to a veto.  It could be that the board says ok, 
we'll do that, but by custom, in addition to the rules.

Or it could be that the board says "ok, we see the voice of the 
community here... let's write up the special resolution and see how the 
association plays it."

Or, or, or... there are options.


> There is another side of this question that begs asking too -- if this
> is policy in effect, why has it never been enforced? Surely those of you
> who participated in the ratifying of the security policy were aware of
> its contents and this particular clause. We need to show that our
> policies are followed.


I agree this is a criticism.  One answer is that the clause was 
forgotten.  I re-discovered it a month or two back, and decided at the 
time that enforcing it was not the right thing to do, partly because 
there was a debate action point already.

Another answer is that the text says "SHOULD" which is the widely 
understood RFC term.  That is, the offending clause does not put a gun 
to the board's head.

So the board doesn't have to run out and get itself ABC'd today, or any 
day.  It could take on any alternate position such as "we're debating it 
anyway because of the last AGM."

Another answer is that we have been quite sparing with ABCs because the 
Arbitrators are overworked.  (Hence my joke of last week that one of the 
roots proposals would lead to another 60 ABCs...)

So who can we not ABC this week?  Obviously, the board can wait.

These are some answers.


> The committee is backing that up with (admittedly quite late) action by
> using the only power it officially has while sitting as the committee,
> which is the veto allowed to it under PoP. It may not be the right way
> for an individual committee member to handle it, but it *is* the correct
> way for the committee as a whole to bring policy in to line with CAcert,
> Inc's legal obligations.


Hold on.  It is a way, one way, but it is not the only way.  You could 
easily take the clause and pass it back to the membership and get a 
special resolution.  If the special resolution fails, you can send that 
result back to the policy group and say "sorry, we failed, please adjust 
the policy for us."

Alternatively, there is a widely understood way in which you can not 
follow the policy:  file a dispute.  There is absolutely no problem with 
the Board saying "we're not following that" and letting the Arbitrator 
clarify both the policy and the position.

Lots of options.  It is very clear that the board does NOT need to veto 
in order to meet its obligations.

What is also clear is that the board has decided to take this path.


> > I think it is blindingly obvious why there is no prior discussion of it.
> > It's such a simple clause, it screams out "don't do that!"
> >
> > And, to be fair & complete, it sends the same message, in reverse, to
> > policy group :)
>
> It's also the only official tool available to the committee to register
> its inability to comply with policy.


As a matter of fact, the committee can pursue changes to the rules to 
comply with the policy.

And as a matter of fact, individuals within the committee could propose 
changes to the policy to make it align with the rules.

Of course, in another case where there was an inability to comply, such 
as a policy clause that was against the law, you would of course be more 
inclined to utter the words "veto" and take us to DEFCON 3.  But there 
still remains many options before you get there.

> "Ask nicely" doesn't cut it for this kind of problem -- the policy group
> overstepped the limited authority given by previous committees and this
> is exactly what that veto is designed to protect against. Leaving that
> item in, especially with the chance that SP would become POLICY rather
> than DRAFT, would have created more headache.


Indeed, it is clearly a headache.  But they didn't overstep their 
limited authority.  They speak for the community.  And if they speak to 
ask the Association to change their rules, that's a message that is sent.

They have the right to ask for that change;  they also don't have to get 
the change correct and flawless every time.  Policy group is allowed to 
make mistakes, is allowed to write clauses that are headaches for others.


> It also would have had the effect of us being in breach of the policies
> we commit to upholding! Surely using our properly given powers to stop
> that is better than the status quo.


Yes, it's a clash.  Let's deal with it.  PoP is full of discussion on 
how to get along...?


> > It is also worth pointing out -- for that debate -- that the provisions
> > of the new 2009 Associations Act were revealed substantially after
> > Security Policy was written and placed into DRAFT. The presence of the
> > new requirements on CoIs might help in the discussion.
>
> My comments related to the existing Act, not the new one. The provisions
> in the new Act largely create a statutory offense inside the
> Associations Incorporation Act where an offense already existed either
> in common law or in other laws (such as the Corporations Act).
>
> These were all in force at the time the SP was written and placed into
> DRAFT.


Sure.  As mentioned elsewhere, the policy is a living document.  Events 
happen, circumstances change.  We can revise the policy, we have the 
tools to do that.


> > Another thing that would be worth pointing out is that the Board has an
> > action point to discuss and figure out its CoI position, following on
> > from the failed special resolutions of the last AGM. That action point
> > has been delayed in the past.
>
> These are still separate from any legal requirements, which existed when
> the policy was drafted.
>
> In summary, I believe we are using a properly given authority to do
> exactly what that authority was intended to allow us to do.


Indeed, a properly given authority exists, and is being used.

But that does not imply it is wise to use it.  It is the nuclear option, 
because it should never be used, and it creates the MAD balance.


> The veto
> clause as it stands is vague and lacks certainty of how to proceed once
> we use our veto. We should start discussing that, because there are two
> different positions on this.
>
> I would submit that we can veto "policy" and that "policy" does not mean
> a document as a whole, but that each component of a document is a
> "policy". This would mean we can veto such parts of it as effect the
> operation of CAcert, Inc. without disturbing the other parts.


I submit the English in the statement concerned is quite clear in that 
it is not singular "policy" but plural "policies."

    "4.6 During the period of DRAFT, CAcert Inc.
    retains a veto over *policies* that effect the
    running of CAcert Inc."

This clearly identifies the individual documents by referring to them in 
the plural.  The use of singular and plural forms is also supported and 
consistent in the rest of that section / document.

Further, the appearance of 4.4 two lines above nails it.  You have a 
veto over an entire policy, but the board is not given the right to 
slice & dice.  I've explained elsewhere why it has to be like this.

Also notice 5.2.  Luckily, this time, we caught the SP in time to have 
this debate ... but if not, then the association would have had a 
problem that it would have had to sort out.

And that was the position of the board of the association in 2007, they 
were fully cognizant of the need for them to act reasonably and within 
the context of PoP, because ultimately, the board represents the community.


> It allows
> us to discharge our obligations as committee members in a way that is as
> narrow as possible.


Well, right.  But there is a big difference between saying "we must 
discharge" only, and "guys, there are some obligations that might catch 
us if this goes through......"


> I think that if the alternate position prevails, that the word "policy"
> means "the entire policy document", then we get into some interesting
> territory.


Well, it would never work that way.

Think about it for a moment ... if the board was allowed to selectively 
veto, then the board would just sit back and not participate in the 
policy group at all.  Kick its heels back and play the dictator.

That'll never work.  Volunteers don't put up with that.  "If you want 
that, you can write the policies yourself."



iang

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature