Skip to Content.
Sympa Menu

cacert-policy - Re: idea about rules for cabinet

Subject: Policy-Discussion

List archive

Re: idea about rules for cabinet


Chronological Thread 
  • From: Eva Stöwe <eva.stoewe AT cacert.org>
  • To: cacert-policy AT lists.cacert.org
  • Subject: Re: idea about rules for cabinet
  • Date: Thu, 16 Mar 2017 07:40:38 +0100
  • Organization: CAcert

Hi Etienne


On 15.03.2017 22:44, Etienne Ruedin wrote:
Dear policy group


3. Transparency
3.1. Public performance and documentation
Cabinet has to perform its business in public. There should not be a private
mailing list or the like.


I know why this point is here. I also appreciate Eve's commitment to
transparency. Nevertheless, I dare to put a question mark here.

The following e-mails I sent in the last days and weeks on board-private (the
closed list of CAcert Inc.'s committee): Please complete the agenda. X, did
you write that e-mail? Y, do you prefer Wednesday or Thursday? Who wrote the
second half of the minutes - please put into the wiki.

This leads, in my opinion, to two possibilities: either cabinet 'spam' a
public list full of irrelevant trivialities for the readers - or the cabinet
members write to their private e-mail addresses, which can not even be traced
by a later Cabinet (as it can be done by board-private actually).

The members on that list can decide if they want to be on that list or not. So if there is "spam" they can decide to ignore, filter or leave. It should be up to the members to decide what they read and what they want to read and not to cabinet. This is how transparency works.

I don't say that there couldn't be two list, one for "here is a list where the reporting and communication with other authorities or members is happening" and the other for "here is a list where cabinet does internal things" (where probably only cabinet members would be allowed to write). Even if all other members decide to leave that second list (or even if it would not be possible to join that list for anybody else), the point is that the communication could be read up for anybody who is interested.

So those mails are NO reason to not work in public.

And what about topics that are at a moment "secret" but can become public some
days or weeks later? (reasons: security, personnal matters (HR), preparations
of negotiations)?

Please have a look at our Security Policy, which also applies for board: There may not be secret topics, at least not without decision of Arbitration. Period. It's not some nice words, it's the basis for our security. The same is repeated in the principles:

9.5 Confidentiality, Secrecy

CAcert is an open organisation and adopts a principle of open disclosure wherever possible. See Principles. This is not a statement of politics but a statement of security; if a security issue can only be sustained under some confidentiality or secrecy, then find another way.

In concrete terms, confidentiality or secrecy may be maintained only under a defined method in policy, or under the oversight of the Arbitrator (which itself is under DRP). The exception itself must not be secret or confidential. All secrets and confidentials are reviewable under Arbitration, and may be reversed. All should strive to reduce or remove any such restriction.


"Security" in general clearly is NOT a reason to keep things private (with very few exceptions, which should be covered and reviewed by Arbitration).
"Preparations for negotiations" are clearly something that never should be private at all in any way.
"Personal matters (HR)" also are extremely in the interest of the public and also clearly should be public. At least in general.

And I clearly hope that there currently are no private topics.

Sure, regarding HR there can be some situations where some information could be of relevance where there would be an overwhelming interest of the affected person to keep that information private.

But the question is if this would constitute the need for a private mailing list for Cabinet.

We are clearly speaking about exceptions. For which probably other ways of communication could be established (which also should include some kind of documentation). (Private chat, call, encryption (maybe even send via the public Cabinet mailing list, ....)

But I don't believe that such exceptions should lead to a situation where more or less all mails are private just because there could be such an exception, eventually.


A solution could be restrictions instead prohibition?

Actually this is what I did. Currently it is prohibited by Security Policy.

But I now provide a policy proposal that names the restrictions for private handling of business. So my proposal actually is the first to ALLOW that parts of the handling of business are kept private! Even under SP. Because if this proposal is accepted there will be a policy that covers some kind of private handling of business.

Sure, it would be reviewable by Arbitration. But SP requires this, already, anyway.

Best regards
Etienne

Kind regards,
Eva

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature




Archive powered by MHonArc 2.6.18.

Top of Page