[cabfpub] T-Systems comments regarding Trend Micro governance proposal

kirk_hall at trendmicro.com kirk_hall at trendmicro.com
Tue Sep 18 16:43:42 MST 2012 

Responding to both Moudrick and Eddy:

I think Moudrick is indicating that the Trend Micro governance proposal will work well for an organization with a smaller number of active members (like today - we only had 17 members participate on the first round of governance voting), but that it wouldn't work as well if the membership grew to 50 or 100 active members - a "critical point" - then we might need a more formal structure, a Board with executive powers, membership fees, etc.

I agree with Moudrick's observation.  Trend Micro would not object if later in the final written governance rules we commit ourselves to a new discussion of governance structure when the Forum active membership reaches a "critical point" target number (such as 50, or whatever number the members want to choose).  At that time Trend Micro itself would probably support change to a more formal and structured body.

Kirk


From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Eddy Nigg (StartCom Ltd.)
Sent: Tuesday, September 18, 2012 4:09 PM
To: CABFPub (public at cabforum.org)
Subject: Re: [cabfpub] T-Systems comments regarding Trend Micro governance proposal


On 09/19/2012 02:05 AM, From Moudrick M. Dadashov:
Hi Kirk,

I think the proposed model should work quite well the way it did so far but as (if) the number of members reaches  some critical point the Forum will need some reform again.

Can you explain why you think that there is a some "critical point" and why it should matter?
Regards



Signer:

Eddy Nigg, COO/CTO



StartCom Ltd.<http://www.startcom.org>

XMPP:

startcom at startcom.org<xmpp:startcom at startcom.org>

Blog:

Join the Revolution!<http://blog.startcom.org>

Twitter:

Follow Me<http://twitter.com/eddy_nigg>





From: Moudrick M. Dadashov [mailto:md at ssc.lt]
Sent: Tuesday, September 18, 2012 4:05 PM
To: Kirk Hall (RD-US)
Cc: CABFPub (public at cabforum.org)
Subject: Re: [cabfpub] T-Systems comments regarding Trend Micro governance proposal

Hi Kirk,

I think the proposed model should work quite well the way it did so far but as (if) the number of members reaches  some critical point the Forum will need some reform again.

Would it be acceptable for your proposal to include some provision for the next governance model "update", if, e.g. the Forum membership gets closer to some critical figure (50, 100 etc..)?

Thanks,
M.D.

On 9/18/2012 10:41 PM, kirk_hall at trendmicro.com<mailto:kirk_hall at trendmicro.com> wrote:
Dear Karsten and Iñigo:

Thanks for forwarding the excellent comments from Christoph Schmitz.

Here are Trend Micro's responses on those comments directed at the Trend Micro governance proposal (answers inline below):

COMMENT - Incorporated entity vs. participation agreement
Whereas DigiCert proposes to found a legal entity (Delaware Law), TrendMicro wants to work together on a contractual basis (Participation/Consortia Agreement).  From a legal perspective the foundation of a legal entity is preferable as a legal entity restricts the personal liability of the members.

The bylaws of a legal entity may be changed by a majority/two third majority at a member meeting whereas for a change of the participation agreement all participants have to agree and sign a change agreement/adoption agreement. If a legal entity is incorporated as a "non-profit" organisation, the tax status is clarified.

[Trend Micro response]: We recognize that creation of a separate CA/Browser Forum legal entity (e.g., non-profit corporation) could, in theory, limit the personal liability of Forum members as a matter of law.  However, we believe this potential benefit is almost non-existent in this case given the very limited activities the Forum is engaged in - chiefly group telephone calls and occasional meetings that are actually sponsored by individual member companies.  The Forum has no employees, no budget, no commercial activities, no tax liabilities, and so it is hard to see how the Forum itself could face any classic tort, contract, or tax liability to anyone.  For this reason, we believe a corporate entity would not provide any particular benefit from these types of liability.

What kind of legal liabilities could arise from Forum activities or membership?  The chief potential liability that comes to mind could be liability for antitrust/unlawful trade restraints from the Forum standards.  However, under the law Forum members would likely have personal liability anyway for antitrust/unlawful trade restraints in any mandatory standards passed by Forum members, and the mere fact of incorporation of the Forum would not be a shield or offer any protection to Forum members for such potential liability (as Forum members would be the "actors" who approved the unlawful standards or activities).

There is one other point to consider - if the CA/Browser Forum is incorporated, it would be very easy for a disgruntled person or entity to sue the "Forum" simply by serving a summons and complaint on the registered agent for the Forum in whatever state the Forum is incorporated.  At that point, the Forum would either have to respond in court (file an Answer, incur court costs and legal charges), or not respond and be subject to a default judgment.  In other words, someone could force an incorporated Forum to respond to a single lawsuit against a single defendant (the Forum itself), which could make the Forum a "target" for potential litigation by anyone seeking to pull in CAs and browsers to a court action.  The same is true for any government regulatory actions (US or otherwise) - if the Forum is a legal entity, a government agency can effectively pull in all members simply by starting an administrative action against the Forum itself.

In contrast, if the Forum is unincorporated it can't effectively be sued as the "Forum" in a lawsuit or be pulled into a government administrative action.  Instead, the legal plaintiff (or the government agency) would need to sue - serve legal papers on - all the Forum members individually in order to obtain jurisdiction.  I question whether it would be possible to gain proper jurisdiction in the United States over many non-US CAs, which could create some limited protection against lawsuits and administrative actions in the US for non-US Forum members.  It is our belief that many potential plaintiffs and government agencies will be deterred from starting legal action against the "Forum" if they are required to serve legal papers separately on each and every Forum member.

We have had experience with unincorporated industry groups in the past, and the lack of incorporation has not been a problem.  Under the balance of the Trend Micro governance proposal, there is no real need for incorporation because the Forum will not maintain a bank balance, will not hire employees, will not enter contracts with third party vendors, etc.

Finally - the bylaws question.  The Forum does not presently have a document called "Bylaws" where all governance rules can be found, but Trend Micro has proposed that we pull together all existing and new governance rules into a single set of "Bylaws" and publish them in a public place.  The voting rules for approving an initial set of Bylaws (as well as for approval of all future changes to the Bylaws) would be the same rules as the Forum currently has for approval of all other matters (new standards, etc.), so there would be no change there.

COMMENT - Legal Comments to TrendMicro
In general the TrendMicro proposal is a possible way forward, but the foundation of a legal entity would be favourable (see above). Currently it is unclear, how the Forum will be internally organized (eg. who is taking notes, who is archiving proposals, organising voting's etc.). According to the TM proposal, only "active members" are allowed to vote. The term "active member" is not defined and could therefore lead to a discrimination of members and lengthy discussion about the validity of a vote.

[Trend Micro response]: Our general comments on the pros and cons of creating the Forum as a legal entity are covered by the response above.  Trend Micro is not adamantly opposed to creating a legal entity, we simply think it is not necessary and does not add value (plus it adds potential detriments).  We would also have to select a jurisdiction of incorporation if we incorporate, pay filing fees and for a registered agent, elect corporate officers, etc., which is additional time and expense.  And Forum members would have to consider if they are legally permitted to be members of a US non-profit corporation, for example, if the Forum is organized as a US corporation - would that mean the non-US member is legally "present" in the US and increase the likelihood that a plaintiff in a lawsuit could establish legal jurisdiction over the non-US member because of Forum membership?

The term "active member" was defined long ago by Ballot 5 (January 2008), and involves keeping track of the actual participation of nominal Forum members.  Here is how Ballot 5 defines "active members":

"A ballot result will be considered valid only when more than half of the number of currently active members has participated. The number of currently active members is the average number of member organizations that have participated in the previous three meetings (both teleconferences and face-to-face meetings)."

There is even an online calculator at the Forum wiki to keep track of which members (and how many) are "active members" at any given time - see the Attendance and Quorum Calculator.

If a Forum member does not participate for three successive meetings (phone or face to face), it remains a member (and can vote) but is no longer considered an "active members" for quorum purposes until it has participated in three successive meetings.  A quorum for voting purposes today requires only 6 members to vote on a matter (and not all must agree for the matter to pass - for example, a vote of 4-2 in favor is sufficient to pass a new mandatory standard today), which Trend Micro thinks is too low and should be examined.

The Trend Micro governance proposal does not change this existing rule considering who is an "active member" but simply incorporates it by reference - but we would be favorable to proposals for change in the future after the governance structure is decided, as this existing "active members" rule may be too narrow.  All these rules should be incorporated in a new, single set of public Bylaws that everyone can find.

We would also be favorable to adding provisions to the new Bylaws defining a process by which meeting notes will be taken, documents will be archived and made available to members and the public, etc.



TREND MICRO EMAIL NOTICE

The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system.





_______________________________________________

Public mailing list

Public at cabforum.org<mailto:Public at cabforum.org>

https://cabforum.org/mailman/listinfo/public


TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cabforum.org/pipermail/public/attachments/20120918/058e15e7/attachment-0001.html

More information about the Public mailing list