[cabfpub] T-Systems comments regarding Trend Micro governance proposal

Moudrick M. Dadashov md at ssc.lt
Tue Sep 18 23:05:09 UTC 2012

Hi Kirk,

I think the proposed model should work quite well the way it did so far 
but as (if) the number of members reaches  some critical point the Forum 
will need some reform again.

Would it be acceptable for your proposal to include some provision for 
the next governance model "update", if, e.g. the Forum membership gets 
closer to some critical figure (50, 100 etc..)?


On 9/18/2012 10:41 PM, kirk_hall at trendmicro.com wrote:
> Dear Karsten and Iñigo:
> Thanks for forwarding the excellent comments from Christoph Schmitz.
> Here are Trend Micro's responses on those comments directed at the 
> Trend Micro governance proposal (answers inline below):
> *COMMENT - Incorporated entity vs. participation agreement*
> Whereas DigiCert proposes to found a legal entity (Delaware Law), 
> TrendMicro wants to work together on a contractual basis 
> (Participation/Consortia Agreement).  From a legal perspective the 
> foundation of a legal entity is preferable as a legal entity restricts 
> the personal liability of the members.
> The bylaws of a legal entity may be changed by a majority/two third 
> majority at a member meeting whereas for a change of the participation 
> agreement all participants have to agree and sign a change 
> agreement/adoption agreement. If a legal entity is incorporated as a 
> "non-profit" organisation, the tax status is clarified.
> *[Trend Micro response]:*We recognize that creation of a separate 
> CA/Browser Forum legal entity (e.g., non-profit corporation) could, in 
> theory, limit the personal liability of Forum members as a matter of 
> law.  However, we believe this potential benefit is almost 
> non-existent in this case given the very limited activities the Forum 
> is engaged in -- chiefly group telephone calls and occasional meetings 
> that are actually sponsored by individual member companies.  The Forum 
> has no employees, no budget, no commercial activities, no tax 
> liabilities, and so it is hard to see how the Forum itself could face 
> any classic tort, contract, or tax liability to anyone.  For this 
> reason, we believe a corporate entity would not provide any particular 
> benefit from these types of liability.
> What kind of legal liabilities could arise from Forum activities or 
> membership?  The chief potential liability that comes to mind could be 
> liability for antitrust/unlawful trade restraints from the Forum 
> standards.  However, under the law Forum members would likely have 
> personal liability anyway for antitrust/unlawful trade restraints in 
> any mandatory standards passed by Forum members, and the mere fact of 
> incorporation of the Forum would not be a shield or offer any 
> protection to Forum members for such potential liability (as Forum 
> members would be the "actors" who approved the unlawful standards or 
> activities).
> There is one other point to consider -- if the CA/Browser Forum is 
> incorporated, it would be very easy for a disgruntled person or entity 
> to sue the "Forum" simply by serving a summons and complaint on the 
> registered agent for the Forum in whatever state the Forum is 
> incorporated.  At that point, the Forum would either have to respond 
> in court (file an Answer, incur court costs and legal charges), or not 
> respond and be subject to a default judgment.  In other words, someone 
> could force an incorporated Forum to respond to a single lawsuit 
> against a single defendant (the Forum itself), which could make the 
> Forum a "target" for potential litigation by anyone seeking to pull in 
> CAs and browsers to a court action.  The same is true for any 
> government regulatory actions (US or otherwise) -- if the Forum is a 
> legal entity, a government agency can effectively pull in all members 
> simply by starting an administrative action against the Forum itself.
> In contrast, if the Forum is unincorporated it can't effectively be 
> sued as the "Forum" in a lawsuit or be pulled into a government 
> administrative action.  Instead, the legal plaintiff (or the 
> government agency) would need to sue -- serve legal papers on -- all 
> the Forum members individually in order to obtain jurisdiction.  I 
> question whether it would be possible to gain proper jurisdiction in 
> the United States over many non-US CAs, which could create some 
> limited protection against lawsuits and administrative actions in the 
> US for non-US Forum members.  It is our belief that many potential 
> plaintiffs and government agencies will be deterred from starting 
> legal action against the "Forum" if they are required to serve legal 
> papers separately on each and every Forum member.
> We have had experience with unincorporated industry groups in the 
> past, and the lack of incorporation has not been a problem.  Under the 
> balance of the Trend Micro governance proposal, there is no real need 
> for incorporation because the Forum will not maintain a bank balance, 
> will not hire employees, will not enter contracts with third party 
> vendors, etc.
> Finally -- the bylaws question.  The Forum does not presently have a 
> document called "Bylaws" where all governance rules can be found, but 
> Trend Micro has proposed that we pull together all existing and new 
> governance rules into a single set of "Bylaws" and publish them in a 
> public place.  The voting rules for approving an initial set of Bylaws 
> (as well as for approval of all future changes to the Bylaws) would be 
> the same rules as the Forum currently has for approval of all other 
> matters (new standards, etc.), so there would be no change there.
> *COMMENT - Legal Comments to TrendMicro*
> In general the TrendMicro proposal is a possible way forward, but the 
> foundation of a legal entity would be favourable (see above). 
> Currently it is unclear, how the Forum will be internally organized 
> (eg. who is taking notes, who is archiving proposals, organising 
> voting's etc.). According to the TM proposal, only "active members" 
> are allowed to vote. The term "active member" is not defined and could 
> therefore lead to a discrimination of members and lengthy discussion 
> about the validity of a vote.
> *[Trend Micro response]:*Our general comments on the pros and cons of 
> creating the Forum as a legal entity are covered by the response 
> above. Trend Micro is not adamantly opposed to creating a legal 
> entity, we simply think it is not necessary and does not add value 
> (plus it adds potential detriments).  We would also have to select a 
> jurisdiction of incorporation if we incorporate, pay filing fees and 
> for a registered agent, elect corporate officers, etc., which is 
> additional time and expense.  And Forum members would have to consider 
> if they are legally permitted to be members of a US non-profit 
> corporation, for example, if the Forum is organized as a US 
> corporation -- would that mean the non-US member is legally "present" 
> in the US and increase the likelihood that a plaintiff in a lawsuit 
> could establish legal jurisdiction over the non-US member because of 
> Forum membership?
> The term "active member" was defined long ago by Ballot 5 (January 
> 2008), and involves keeping track of the actual participation of 
> nominal Forum members.  Here is how Ballot 5 defines "active members":
> "A ballot result will be considered valid only when more than half of 
> the number of currently active members has participated. _The number 
> of currently active members is the average number of member 
> organizations that have participated in the previous three meetings 
> (both teleconferences and face-to-face meetings_)."
> There is even an online calculator at the Forum wiki to keep track of 
> which members (and how many) are "active members" at any given time -- 
> see the Attendance and Quorum Calculator.
> If a Forum member does not participate for three successive meetings 
> (phone or face to face), it remains a member (and can vote) but is no 
> longer considered an "active members" for quorum purposes until it has 
> participated in three successive meetings.  A quorum for voting 
> purposes today requires only 6 members to vote on a matter (and not 
> all must agree for the matter to pass -- for example, a vote of 4-2 in 
> favor is sufficient to pass a new mandatory standard today), which 
> Trend Micro thinks is too low and should be examined.
> The Trend Micro governance proposal does not change this existing rule 
> considering who is an "active member" but simply incorporates it by 
> reference -- but we would be favorable to proposals for change in the 
> future after the governance structure is decided, as this existing 
> "active members" rule may be too narrow.  All these rules should be 
> incorporated in a new, single set of public Bylaws that everyone can find.
> We would also be favorable to adding provisions to the new Bylaws 
> defining a process by which meeting notes will be taken, documents 
> will be archived and made available to members and the public, etc.
> The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system.
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20120919/2fcb20f4/attachment-0004.html>

More information about the Public mailing list