Code of Conduct, creation and collaboration

Fair enough. This sounds like a large philosophical debate and not something that can be codified into the SD CoC in a meaningful way, so for now we can “ignore” this.

I have blown away the existing edits I made and am going to start again by adding pieces that are more manageable for debate.

First PR is the preamble taken from the bits Emmanuel wrote in the original PR. If this doesn’t receive any feedback in the 3 days, I’m going to consider it good enough to merge.

Of course we can always reopen the debate, but I want to set a deadline for initial comments so we can make sure pieces at least slowly make it in to the CoC.

2 Likes

@heartsucker Thanks for driving this forward! The preamble you posted is an excellent start. We have much more work to do, and the discussion above provides several strong examples to inform next steps. Let’s continue to poke for frequent review, e.g. reminding others in Gitter about proposed changes, so we can maintain motion on this front.

1 Like

A note on horizontal organizing and enforcement: enforcement does not need to involve centralization. A horizontally organized community comes to consensus on what behaviors are and are not acceptable, the community agrees that people with problematic behaviors should be expelled (not all behaviors of course result in this action, a gentle course correction are likely sufficient for minor issues) and how this will happen. This can all be done via consensus (it just involves some very long meetings :wink:).

If the community can’t ask someone to leave if they’re being abusive, then I think we wouldn’t be doing enough protect victims.

Agreed :+1:

Members of the community, including the point of contact, can certainly ask someone to leave, if and when all other attempts to preserve a civilized conversation and a safe environment failed. And it is possible the person will refuse because there is no central authority.

For example, in this situation, if as a community we decided that someone’s behavior was so problematic that they should leave, then we would politely ask them to leave, and then kick/ban them from all community spaces if they do not do that. If it sounds harsh to anyone, I would remind you that keeping toxic and very problematic people in one’s community is far, far worse.

3 Likes

@redshiftzero +1 to your comment below.

A horizontally organized community comes to consensus on what behaviors are and are not acceptable, the community agrees that people with problematic behaviors should be expelled (not all behaviors of course result in this action, a gentle course correction are likely sufficient for minor issues) and how this will happen.

First, I want to clarify that just because you are horizontally organized does not absolve the greater community from their responsibility from enforcing the CoC. In fact, I would argue that a horizontally organized community has a greater responsibility to enforce a CoC than a hierarchical organization. If a community says we all wish to be horizontal then we all have a responsibility to make sure everyone in that community feels welcome. If the community can not do this, then “horizontalism” just re-creates a situation where a people who is truly toxic is allowed to continue bad behavior without consequences.

3 Likes

Regarding the content of the Code of Conduct, although my preference still is that we reuse the OpenStack Code of Conduct, I’m happy with whatever is agreeable to people actively working on that and I’m grateful that @heartsucker is driving this.

As long as it is short enough so people can actually read it and simple enough so people can actually understand what it stands for, I think it will serve its purpose.

We cannot forsee all use cases, nor can we predict how to push a toxic person out but I’m sure we will find ways to do that collectively as @bmeson so eloquently puts it or by various other means as suggested by @redshiftzero, including lenghty discussions. My hope is that toxic people will keep away from our community because it is abundantly clear they will not prosper.

1 Like

I have opened another PR for the CoC’s summary. Like last time, if no one comments for 3 days, I’m going to consider this good to merge.

Also, for ease, I’m going to just paste the text here.

This is just the summary. Specific good/bad behavior will be added in later sections.

Summary

The SecureDrop community should be a place where people feel safe and welcome. They should enjoy participating in discussions and contributing. To these ends, members of the community should:

  • Be friendly and patient
  • Be welcoming, considerate, and respectful
  • Be careful in the words they choose
  • Listen to each other, and communicate openly and honestly

Members of the community should not:

  • Intimidate, harass, or insult each other
  • Follow the letter of this Code of Conduct while disregarding its spirit

Members of the community should not hesitate to contact the Community Council if they feel someone has violated this Code of Conduct, or if they have questions or concerns.

1 Like

Thanks for moving this forward @heartsucker. I do like the preamble so far.

1 Like

+1 @redshiftzero. In my opinion, the very most important aspect of a CoC is the ability to ban toxic people from the community.

Tor Project used to be an incredibly toxic, unwelcome, and, for many women, dangerous community to participate in. A group of whistleblowers put a massive amount of work into banning Jake and his apologists from the community. It resulted in a complete restructuring of the organization, the resignation of the whole board, the forming of a membership policy, a Community Council that meets every week and members vote them in, and finally a Code of Conduct and Statement of Values. Years later, the community is still dealing with aftermath of Jake (not to mention his victims still get online abuse for speaking out against him), but it’s in a much stronger place now, and it’s no longer dangerous for some people. I think the reason this was (and still is) such a painful process for Tor is because they didn’t have a mechanism to ban Jake.

Tor is also a horizontal community, and they solved the problem by creating a membership policy. Once you have membership, the community can vote or come to consensus on revoking someone’s membership. I’m sure there are other ways to achieve the same result that don’t involve formal membership.

I’m hoping that a strong CoC will make sure that, if abusive people become a part of the SecureDrop community, we’ll have a path forward to deal with them without having to go through what Tor went through.

1 Like

4 posts were split to a new topic: Comparing SecureDrop Community & Tor Community organizations

Enforcing the Code of Conduct is necessary, for all the reasons explained in this thread. And I kept thinking about how we could effectively do that although there is no central authority. I originally suggested that we wait for an actual problem to happen to figure that out. But I’ve been convinced this is not enough and may even be interpreted as an open invitation for abuse. However I still find that including detailed measures (such as banishment) in the CoC itself is problematic because it can be worked around or be inappropriate in some cases.

How about we include a more general promise such as “If at least two CoC point of contact find that a person violates the CoC, they will do what is in their power to resolve the problem”. Examples of such actions can then be added in comments of the CoC . For instance: a person is banned from communication channels or their photo is circulated so they are not allowed in conference rooms, etc. But we do not need to include these examples in the CoC itself.

The worst that can happen is if the person who is in violation also has control over resources that would not allow the CoC point of contact to resolve the problem. For instance if the organizer of an event is the person in violation, they may refuse to step down. In this case the CoC point of contact will have a hard time but will not be powerless. They can publicly state that the SecureDrop Community boycotts the event etc. It would not be reasonable to expect the CoC point of contact is always in a position to resolve all matters with perfect efficiency. But it is reasonable to expect the CoC point of contact will always work to resolve all matters, to the best of their abilities.

What do you think?

I think that level of detail is also unnecessary. I think something general like “the community council decides…” is enough. Maybe we need consensus. Maybe we don’t.

With a horizontal community, I think the only thing we can do is hope that everyone follows the recommendations for sanctions from the CC. Sunlight is the best disinfectant, so if we are public and transparent about decisions, the community will know what events/spaces/people are in support of sanctions and which are not. I a problematic person is allowed at events, it will be made clear who let them there and, and members can self regulate spaces that are following vs. ignoring the CC’s recommendations.

I really don’t see a way around this problem without a central authority, which the community rightly seems to be rejecting.

Also, since @micahflee brought up Tor, I’ve been talking with one of the folks who was working on the CoC there and it seems like what we are proposing is mostly in line with what they do. Given that they were central to one of the biggest abuse/CoC stories in this community in recent years, I’m inclined to say their solutions to address that might carry more weight than communities that haven’t yet faced such circumstances (with the caveat being that I genuinely believe Tor cares about fixing this whereas other groups not so much).

If we have our CC made up of people from the major parts of SD (so let’s say this forum + FPF + UX folks (yes there’s overlap)), I think the CoC will apply to most SD-related spaces for the medium term future. As new groups pop up, we can talk to them about joining the CC or ask them to use the CoC in their spaces.

I’ve taken a stab at the next section, which spells out the items listed in the summary in more detail. I’d appreciate your comments and hope we can keep this moving forward. :slight_smile:

I’ve also filed an issue to suggest that we convert the code to markdown (we can do so once it is complete), for easier readability in contexts where markdown is parsed.

1 Like

Thanks for writing that up. :smiley: I (and @dachary) left a few notes for you.

1 Like

I think @dachary and I have had most of our requests addressed in the PR, and after the one pending change I asked for, if no one’s objected, I’m going to call this one good to merge.

Yeah, we concluded that including a definition of we along the lines of we is a community of individuals regardless of their affiliation to be super clear that organizations are not part of we, just individuals and their own free will :wink:

Added misgendering/deadnaming to the list of unacceptable behaviors. Once this one is merged I’ll prep a small PR for the preamble to clarify the use of “we”.

Merged the above and converted it to markdown. :slight_smile:

I had a conversation recently with one of my coworkers who has recently established a CoC for one of their groups, and they gave me some pointers on how we can shape the language around our CoC in a way that makes it a little more oriented toward growing, developing, and healing a community in the event of a violation compared to what could be more adversarial proceedings.

In short, we should avoid the words abuser, victim, and allegation/accusations and instead opt for the words receiver of harm, causer of harm, and reports of harm.

This suggestion was to prevent the case of chasing down to figure out exactly what happened or to make the debate about whether or not the person who caused the harm is “an abuser.” Maybe they are or maybe they’re not, but the end result is the community needs to figure out how to make the harm stop. That could mean asking the person who caused the harm to leave, or it could mean working with them to prevent that harm from recurring.

Anyway, I bring this up because I started working on the Community Contact, Reporting, and Resolution sections for our CoC. I’m stating this here so people can see a bit where the language came from and why it was chosen.

(This might be a bit different than things I’ve proposed before, but I’ve also been actively researching this since we started working on adding a CoC. So yeah, still learning.)

1 Like

Also as a reminder, we have discussion on this PR discussing the usage of “We” and what it means in the context of the CoC.