[personal profile] mjg59
Free software communities don't exist in a vacuum. They're made up of people who are also members of other communities, people who have other interests and engage in other activities. Sometimes these people engage in behaviour outside the community that may be perceived as negatively impacting communities that they're a part of, but most communities have no guidelines for determining whether behaviour outside the community should have any consequences within the community. This post isn't an attempt to provide those guidelines, but aims to provide some things that community leaders should think about when the issue is raised.

Some things to consider

Did the behaviour violate the law?

This seems like an obvious bar, but it turns out to be a pretty bad one. For a start, many things that are common accepted behaviour in various communities may be illegal (eg, reverse engineering work may contravene a strict reading of US copyright law), and taking this to an extreme would result in expelling anyone who's ever broken a speed limit. On the flipside, refusing to act unless someone broke the law is also a bad threshold - much behaviour that communities consider unacceptable may be entirely legal.

There's also the problem of determining whether a law was actually broken. The criminal justice system is (correctly) biased to an extent in favour of the defendant - removing someone's rights in society should require meeting a high burden of proof. However, this is not the threshold that most communities hold themselves to in determining whether to continue permitting an individual to associate with them. An incident that does not result in a finding of criminal guilt (either through an explicit finding or a failure to prosecute the case in the first place) should not be ignored by communities for that reason.

Did the behaviour violate your community norms?

There's plenty of behaviour that may be acceptable within other segments of society but unacceptable within your community (eg, lobbying for the use of proprietary software is considered entirely reasonable in most places, but rather less so at an FSF event). If someone can be trusted to segregate their behaviour appropriately then this may not be a problem, but that's probably not sufficient in all cases. For instance, if someone acts entirely reasonably within your community but engages in lengthy anti-semitic screeds on 4chan, it's legitimate to question whether permitting them to continue being part of your community serves your community's best interests.

Did the behaviour violate the norms of the community in which it occurred?

Of course, the converse is also true - there's behaviour that may be acceptable within your community but unacceptable in another community. It's easy to write off someone acting in a way that contravenes the standards of another community but wouldn't violate your expected behavioural standards - after all, if it wouldn't breach your standards, what grounds do you have for taking action?

But you need to consider that if someone consciously contravenes the behavioural standards of a community they've chosen to participate in, they may be willing to do the same in your community. If pushing boundaries is a frequent trait then it may not be too long until you discover that they're also pushing your boundaries.

Why do you care?

A community's code of conduct can be looked at in two ways - as a list of behaviours that will be punished if they occur, or as a list of behaviours that are unlikely to occur within that community. The former is probably the primary consideration when a community adopts a CoC, but the latter is how many people considering joining a community will think about it.

If your community includes individuals that are known to have engaged in behaviour that would violate your community standards, potential members or contributors may not trust that your CoC will function as adequate protection. A community that contains people known to have engaged in sexual harassment in other settings is unlikely to be seen as hugely welcoming, even if they haven't (as far as you know!) done so within your community. The way your members behave outside your community is going to be seen as saying something about your community, and that needs to be taken into account.

A second (and perhaps less obvious) aspect is that membership of some higher profile communities may be seen as lending general legitimacy to someone, and they may play off that to legitimise behaviour or views that would be seen as abhorrent by the community as a whole. If someone's anti-semitic views (for example) are seen as having more relevance because of their membership of your community, it's reasonable to think about whether keeping them in your community serves the best interests of your community.


I've said things like "considered" or "taken into account" a bunch here, and that's for a good reason - I don't know what the thresholds should be for any of these things, and there doesn't seem to be even a rough consensus in the wider community. We've seen cases in which communities have acted based on behaviour outside their community (eg, Debian removing Jacob Appelbaum after it was revealed that he'd sexually assaulted multiple people), but there's been no real effort to build a meaningful decision making framework around that.

As a result, communities struggle to make consistent decisions. It's unreasonable to expect individual communities to solve these problems on their own, but that doesn't mean we can ignore them. It's time to start coming up with a real set of best practices.
From: (Anonymous)
So I'm trying to convey how I believe that our society slides into authoritarianism; that any authority ought to be legitimized; that growing "communities" (or orthodoxies) cause pressure for the outgroup, and eventually resistance; that such groups, particularly when they focus on the "protection of their own" rather than collaborating with wider society, are antithetical to freedom, equality, and are medieval in nature; that people will only submit to organizations if they are unconscious, desperate or can enter into a "contract" which they consider equitable. I'm saying that all of those are deep and difficult sociological issues which cannot be "solved" by naive technical means.

You tell me that legal persons (or even fuzzier "communities") ought to be allowed to manage their private property, independently of their size; that legal frameworks are superfluous, seemingly ignoring the purpose of legal frameworks; you mention highly controversial, historical professional associations and tell me that they are, indeed, powerful—seemingly ignoring that they are only tolerated because they work very hard and pay a humongous price to appear somewhat legitimate; that it's okay if some people's livelihoods are destroyed by extralegal means, while rejecting all concerns wrt. scale, proportionality, or temporality.

You tell me that Canonical will let you exercise their mailing lists and IRC server without signing a formal contract, as if that meant "participating in Ubuntu" in any meaningful sense of the phrase. (Nevermind that it is true only for historical technical reasons; that people are pushing for mailing lists and IRC to be considered obsolete; and that the first thing you see on "modern" "forums" is a subscription box with what amounts to "terms of service.")

I do not find this to be a very productive discussion. Worse: it does nothing to reassure me that you are not a (possibly witless) crypto-authoritarian, which is what I was trying to clarify.

I would happily consider corrections to any misrepresentations I may have caused, but have a sinking feeling that you will keep pointing out manifestly irrelevant (if not blatantly wrong) points to avoid specifying which "communities" and "membership" you think "leadership" should unquestionably have authority over, and explaining why you believe that the rest of society will bend to your edicts as you keep making them louder and louder.
From: (Anonymous)
I'm honestly not sure this is worth our time at this point, but let me try once more:

> 1) I am free to choose to refuse to associate with any individual for almost any reason, even if they rely on me professionally. There are no circumstances under which I may be compelled to associate with zombie Hitler, even if zombie Hitler has caused no direct harm to me.

This is true, to the extent that you are not bound by a contract. It is also wholly irrelevant, because we are not discussing whom *you* are choosing to associate with. Quoting myself, what we are discussing is your:

>> writing essays legitimizing extralegal punishment and banishment from groups which are growing (and growing intensely) within society.

which you fully assumed in replies.

You are working hard to weaponize "communities"—or, rather, their "leadership"; furthermore, you are claiming that rescinding the "membership" of people who sometimes have been invested in "communities" for decades, without any clear breach of contract, a clear way of seeing it coming, or a clear way to adapt to new rules without negating beliefs which they did not hold as controversial, is no big deal.

It is a fricking big deal.

(I just came across that Drupal/Garfield affair, following another tweet of yours. I now suppose that this is what prompted your essay, and my!—what a clusterf*ck. Is that the event which you punctuate by "The lesson is that Drupal considered these issues and made an appropriate decision"?)

> 2) Canonical are free to choose to refuse to provide any services to any individual for almost any reason, even if they rely on Canonical professionally. There are no circumstances under which Canonical are obliged to provide service to zombie Hitler, even if zombie Hitler has caused no direct harm to them.

This is true, to the extent that they are not bound by a contract, and that it does not fall under the purview of discrimination or some other law. (Which is not something either of us is qualified, and even less mandated, to decide.)

It is also wholly irrelevant; the only reason Ubuntu was brought into this was my pointing out that the number of people who have to submit themselves to various Debian social contracts is, in effect, negligible; that, consequently, resistance is minimal and thus the case largely unproblematic.

Moreover, Canonical, as a decently-sized corporation, is already weaponized with lawyers, and subject to the legal systems of the jurisdictions in which they operate; it would be silly to believe that they are going to be swayed by your essays—besides perhaps when reusing words such as "community" and "CoC" for propaganda purposes.

Quoting myself,

>> people will only submit to organizations if they are unconscious, desperate or can enter into a "contract" which they consider equitable.

If you invest in the Ubuntu "community" without an equitable contract, you are being played by Canonical. Sure, use their mailing list and IRC server with moderation all you want—seriously, could you have picked a more ridiculous example?—but you also better figure out what your move is going to be when the music stops.

> 3) Zombie Hitler is a deliberately hyperbolic and unrealistic example, and most decisions would not be as easy. Having a clear set of guidelines regarding the circumstances under which a body of people will choose to either no longer associate with an individual or make their association conditional is better than not having a clear set of guidelines.

You could have spared us the Godwin material, but my point is precisely that you are *refusing* to clarify the boundaries within which such "guidelines" (actually, by your own admission, unappealable summary decisions which can easily threaten the livelihood of others) apply. You even brushed off the idea that legal frameworks may be of use. This as "clear" as it is medieval.

Your initial intentions may have been good, but as of today, you are publishing fuzzy essays full of fuzzy words which try to justify the "disciplining" of others for "reasons" which are not even covered by the relevant CoCs (if I correctly understand your position wrt. Drupal); writing righteous-sounding and arrogant "threads" such as this one:


("appropriate"? According to whom?); and seemingly confounding a "fan club" of vigilantes with actual legitimacy. Not only do I find it all pretty unsavory, I seriously doubt that that brand of lynching can spiral down much further without causing serious damage, with serious repercussions, for increasingly large subsets of society.

> It sounds like you're arguing that it's wrong for people to be able to choose who they decline to associate with, which doesn't sound like an argument for liberty.

I certainly am not making an argument for unbridled liberty! Conversely, neither am I arguing that it's wrong or problematic for *individuals*, or small, inconsequential groups, to be able to choose who they decline to associate with.

I have tried to make it clear that my argument was about the relationship between legitimate authority and scale. I even wrote:

>> At some point, society is going to try to turn your private "community" into "commons," or at least into some kind of regimented association. This often entails domain-specific regulation, but also, potententially, nationalization or outright breakup. You may fight it, succeed for a while, and ultimately negotiate a comfortable position for yourself—but inalienable private property, no matter its impact, only exists in libertarian fantasies.

You may order your home. You will, perhaps, be allowed to order your circle of friends. But if you think that your self-proclaimed righteousness enables you to order arbitrary and emergent "communities"; to strike other members with impunity, no matter their history with that "community," you are in for a bad surprise. And I hope that you don't believe that persuading armies of naive vigilantes to act "in your name" instead absolves you from any responsibility.

So. You see? I don't disagree with any of the points above, because they are strawmen. Assuming that those were not erected deliberately, I would encourage you, once more, to avoid "hyperbolic and unrealistic example"s, and to rather focus on the fact that group dynamics are not O(1), that side-effects exist, and that encouraging the "punishment" and "banishment" of strangers outside of a legal context is not a mission society has entrusted you with.

(Not that I care much; I'm unlikely to end up in your path of destruction. I'm just warning you, and preempting any excuses, when you find that things turn even sourer in some of the "communities" which have "benefited" from your consulting.)
From: (Anonymous)
Zombie Hitler does not exist, Matthew. Grow up.
From: (Anonymous)
> Under what circumstances should the community surrounding an open source project be obliged to associate with Jacob Appelbaum?

Well. At least we're making *some* progress…

But: do you mean *before* of *after* you have expanded years of efforts plastering posters picturing him as the devil incarnate all over town?

Because that makes it a tad more difficult to come to a resolution which is acceptable to everybody, doesn't it, Matthew?

In any case, when I suggest that you should stop pretending to be a judge (if not judge and party; I don't know the details!) in some kind of secret court where only "professionals" have access to evidence (cf. your recent tweets), it's not because I want to fill those shoes! We both are incompetent.

Anyway: the "community surrounding an open source project" is not a jurisdiction; it's just a subset of society which has been drawn along some accidental fault lines. Please stop pretending that you are able to discern characteristics which make it so special that it needs its own notion of justice and tribunals—doubly so when the latter are patterned on a Monty Pythonesque vision of the middle ages.

We can rephrase your question:

>> Under what circumstances should *a group of friends* be obliged to associate with Jacob Appelbaum?

The answer is pretty clear: never, why would they be? Now, replace "a group of friends" with "the village." With "the city." With "the world." Or you can go in another dimension: "An employer"? "A customer"?

What is the reach of your posters, Matthew? Are you going to be the "judge" in all these cases? What makes you believe that you are somehow qualified, and that your endless "burn her!" and "MASA!" cries are unquestionably good for society?

Worse, still: your latest post was not about Jacob Applebaum, was it? So am I correct assuming that you (and your secret tribunal) are fighting a new "Zombie Hitler"—to take your idiotic, but revealing, example—and that you have taken it upon yourself to crush it at all costs?


P.-S. — If I understand correctly, Applebaum still hasn't been convicted of anything?! I had mistakenly assumed—partly because of your megaphone—that some things had been proven, and that conviction was on its way… but that doesn't seem to be the case at all!

So not only are your constant character assassination efforts distasteful, they don't rest on anything tangible besides the personal experience of a small group. I'm sorry for those who consider themselves as victims, but please stop misrepresenting the universal recognition of the deeds!

In general, please stop relentlessly mounting kafkaesque, inescapable, intemporal "devices" to lock up the monster-of-the-week, Matthew. You're watching too much TV. You're not "Judge Dredd" + "Ghostbusters," all in one hero. And there is no "Zombie Hitler"—only other humans.
From: (Anonymous)
> for the groups that are at the "it's reasonable to do this" end of the spectrum

According to whom?
From: (Anonymous)
Not at all—that was just the first question.

> So there's a spectrum, and somewhere along that spectrum there's a threshold where we flip from it being reasonable for a group to ostracise somebody based on their behaviour outside that group to the consequences of said ostracism being so severe that it should only be possible based on a meaningful legal process.

as if it were a unidimensional spectrum. It most definitely isn't.

Even if it were, why would "spectrum" imply that there must be a single threshold, where everybody "flips"?

Even if it were, what makes you believe that everybody who hasn't "flipped" yet is going to find an universal "decision making process" agreeable?

(And even if all of these things were true, which they obviously aren't, what makes you believe that that mythical "consistent" view should be focused on "disciplining," rather than minimizing friction and damage?)

P.-S. — Case in point:


Again: "appropriate"… according to whom?
From: (Anonymous)
Yes; there is evidently a core on which we agree. (I am not here for trolling, and appreciate you tolerating my "pushing." Oh—while I'm at it: agreeing does not imply "right.")

I have nothing against you contributing approaches to mediation.

One reason I have not answered this earlier question of yours as is, is because it is a fallacy (not implying intent, but bias):

> Is it better for every group to make entirely ad-hoc decisions, or is it better for there to be some degree of consistency?

No group makes "entirely ad-hoc" decisions. There is always "some degree of consistency," if only because the "leader" (there is often one; sometimes referred to as "dictator"—WTF?) has limited power to make themselves respected in the face of (real or perceived) unfairness.

This is why I kept asking you to define "community," "membership," etc.; we cannot possibly ourselves be consistent if we don't consider the solidity of the pillars of our reasoning—which is particularly negligent if we are discussing any kind of punitive measure.

To circle back to my original point: I am not questioning your motivations, only the method and vocabulary—and pointing out that you may be severely underestimating collateral damage. Some of the words you have been using can easily be interpreted as an attack by those who do not hold your views. In which case: congratulations—you now have two problems!

I hope that I, and perhaps some others, will still be able to enjoy your constructive insights without feeling like we are being drawn to totalitarian talk. And whether you mean those words or not does not matter as much as whether you project them; propaganda works.

Cheers, -D

P.-S. — There is still the largely-but-not-quite unrelated TPM subject: as briefly mentioned, I highly question your seemingly unrestrained enthusiasm and advocacy for the current crop of "solutions."

I do not wish to debate it here and now, but I believe the second- and higher-order effects of these systems is something which merits deep consideration, and hope to one day find an opportunity to express my concerns—preferably not prompted by an outrageous tweet!


Matthew Garrett

About Matthew

Power management, mobile and firmware developer on Linux. Security developer at Google. Ex-biologist. @mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer.

Expand Cut Tags

No cut tags