[personal profile] mjg59
Free software communities don't exist in a vacuum. They're made up of people who are also members of other communities, people who have other interests and engage in other activities. Sometimes these people engage in behaviour outside the community that may be perceived as negatively impacting communities that they're a part of, but most communities have no guidelines for determining whether behaviour outside the community should have any consequences within the community. This post isn't an attempt to provide those guidelines, but aims to provide some things that community leaders should think about when the issue is raised.

Some things to consider

Did the behaviour violate the law?

This seems like an obvious bar, but it turns out to be a pretty bad one. For a start, many things that are common accepted behaviour in various communities may be illegal (eg, reverse engineering work may contravene a strict reading of US copyright law), and taking this to an extreme would result in expelling anyone who's ever broken a speed limit. On the flipside, refusing to act unless someone broke the law is also a bad threshold - much behaviour that communities consider unacceptable may be entirely legal.

There's also the problem of determining whether a law was actually broken. The criminal justice system is (correctly) biased to an extent in favour of the defendant - removing someone's rights in society should require meeting a high burden of proof. However, this is not the threshold that most communities hold themselves to in determining whether to continue permitting an individual to associate with them. An incident that does not result in a finding of criminal guilt (either through an explicit finding or a failure to prosecute the case in the first place) should not be ignored by communities for that reason.

Did the behaviour violate your community norms?

There's plenty of behaviour that may be acceptable within other segments of society but unacceptable within your community (eg, lobbying for the use of proprietary software is considered entirely reasonable in most places, but rather less so at an FSF event). If someone can be trusted to segregate their behaviour appropriately then this may not be a problem, but that's probably not sufficient in all cases. For instance, if someone acts entirely reasonably within your community but engages in lengthy anti-semitic screeds on 4chan, it's legitimate to question whether permitting them to continue being part of your community serves your community's best interests.

Did the behaviour violate the norms of the community in which it occurred?

Of course, the converse is also true - there's behaviour that may be acceptable within your community but unacceptable in another community. It's easy to write off someone acting in a way that contravenes the standards of another community but wouldn't violate your expected behavioural standards - after all, if it wouldn't breach your standards, what grounds do you have for taking action?

But you need to consider that if someone consciously contravenes the behavioural standards of a community they've chosen to participate in, they may be willing to do the same in your community. If pushing boundaries is a frequent trait then it may not be too long until you discover that they're also pushing your boundaries.

Why do you care?

A community's code of conduct can be looked at in two ways - as a list of behaviours that will be punished if they occur, or as a list of behaviours that are unlikely to occur within that community. The former is probably the primary consideration when a community adopts a CoC, but the latter is how many people considering joining a community will think about it.

If your community includes individuals that are known to have engaged in behaviour that would violate your community standards, potential members or contributors may not trust that your CoC will function as adequate protection. A community that contains people known to have engaged in sexual harassment in other settings is unlikely to be seen as hugely welcoming, even if they haven't (as far as you know!) done so within your community. The way your members behave outside your community is going to be seen as saying something about your community, and that needs to be taken into account.

A second (and perhaps less obvious) aspect is that membership of some higher profile communities may be seen as lending general legitimacy to someone, and they may play off that to legitimise behaviour or views that would be seen as abhorrent by the community as a whole. If someone's anti-semitic views (for example) are seen as having more relevance because of their membership of your community, it's reasonable to think about whether keeping them in your community serves the best interests of your community.


I've said things like "considered" or "taken into account" a bunch here, and that's for a good reason - I don't know what the thresholds should be for any of these things, and there doesn't seem to be even a rough consensus in the wider community. We've seen cases in which communities have acted based on behaviour outside their community (eg, Debian removing Jacob Appelbaum after it was revealed that he'd sexually assaulted multiple people), but there's been no real effort to build a meaningful decision making framework around that.

As a result, communities struggle to make consistent decisions. It's unreasonable to expect individual communities to solve these problems on their own, but that doesn't mean we can ignore them. It's time to start coming up with a real set of best practices.
Page 1 of 3 << [1] [2] [3] >>
From: (Anonymous)
From your tweet: https://twitter.com/i/web/status/943785841910042624

> Good morning I am jetlagged and spent the morning writing a post on things a community may want to consider when deciding whether to discipline members for behaviour outside the community

"Discipline"? "Members"? What kind of "community" are you talking about?

The problems mentioned are real, and they happen in *society,* not in "communities." That's where we have to fix them. And it's not because some groups are being ghettoized out of society that it's a good idea for them to develop their own (illegitimate, not to mention badly amateurish) notion of justice.
fluffymormegil: @ (Default)
From: [personal profile] fluffymormegil
"Society" and "community" are emergent effects of the interaction between people. If we want society to be ordered in a certain way, it behooves us - while we're straining to steer the juggernaut - to strive to order our own communities in a way compatible with our vision of how society should be ordered.

For example, if one wishes for unrepentant serial sexual harassers to be ostracized by wider society, then in the first instance one should seek to have unrepentant serial sexual harassers ostracized by the communities one is part of.
From: (Anonymous)
Many of the people who *work* (as you rightly pointed out) in those "communities" may not be there of their own volition, but may have been pressured to join various workflows and/or events because of their occupation.

As such, the idea that there would be a "shared set of behavioural expectations" which is somehow distinct from society is problematic. I believe this is an aspect which merits a bit more consideration of your part.

You should, at the very least, properly define what "community" and "membership" means. (E.g., being a "Debian developer" is a clear thing, and Debian is very disciplined about who holds which powers. This has a huge cost—much higher than "just adopting a CoC"—but also builds legitimacy.)

Your tweet was advocating "disciplining" members. (Your post, at least, is a bit tamer.) That word in particular is why I am reacting to your write-up; I think there is enough authoritarian talk around without you adding to it.

I know of only one case where we accept that people be involuntarily placed under the authority of a system which can discipline them, and that's citizenship. Everything else must be a *contract*, and fully voluntary—or the authority is fundamentally illegitimate.

(Note that I fully support reporting "cases" to judicial authorities, and finding ways of improving the judiciary. I fully agree that police forces must be fully held accountable for their use of their vested authority. I am also happy when the likes of Weinstein are forced to reconsider their position by a lucky turn of events—but we must still consider that a temporary fix rather than an "independent justice which works.")

Talking about "community" is too broad

Date: 2017-12-21 12:34 pm (UTC)
From: [identity profile] m50d.wordpress.com
Kicking someone out of a private club or dinner party is a small sanction. But removing someone from a software community could easily mean destroying their livelihood. It's not at the level of a criminal conviction, but we could compare it to a doctor being struck off or a lawyer being disbarred - things that rightly require an extensive formal process with significant protections for the accused.

All too often, we equivocate between treating online communities as private parties or as quasipublic institutions. Compounding the problem, a given software community can very quickly grow from the former into the latter. I don't have a good answer, but it's another thing to consider; I don't think we'll be able to come up with a single set of guidelines that's applicable to both small and large communities, and we need to think about what happens as a community shifts from one to the other.

Date: 2017-12-21 12:37 pm (UTC)
From: (Anonymous)
"It was revealed that he'd sexually assaulted multiple people"

You forgot an "allegedly", I will just link Jacob words http://www.twitlonger.com/show/n_1soorlp so every reader can make up his or her own mind.

To be frank I am always puzzled when coders act like they have the skills and technical background to act as a lawyer/philosopher/ethicist: we wouldn't let a footballer do the job of a math teacher or viceversa.

From: (Anonymous)
Matthew was talking about "disciplining" on Twitter, which is a clear appeal to rely on authority.

As private individuals, you and Matthew have a right to order your home, family, as well as the private events you organize. You may also have a right to order some ventures in which you have vested your responsibility (depending on the relevant laws).

Before you tell me that it behooves you to "strive to order our own communities," you will have to elaborate on which "communities" you are talking about, and what makes them your "own." The only (and, as you pointed out, emergent) community which is your own is the nation/entity of which you are a citizen. And democracy (if you are lucky) is what defines your legal (if not legitimate) interactions with it.

Date: 2017-12-21 12:50 pm (UTC)
From: (Anonymous)
Thinking about the ethical, legal and organisational dimensions of your work is part of being a professional.

- David Adam
From: (Anonymous)
Just to make clear we are on the same page: I agree with your first §, with the exception of its last sentence.

The reason is that when you write:

> a set of people that's drawn

you are not specifying *why* they are drawn. Yet you call the result a "community," and avoid putting a clear definition on that word.

You then switch to discussing "leadership," if not punitive measures for not aligning with the leadership. What I'm asking you to consider is the societal effects by which some people may be "drawn" to "communities" despite them not wanting to submit to such a "leadership."

> As far as discipline goes - you have no right to be part of a community.

I still don't know what a "community" is, but if it is a random set of people which have been "drawn," you are now saying that they have to avoid being drawn if they do not submit to certain values. We're not just talking about an innocent party, here; in effect, you are "privatizing" some parts of society some people may be relying on for their livelihood.

(Note, once more, that I'm not talking about a specific event organized by private parties, but rather about the mythical "communities" you are talking about. And I'm not contesting that such actions may have positive effects; I'm just pointing out the other side of the equation and asking you to factor it into the cost.)

Re: Talking about "community" is too broad

Date: 2017-12-21 03:08 pm (UTC)
altamira16: A sailboat on the water at dawn or dusk (Default)
From: [personal profile] altamira16
People have had their livelihoods destroyed over their bad behavior. For example, if you are an accountant and steal money from your clients and get caught, your livelihood will rightfully be destroyed. You will probably never get to work in that field again.

I like how people are drawing connections between software communities and society. Some of the things happening are not limited to software. They are patterns repeated over and over when people decide that their community is some unique and exceptional place that does not have to follow societal norms.

For example, the Catholic church was going to deal with its pedophiles on its own. The Society of Creative Anachronisms was also going to deal with its pedophiles on its own. We can draw a pretty clear line of not putting pedophiles in positions where they come in contact with many children. In most places, every one who works with children in a public setting has to undergo a background check and get fingerprinted. If you volunteer to work with children, you do this.

In general, I don't care about your hobbies, but you can't be an outspoken leader in one field associated with your livelihood and also an outspoken leader in an area that undermines your respectability. For example, in the US, teachers are typically driven out of the field if they have ever worked in porn. (I think that it is a little unfair for teachers being the only people who pay a price in this situation. The students who are being disruptive and watching porn and telling all their classmates about it should face some consequences.)
From: (Anonymous)
Tsk, tsk, Matthew—that was *my* example, just above. The reason I picked it is because they are, indeed, an extremely well organized group of people—which gives them some legitimacy. (Not that it prevented Appelbaum from joining.)

So: are you now saying that: a) what you call a "community" is a group of people who are as organized as Debian, at the high cost that Debian is paying for that organizational overhead? With a constitution, elections, social contract, sponsoring, and very rigid set of processes for delegating power?

Or are you saying that b) every "set of people that's drawn" should, somehow, be forced to organize themselves (and pay the same price) as the Debian developers; that it is objectionable for random sets of souls to see themselves drawn to common interests without systematically erecting such rigid structures?

(Because you still haven't defined "community"—just given a single example, and an extreme one at that. You know very well that Debian is "unpopular" enough that very few people end up with the professional obligation of subscribing to the aforementioned contracts, and that Debian is perfectly usable professionally without joining any of the activities & conferences organized by the project.)

I see the advantages of a) when applied on a small scale, but I don't believe you can "scale it up" significantly within society without triggering serious back-pressure, as that would be inflating "bubbles" of inaccessibility to non-subscribers. This will only exacerbate tensions between an (increasingly official) ingroup, and the outgroup which opposes the contract—whichever their reasons may be.

b) is lunacy, unless you want to get rid of freedom of assembly.

And if you mean "somewhere in between"—which is not the example you have given—I would encourage you to at least somewhat clarify what the legal framework of what you are calling "community" and "membership" would be.

I am fine with you pointing out abhorrent behaviors, particularly when serial and unrepentant. But you are now writing essays about organizing & generalizing "punishing," "disciplining," etc. in "communities," and that is not okay—particularly when there is not a whim of a legal framework to back it up.

Interesting, but incomplete picture…

Date: 2017-12-21 03:30 pm (UTC)
From: (Anonymous)
As others have already noted; there is little context in your post, so this comment is more about general community behavior that I have observed.

There are some people who find it acceptable to silence a necessary community discussion by using the code of conduct as a means to avoid the discussion all together. Any passionate argument that might threaten the public opinion of a community or an individual member could easily be turned into a violation of the CoC and misdirected as a (personal) insult, regardless if it was well intended. Many of these community shepherds argue for stronger CoC when it comes to respectful interaction with each other, while at the same time feeling totally in their right to denigrate and publicly insult others as long as they do it on their personal social media accounts. In their opinion, the community Code of Conduct does not apply on the personal accounts because that would be censorship. Usually it goes something like: the other party obviously is a terrible person or has bad intentions and therefor any interaction with this person should be avoided and publicly ridiculed. If there is anything more toxic to a community it is this immature, hypocritical and polarizing behavior. Sadly very few people seem to want to draw attention to themselves by scrutinizing this kind of behavior, worst case they just become cheerleaders.

When it comes to individuals being able to separate business and community interests and have a sense of integrity, I usually picture the person in my mind with a giant sticker on their forehead that says “Includes paid promotion”. Than I try to figure out based on there actions in reality if that picture makes sense. For example in your case; constantly preaching how some companies are immoral or unethical while remaining mum when it involves your own employer is kinda silly.

Re: Talking about "community" is too broad

Date: 2017-12-21 03:35 pm (UTC)
From: (Anonymous)
> if you are an accountant and steal money from your clients and get caught, your livelihood will rightfully be destroyed.

"Rightfully"? According to whom?

(You are likely to undergo imprisonment, or at least be sentenced, but this is about punishing the crime, not destroying the livelihood. Destroying an otherwise legal livelihood is, in itself, always is a bad idea, as you are then forcing the perpetrator to find another way to survive without taking advantage of their knowledge. Proportionality, please.)

More generally: none of this is limited to software, nor is it limited to "communities." It's about organizing a decent society to live in—without, hopefully, fragmenting it in various subgroups which consider themselves more virtuous or righteous than other citizens, because that cannot possibly end well.
From: (Anonymous)
You keep focusing on Debian, which, as we have both established, already has a well-developed framework.

Moreover, most of the computing world barely interacts with Debian using that framework; they just download packages anonymously without submitting themselves to any CoC or other contract. And when Ubuntu showed up with a bit of extra makeup, they jumped ship to get their dose of prepackaged proprietary drivers. Most of society is, in effect, free to ignore their rules.

So even if their extremely developed guidelines work well enough for the tiny Debian ingroup (nevermind Appelbaum joining), I don't think you should expect such "private" rules to scale to larger subsets of the population without experiencing serious backlash.

Tension will rise with the number of people who are impacted by illegitimate rules and do not want to subscribe to the ideology. At one point, "no need for any kind of formal legal framework" is not a serious proposition, as the rules become indistinguishable from discrimination. As another commenter puts it:

> All too often, we equivocate between treating online communities as private parties or as quasipublic institutions. Compounding the problem, a given software community can very quickly grow from the former into the latter.

Repeating myself: you are writing essays legitimizing extralegal punishment and banishment from groups which are growing (and growing intensely) within society.

While I sympathize with your original goals, I am wary of side effects which you seem to be gleefully willing to ignore ("no need for any kind of formal legal framework for this - any group of people are free to impose requirements on others who wish to join that group," really? At which scale?), and, frankly, would encourage you to be a bit more thoughtful and restrained when using authoritarian vocabulary.

Date: 2017-12-21 08:53 pm (UTC)
From: (Anonymous)
The high-profile German magazine "Die Zeit" did a heavy investigative reporting piece on that, and concluded, that the allegations are just that.

This, again, shows your usual bias: you just want to believe these stories, because they fit your narrative (which I assume is your narrative, because you actually narrate on a regular basis on this blog).
For that you ignore any evidence, and any legal standard that exists in all modern democracies - for good reason.

That said, Applebaum might have raped someone, I don't know. But I'm not ready to be the judge in absence of any evidence. The vigilant-justice that happened to Applebaum is just as despicable as the crime he might have committed.

I'm not even sure why I write this, since I know your reaction already, and neither know Applebaum, nor the communities he used to be part of.
I guess I'm just disillusioned by the willingness of someone who's work I respect and who's promoting the view that being the judge without any process is a good thing.

Re: Interesting, but incomplete picture…

Date: 2017-12-22 02:08 am (UTC)
tim: Tim with short hair, smiling, wearing a black jacket over a white T-shirt (Default)
From: [personal profile] tim
There are some people who find it acceptable to silence a necessary community discussion by using the code of conduct as a means to avoid the discussion all together.

Can you give an example of a specific situation when this has happened?
From: (Anonymous)

You are of course correct that doctors, lawyers, and other protected professions have to submit themselves to (somewhat) extralegal mechanisms.

Which brings me back to the earlier question you seemingly keep avoiding: how do you define "community" and "membership"? Is a community a) something which is as organized as Debian; or b) any group, and they cannot be left loose. Or is it "something in-between," which you will undoubtedly define?

When I picked up Debian as an extreme example of a "community," and mentioned the high costs (and low participation) it engenders, I did not foresee that your next move would be to pick something even more extreme.

The bar, AMA, etc. are professional associations. They exist, and are tolerated by the legislature, 1/ for historical reasons (if not intense lobbying), and 2/ because they are very careful not to do anything which may be considered amateurish. They operate at great expense (membership fees are all but trivial), within well-defined frameworks which are supervised by the rest of society, and with rules which change at a glacial pace.

Moreover, the first things one learns when first considering such a domain of activity is that: the occupation is protected; the state delegates some of its monopoly to a single association (usually); the association is handled and supervised by responsible professionals which are deeply invested; a member can be hurt by the association, and its judgment may be, in effect, final; the rules won't change randomly or quickly; being invested—professionally and financially—in that association will grant one some special and serious privileges.

I don't suppose what you call a "community" is a group of people which has made the conscious choice of submitting themselves, "for life," to the authority and fees of a professional association, in exchange for a monopoly in the domain and some serious privileges?

(Note that I am *not* saying that ours should *not* become a protected profession with mandatory membership into such an association; that is an entirely different question.)

> Participation in Ubuntu is contingent on adhering to the Ubuntu Code of Conduct.

Ubuntu is the exclusive property of a private company; the rules are written and checked by lawyers, which are themselves financed by private funds. Those lawyers will advise Canonical to rest on firm legal grounds for anything nontrivial. Those are essentially part of Canonical's "Terms of Service."

I don't suppose such a private organization is what you call a "community"?

(Moreover, I am pretty sure that you will find that any "participation" in Ubuntu whose magnitude exceeds occasional drive-by patches delivered by amateurs which could be coerced to sign the CLA is governed by an ad hoc contract undersigned by at least two legal persons.

Canonical may try and negotiate adherence to the CoC as a clause—which they probably do, and which I would undoubtedly do in such a situation—but enforcement of that clause, and "punishment," is backed by "contract law" and the judicial system.)

You have been vocal about Ubuntu's CLA in the past. Participation in Ubuntu is contingent on entering into a legal contract with Canonical; this is not by chance.

Is a "community" something you enter into a legal contract with?


P.-S. — "CoC"s are flourishing right now. I recently heard of two big French companies which include "CoC"s as clauses in the contracts they force on their small suppliers.

While I recognize the positive effects this may have, I don't think that relegating "basic decency" to ad hoc contracts drafted by powerful entities is how you achieve social justice; I see it as a symptom of society breaking up rather than a "win."

I would rather try and advance our "enlightened" society, backed by a democratic state and separated powers, than move towards a medieval landscape where protection and "justice" is assured by the "Lord" of some "community."

Re: Talking about "community" is too broad

Date: 2017-12-22 09:52 am (UTC)
From: [identity profile] m50d.wordpress.com
> People have had their livelihoods destroyed over their bad behavior. For example, if you are an accountant and steal money from your clients and get caught, your livelihood will rightfully be destroyed. You will probably never get to work in that field again.

Sure. But there'll be a legal or quasilegal process with evidentiary standards, a right of response and so on, not just a couple of people's say-so. We should be very careful about imposing heavy consequences without correspondingly stringent safeguards.
Page 1 of 3 << [1] [2] [3] >>


Matthew Garrett

About Matthew

Power management, mobile and firmware developer on Linux. Security developer at Google. Ex-biologist. @mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer.

Page Summary

Expand Cut Tags

No cut tags