Analysis / Culture / Top Stories /

How Anti-Harassment Codes of Conduct Are Changing Tech Culture

28 Sep 2017 2:00am, by

Most companies, conferences, and open source projects today have an anti-harassment code these days. Such codes give a measure of legal protection, and prevent even the appearance of discrimination or misogyny. But do they actually contribute to organizational diversity, as intended? At times, the answer seems a matter of faith. Yet despite flaws, yet these codes do seem to have played a part in raising awareness and defining the issues.

Anti-harassment codes appear to have grown out of more general codes of conduct for behavior. In the first years of the millennium, these general codes were as general as “Be excellent to each other” — a quote from the movie “Bill and Ted’s Excellent Adventure.” However, in a few years, such admonishments grew into more detailed guidelines for people interacting both in-person and online, such as Ubuntu’s Code of Conduct, which in the early days of Ubuntu was generally credited with creating a more civil atmosphere than in Debian, the Linux distribution from which Ubuntu derives.

Much of the credit for implementing anti-harassment codes in particular appears to go to The Ada Initiative, a non-profit to support women in open technology that was active between 2011 and 2015. After Norin Shirley, a friend of the Ada Initiative’s founders, reported being sexually assaulted at ApacheCon, advocating anti-harassment policies became a priority for the organization, which published a model policy.

This model policy included definitions of harassment and emphasized the importance of enforcement. It was adopted by dozens of organizations, sometimes in modified form. Even when policies were not directly influenced by it, they were frequently written in reaction to its perceived deficiencies.

As anti-harassment policies became widespread, a standard rationale started to emerge. This rationale was summarized on the Geek Feminism Wiki, which focuses specifically at conferences. According to the wiki, having a policy…

“…sets expectations for behavior at the conference. Simply having an anti-harassment policy can prevent harassment all by itself. Third, it encourages people to attend who have had bad experiences at other conferences. Finally, it gives conference staff instructions on how to handle harassment quickly, with the minimum amount of disruption or bad press for your conference.”

However, as Valerie Aurora, the co-founder of The Ada Initiative, wrote in a Linux Weekly News piece “The Darkside of Open Source Conferences,” anti-harassment policies were supposed to be only “a first step” in addressing systemic sexism. The extent of this systemic sexism was revealed in the widely-quoted (but no longer available online) FLOSSPOL study published in 2006, showed that, while only 28 percent of those involved in proprietary software were women, in open source, only 1.5 percent were women.

Criticisms and Attacks

This rationale sounds reasonable enough on the surface. However, two issues subsequently emerged. First, the adoption of anti-harassment policies soon became an end in itself. Discussion of larger issues, such as hiring practices, and discrimination in salaries and promotions that the policies were supposed to encourage, have, in many cases, hardly received any additional attention. As a result, the movement to support women in technology often seemed mired in a relative triviality. The problem was not that anti-harassment codes were unimportant, but that they seemed a low priority to be concerned about compared to more immediate workplace issues.

Second — and more importantly — the rationale remains largely supposition. Countless articles have been written about implementing anti-harassment policies and about how to make them more effective, but next to nothing provides evidence that they were effective in the first place. Instead, the effectiveness was assumed, and the assumption was repeated often enough that few ever questioned it.

One of the few exceptions is a detailed study of policies at all levels of American government by the U.S. Equal Employment Opportunity Commission. Under the heading “Survey of Anti-Harassment Policies Reveal Significant Deficiencies,” the study suggested that such policies often fail because of such problems as unclear investigation procedures, the lack of any official to oversee complaints, and reporting only to those in charge — the very people in a position to harass.

Other concerns are raised in critiques of anti-bullying policies, which have also become widespread in the last decade but are discussed more often in the media. For instance, the Hartford Courant suggests that “anti-bullying programs don’t work in part because they address symptoms and not underlying causes.” Expelling bullies may provide a short-term solution in specific situations, but unless the reasons they misbehave are addressed, they are likely to do so again. The same criticisms might be equally applied to anti-harassment policies.

Yet even without these concerns, a strong reaction to anti-harassment policies exist. A vocal minority views the implied critique of technology sub-cultures as a direct assault on shared values. For instance, Eric S. Raymond, the writer of the open source primer The Cathedral and the Bazaar, views the attempt to implement such policies as an assault on the meritocracy of open source. Raymond even went so far as to accuse the Ada Initiative of plotting to seduce male open source leaders and then accuse them of harassment.

The accusation might have had slightly more plausibility if the Ada Initiative had still existed when Raymond made the accusation.

Today, anti-harassment policies threaten to be reduced to a form of what security guru Bruce Schneier calls “security theater.” That is, their existence often seems to provide the illusion that action is being taken, yet actually, do little to promote safety — let alone any long-term goals.

That seems especially true when the policy is not enforced, or when those doing the enforcement are those in a position to harass. For example, rumors of bullying and sexual assault by security celebrity Jacob Applebaum had circulated for years, and complaints were made against him by the board of the Tor project in 2015. Yet he was only removed from the project a year later, after witness after witness came forward with allegations.

Similarly, key contributors Node.js forked that software recently when one member of the Technical Steering Committee repeatedly violated the project’s code of conduct and mocked the entire idea with an article he circulated on Twitter. The fork was just as much about the perceived lack-of-enforcement as it was about the offending individual.

Still, such episodes indicate that anti-harassment policies have achieved one of their goals: clearly defining acceptable behavior. Such behavior is hardly new, yet until recently, nothing was done about them. Although the risk of public shaming is a concern, where anti-harassment policies exist, there is at least a clear statement of expectations that those in positions of authority can be held to.

Just as importantly, anti-harassment policies have likely contributed to making diversity a general concern. GitHub, for example, which engineer Julia Ann Horvath left in 2014 alleging gender-based discrimination, now publishes yearly reports about its diversity. So do numerous other companies, including Google and Red Hat.

Unfortunately, these reports indicate that diversity still has a long way to go. Despite a broad array of efforts, Google reports that women represent only 20 percent of technology employees and 25 percent of executives. Similarly, Red Hat reports only 11 percent of technical roles are filled by women, and 13 percent of leadership roles. Yet small increases are made each year, and reporting of such data is now accepted as part of being a progressive company.

Anti-harassment policies, of course, are only one part of diversity efforts. Without organized efforts to recruit and retain women and minorities, too often they threaten to become meaningless. Yet, despite their flaws, an argument can be made that they are contributing to the general trend.

True, too much was originally claimed when they were first introduced, and there is no evidence that they are reducing harassment. All the same, by increasing awareness of long-existing problems, they do seem to be part of a general trend towards increasing diversity — not overnight, but incrementally, year by year.

Disclaimer: Bruce Byfield resigned from the Ada Initiative’s Board of Advisors in 2011.

Google and Red Hat are sponsors of The New Stack.

Feature image via Pixabay.

A digest of the week’s most important stories & analyses.

View / Add Comments