Please help distribute the statement below.
You can write to the ethics board of the ACM and any other professional body to draw their attention to this issue.
Here is a sample letter:
I'm writing to ask you to consider the open letter on unsafe Codes of Conduct impersonating a Code of Ethics.
https://danielpocock.com/open-letter-acm-codes-of-ethics-conduct/If somebody impersonated the president of our professional body, using his or her name when responding to a call for papers at a conference, everybody would find that completely unacceptable. Therefore, if some members of our profession impersonate the Code of Ethics with an inferior substitute, isn't it time to shine a light on these practices? Doing so can help focus attention on the real Code of Ethics and protect our members from straying into vigilantism.
Using a Code of Conduct to justify public shaming is like using the Quran to justify terrorism.
Please consider making a statement on the unsafe nature of these imitation Codes of Conduct. In particular, we ask that you warn the community that verdicts and punishments derived from these codes are not to be taken seriously and that members may face legal consequences attempting to enforce an unsafe Code.
Contact addresses:
We are writing to request the association's opinion on the phenomena of Codes of Conduct in the free, open source software domain.
The association operates a Code of Ethics with the stated aims of improving standards of professionalism in the industry at large.
The free, open source software domain is becoming increasingly prominent as a subset of the industry. In many cases it is the first point of contact for students in computing.
The largest and most well known employers in the industry have all engaged with the open source concept in some way. These employers and their management count among the members of the association governed by the official Code of Ethics.
We, the undersigned, charge that the Codes of Conduct presented by these organizations attempt to borrow from the authority of the Code of Ethics without honoring the principles and processes that are normally associated with such a code.
By way of example, we attach two Codes of Conduct, the Code of Conduct for the Fedora Project (IBM / Red Hat, Inc) and the GNOME Code of Conduct.
Anecdotally, we find many public references to decisions made under these foolish Codes of Conduct. Industry participants, journalists, search engines and the public at large appear to be unable to distinguish a genuine Code of Ethics matter from a vindictive, vexatious and unjust declaration made in the name of some Code of Conduct.
On 25 August 2020, a volunteer wrote to Red Hat using the Fedora council mailing list and asked about upgrading from a Code of Conduct to a Code of Ethics. In January 2022, Matthew Miller, employed by Red Hat, Inc as the Fedora Project Leader, declared that the volunteer's opinions were not valid because the volunteer had not submitted to a Code of Conduct. There was an insinuation that the volunteer was violating a Code of Conduct. In reprisal, Red Hat, Inc instructed a lawyer to begin proceedings under the Uniform Domain Name Dispute Resolution Protocol (UDRP) to seize a domain name from the volunteer. The legal panel appointed under the UDRP determined that Red Hat itself had been harassing the volunteer and engaging in an abuse of the administrative procedure. Yet Red Hat had claimed they were motivated to follow this hostile course of action by a Code of Conduct.
If these amateur-hour Codes of Conduct are enabling the largest entities in the industry to engage in harassment and publicly shaming people then it is now a compelling time to shine a light on these practices.
We attempt to itemize the differences between the ACM code and the amateur-hour substitutes that have become prolific in open source.
The ACM Code of Ethics is split between two documents:
We are comparing with two Codes of Conduct
although we may refer to others.
The ACM Enforcement Procedures do not mention a jurisdiction for legal claims relating to enforcement. The ACM Bylaws are available on the website and identify the US state of Delaware as a jurisdiction.
Fedora's Code of Conduct does not identify a jurisdiction, nonetheless, the Code clearly states that Fedora is an initiative of Red Hat, Inc, a well known US company.
The GNOME Code of Conduct does not identify a jurisdiction, nonetheless, it is possible to follow links in the wiki to find the the Bylaws stating the GNOME Foundation is registered in the US state of California.
This information is not readily available for many other Codes of Conduct. For example, if we consider the Debian operating system, a recent email discussion has commenced about whether the developers should bother to incorporate.
"Did Debian survive for so long in part because there was no organization to sue?"
Email leaks from the 1990s reveal how the developers created this obfuscation deliberately. The implication is that the developers want to make arbitrary Code of Conduct verdicts and punishments while frustrating any attempt to moderate their abusive actions in a courtroom.
The ACM Enforcement Policy requires a complaint to involve a specific violation of the code and not simply a disagreement between two parties.
The Fedora Code of Conduct and GNOME Code of Conduct, like most of those in the open source world, have a very broad and unspecific scope, allowing somebody to launch a complaint for just about any issue that is inconvenient for them. A simple disagreement between two people can be used as the base for a Code of Conduct complaint.
The ACM Enforcement Policy (section 2) encourages voluntary remediation at an early stage.
The Fedora Code of Conduct and GNOME Code of Conduct do not entertain such an offer.
The ACM Enforcement Procedure, section 6, states that decisions about code violations may be recorded in public minutes of the meeting but the names of both the accuser and accused will be concealed.
The Fedora Code of Conduct states that "the identities of all involved parties will remain confidential" but in practice we have seen that this is not the case. The most prominent example is Red Hat's public statement about Dr Richard Stallman in March 2021. In other cases, Red Hat has deliberately revealed enough information for parties to a dispute to be easily uncovered by the press even if their names are not stated explicitly.
The GNOME reporting procedure includes the following text that deliberately omits the privacy of the accused:
In some cases we may determine that a public statement will need to be made. If that's the case, the identities of all people impacted by the behavior and the people who reported that behavior will remain confidential
Molly de Blanc, one of the GNOME Code of Conduct authors and enforcers, started an online petition asking people to endorse her personal grievances with a former employer, Dr Richard Stallman. Therefore, the process selected by de Blanc, a member of GNOME's conduct committee, obviously didn't contemplate the privacy of the accused, Dr Stallman.
In many jurisdictions an enforcer writing a public statement about a colleague or volunteer may themselves become subject to civil or criminal defamation proceedings.
Both ACM documents, the Code of Ethics and the Enforcement Procedures, prohibit people with a Conflict of Interest from acting (Code of Ethics s1.3 and Enforcement Procedure, part B)
The Fedora Code of Conduct does not mention conflicts of interest at all.
The GNOME Report Handling Procedure prohibits Conflicts of Interest. Nonetheless, it does not require the involvement of an independent or professional outsider for contentious cases, it simply recommends involving one of the executive. People have raised questions about conflicts of interest regarding one of the authors, Molly de Blanc. In each case, the executive have neither confirmed or denied the conflicts of interest, they only insist that she is competent for her duties.
In the aforementioned case involving Molly de Blanc and Dr Richard Stallman, de Blanc had conflicts of interest. Although she positioned herself as a victim, she did not recuse herself from her role in the GNOME Conduct committee and even if she had done so, her public profile induced other people to co-sign the complaint in the heat of the moment.
By using this petition to try and create a verdict, de Blanc was effectively asking for a jury of people who agree with her.
The ACM Enforcement Procedure does not envisage absorbing and rubber stamping decisions made in external bodies. The final paragraph of the procedure suggests that if another body is running an investigation it may be better to let that investigation run its course before the ACM considers the same matter.
The Fedora Code of Conduct does not state that verdicts should be imported or exported with other organizations. Nonetheless, Matthew Miller, the Fedora project leader, has indicated that people have tried to use the reporting procedure to open tickets refering to complaints in other organizations.
Molly de Blanc, one of the authors of the GNOME Code of Conduct, has stated a desire for such decisions to be propagated to other organizations and this is written in the code, under the heading "Report Data", people preparing an incident report are encouraged to specify "Which online community and which part of the online community space it occurred in".
The target of a complaint who has to handle accusations, evidence and appeals submitted through multiple organizations in parallel may find it impractical and unhealthy to effectively respond to all of them concurrently.
As an extension of the concept of copy-cat verdicts, it is important to note that many of the organizations in the free and open source software domain have overlapping membership and common funding sources.
In other words, looking at Fedora and GNOME Foundation, both software products are supported by staff and funding from Red Hat, Inc. Fedora is almost exclusively reliant on staff and funding from Red Hat whereas GNOME Foundation has multiple funding sources but counts a non-trivial contribution from Red Hat, Inc.
If Fedora and GNOME Foundation both make an abusive verdict about a single volunteer, they could be considered proxies for Red Hat, Inc to simply spread a single abusive allegation through multiple concurrent channels.
Various social media posts have appeared recently giving lists of such incestuous organizations making identical decisions against a single volunteer. It appears the people behind this harassment have deliberately created abusive verdicts for the very purpose of saying that other organizations all agreed with them.
In some cases, we've seen organizations make abusive verdicts about people who never had any interaction with their organization whatsoever.
The appearance of multiple phony verdicts rubber stamped by puppet organizations is offered as a substitute for due process. Not one of the organizations will have followed due process in reaching their verdict.
The ACM Enforcement Procedures, section A, first paragraph state that the policy is only applicable to members:
The privileges for the subject of a complaint that are described in this policy only apply when the subject of the complaint is a Member.
Open source software organizations typically have a smoke-and-mirrors approach to membership.
Intellectual property, trademarks and bank accounts are typically registered to a legal entity where only a small subset of the volunteers are legally recorded in the membership roll.
Words like "member" and "expulsion" are frequently used in open source organizations in reference to people who are not actually members.
There appears to be no evidence of cases where ACM officials have skipped due process and simply declared somebody to be in violation of the Code of Ethics.
In the case of both Fedora and GNOME Foundation, there are cases where officials have simply written emails, blogs or other communications declaring that some person has violated a Code of Conduct. Sometimes these statements are made in the heat of the moment or when they are losing a debate. Sometimes they are repeated behind the scenes on an ongoing basis as a vendetta. In any case, the community is encouraged to trust these pronouncements of guilt simply because the person making them has some title in the organization, not because the finding was obtained through a credible inquiry.
The ACM Enforcement Procedures suggest that the subject of a complaint should be interviewed at an early stage to establish facts. The subject of a complaint must be given details of the complaint and copies of documents before a hearing. There must be at least 30 days from the moment when the subject is given the evidence until the actual hearing.
Regarding both the Fedora and GNOME Code of Conduct, neither of these codes requires the accused to be provided with copies of evidence. Neither of these codes specifies waiting periods for the accused to review the case against them and provide a response.
The GNOME reporting guide urges the committee to allow no more than one week for the entire process, this is clearly inadequate if the accused is on vacation, ill or anything else:
If the incident is less urgent, the committee members will meet within 1 week to determine an appropriate response.
The ACM Enforcement Procedures require a hearing where all parties are present before a panel or the full council.
Neither the Fedora nor GNOME Code of Conduct envisage such a hearing. The people making the decisions may do so from a bunker without ever looking other volunteers in the eye.
The ACM Enforcement Procedures offer the subject the opportunity to submit an appeal to the president. This appears to fall short of the standard in some other professional associations. For example, in some associations the appeal may involve a panel consisting of a previous president and a professional mediator, magistrate or another outsider who may bring a legal perspective to the case.
Neither the Fedora or GNOME codes mention an appeal procedure at all.
As previously mentioned under the heading Confidentiality, the ACM process records the anonymized facts and verdict in the minutes of their meeting. These documents are dated and copies are circulated promptly to all parties. This makes it harder for any party to misrepresent the outcome in future.
The Fedora and GNOME Codes of Conduct do not include any specific requirements for minuting evidence and verdicts. Fedora appears to be using an issue tracking system, Pagure, to record correspondence. It has been observed that Red Hat / Fedora management have the ability to modify past conversations in some of these web-based tools. In 2020 they moved their Fedora Council discussions from an email list to a web forum (Discourse) where it is easier for them to modify discussions retrospectively.
In the case of another puppet organization, Debian, victims of the Code of Conduct experiments have shared correspondence from the enforcers where they typically conclude their inquiry, trial, verdict and sentencing in a single email that ends with some comment like this:
We are sending this email privately, leaving its disclosure as your decision (although traces in public databases are unavoidable).
The message is basically a veiled threat: if you do not accept our verdict as the truth, if you complain, then your name will be dragged through the mud like previous cases such as Appelbaum. Under such oppressive conditions, the victim of this verdict may feel apprehensive about exercising their rights and repudiating the abusive verdict.
As the evidence, verdict and sentence are all secret, the enforcers can retrospectively misrepresent the unsafe verdict for any reason whatsoever. In one case, 2018, they made a defamatory and abusive verdict about a volunteer and three years later, 2021, made a public statement retrospectively justifying their decision based on alleged events that could not have transpired until at least a year after the original abusive verdict.
The ACM Procedure involves a sufficient number of independent steps and independent actors that it may be difficult for them to collude and conspire to threaten a member with a preordained finding of guilt. Even if this did eventuate, the member could simply resign during the 30 day waiting period before a hearing. The hearing would no longer proceed in this case.
In an open source organization, the organizations are much smaller or not incorporated at all, the conflicts of interest are more common and the waiting periods for a case are non-existant. Volunteers have complained of procedures where they received the accusation, verdict and punishment all in a single email, for example, the erasure of Ahmad Haghighi from Fedora and the multiple demotions of Dr Norbert Preining in Debian.
One software developer, Martin Krafft (madduck, Debian), has gifted us a public summary of his execution on Christmas Day in 2018: