How Tech Codes of Conduct Fail

kylie gusset
7 min readJul 23, 2017

I’m noticing an alarming concept where as long as a tech conference, slack, meetup, or github has a Code Of Conduct (COC), all is good, job is done, everyone can get back to work, be a speaker at the conf or attend etc and everything will be peachy.

Given my experiences with Codes of Conduct last year, that concept of Code Of Conduct in place, job done is not enough. How can you know a COC is enforceable until it is? When it is enforced, is that outcome really what the community was after?

For example, Ethan Marcotte’s sample questions to event organisers:

Which includes the following thoughts about Code Of Conducts:

“Does your event have a code of conduct?”
As Erin Kissane so beautifully put it,

[To define a code of conduct is] to express and nurture healthy community norms. In a small, limited way, it’s to offer sanctuary to the vulnerable: to stake out a space you can touch, put it under your protection, and make it a welcoming home for all who act with respect.

In other words, diversity and safety aren’t just important to me. They make for better, safer events — and as a result, they’re incredibly important to the welfare of our industry.”

Codes are broken. I wonder if one of the main reasons why is that emphasis is on having a Code Of Conduct in place, not how reports are going to be responded to, which is what really matters. Geek Feminism have an outline for conferences, which is a great starting point.

Let’s take the CSSConfau COC as an example, which I wrote the draft of. Learn from my mistake — the people writing the code should be the people enforcing the code. Nowhere in that code of conduct are deadlines. If you take an issue to them, how long is it going to be before its resolved?

When you go talk to someone in a shirt, what happens? How are they going to resolve your issue? What are your options if they refuse to do anything?

What information are they going to take? Are they going to simply take your info verbally, or create a written record? What are they going to do with that information? How are you kept safe? How are you kept anonymous — do you need to request anonymity or does that happen automagically? Who are they going to share your information with? How long are they going to keep it?

How have they been trained to deal with Code of Conduct issues? What have they dealt with previously and how? How would they deal with what appears to be the 2 main problems at conferences:

1) Speaker words/images in breach of the COC?
(for example, what happened at Webstock)

2) Sexual harassment?
(See: No More Rockstars: how to stop abuse in tech communities)

What are they going to do when the person accused of sexual harassment is a long time friend/speaker/mentor and the person coming forward is someone new to them/industry?

What’s missing from codes of conduct are: deadlines, methods, third party.
One of the recommendations from Project Include for large organisations is that they have a third party to resolve conflicts, and it makes sense for those who have Codes Of Conduct such as conferences, meetups and programming communities to also adopt a third party. I would personally welcome a third party particularly when it came to issues of harassment, as its so difficult to even come forward and report, let alone have it dealt with in an appropriate manner.

The questions then are: when can a third party be called in, how, and who is that third party, how have they been trained, why are they the ones to deal with your issue and how long are they going to take? I absolutely wanted to have those things in the JS/CSSConfau code of conduct, but it certainly felt like I was the only one, and was making mountains out of molehills.

One thing I’d love to see in every code of conduct is: Here’s how we work. You contact us once. We will take it from there, and resolve your issue swiftly; that is, we aim to solve on the spot, and worst case scenario if issues are complex, 5 working days. Here are the steps we take to resolve your issue… If we don’t resolve, this is what you can do….

The reason why I’m asking to see deadlines, methods and third party is based on my own experiences, and seeing the experiences of others online. Bad behaviour in tech happens, as outlined in elephantinthevalley where 90% of women who had been in the industry for more than 10 years had witnessed sexist behavior at company offsites and/or industry conferences.

I’m sure that organisations with COCs have the best of intentions, but it’s time that they are held accountable.

How many people have to be affected for how long before you take action?

I’ve written about my experience with Rails Girls Summer Of Code (RGSoC), where there COC is broken to the point that rules for one person do not apply to another.

The whole reason why I went for RGSoC was that I really wanted to get back into tech. As someone who had been receiving some kind of government assistance for the last ten years, it was a pattern that I was doing everything I could to break. RGSoC was part of my stepping stone into tech which was going to be my passport of being part of a community, of working and getting myself out of significant debt, and generally feeling better about myself. Meaningful work matters to me.

I understand that when someone breaches a COC, they’ve done something wrong, and there needs to be learning and adjustment from their breach of a COC. After consulting with those in tech and mental health, I’ve got nothing to learn behaviourally from my breaches with RGSoC.

What I have learned is that Codes of Conduct are in effect the equivalent of corporate HR. We’re here to protect who we want to.

How do the harassed know that reporting is any better with a Code Of Conduct?

Codes Of Conduct are meant to “offer sanctuary to the vulnerable”.

Here’s how the RGSoC third party “trust committee” failed. I had sent them a formal complaint about the breaches of COC where I noted that I had significant mental health issues, and that I felt like I was drowning. I skyped with them, and emailed them, contacting them 10 times over 22 excruciating days, trying to get those first two COC breaches annulled, only to be terminated before anything was done. I’m the vulnerable one here, and I have no sanctuary.

I was emailed excuses such as: “I’m sorry — I wanted to get in touch with you earlier, but had a whole bunch of stuff to do today…”, “sorry to letting you wait with my reply…” These excuses, and the dragging out of dealing with the issues that I had brought up with them has the following bad effects;
1) you get the feeling that you’re the problem here, you shouldn’t have brought up this issue, as its nothing but a hassle for them, therefore you shouldn’t have contacted them in the first place.
2) you don’t matter.
3) and this brilliant summation of non/lax enforcement in a thread:

The standard COC and guidelines that most folk in industry seem to use is that from geekfeminism who advocate that issues that are dealt with within a week is “good”. When issues aren’t dealt with at all, I would say that its unacceptable, and something needs to be done about it. Where that leaves people now, who need issues dealt with via a code of conduct is difficult.

When there’s no third party in place, and there needs to be one, that makes dealing with difficult issues as a minority difficult too. After the breach with RGSoC, there was the issue of what to do with Ruby Australia. I was on their board, along with my coach, along with their employer being a major sponsor.

There was no third party to take it to, and trying to work with the person who just got you terminated? I resigned. I also made it clear to Ruby Australia that they need deadlines, method and third party involved in their Code Of Conduct as I didn’t want this kind of result to happen again.

Brown M&M’s were Van Halen’s indicator that tour promoters didn’t care. What’s yours with a Code Of Conduct?

I’m wondering if its time for all of us to be like Van Halen with their brown M & M’s. If a code of conduct is not up to standard (deadlines, method, 3rd party), could it be time to call organisations out, and not participate until a COC is enforceable?

I had a code of conduct issue, which was with a slack community, which was covered by the That’s my brown M & M, right there — an event code of conduct covering a slack? How is that meant to work?

The answer being, that it doesn’t, but I sure tried. I followed the code of conduct. I contacted the moderators by messaging, meeting with them, and emailing them a 1000 word summary of COC breach, impact, and recommendations of actions including adopting a COC for a slack. No actions were taken. I can’t see how this is acceptable behaviour. How bad do things need to be before those enforcing codes will do anything?

I get it. Folk enforcing COC are busy. There’s also very much this concept of when you are on the brunt end of a COC, you’d better be a cool tech girl. Oh, no, please, take all the time you need…shit on me. Oh no, of course I understand you can’t do anything about this…shit on me. They know just as well as you do, that there’s nowhere you can escalate the issue and there’s nothing you can do.

The people behind the slack code of conduct are also organisers of JSConfau, CSSConfau & Ruby Conf Australia. When you receive a complaint and do nothing about it, including not letting the community know what has happened, thus enabling that issue to happen again to the detriment of others, that’s not enforcing a code of conduct. Doing nothing breeds unacceptable behaviour that needs to stop.

When people wonder why underrepresented people leave tech, I’m hoping that the above helps to give you those answers — they’re ignored, mistreated and left behind. As my counsellor put it — “when this is the way that they treat you before you’re even in industry, why stay?” You now also have the answers of what you can do.



kylie gusset

personal account: may contain traces of crowdsourced fundraising, code, design, social enterprise, music.