For the fourth year in a row, I’ll be teaching a free Ally Skills workshop the week of Security Summer Camp. Previous years have been a lot of fun, and I’m looking forward to once again not attending Defcon but still doing my part to make security a better place for underrepresented people.
The Ally Skills workshop teaches concrete skills to fight biases like sexism, racism, and transphobia through a (very) short talk followed by a series of scenarios that are discussed in small groups. There’s no awkward role-playing, and people are always surprised by how much fun it is. This isn’t a tedious legally mandated workshop, it’s a practical set of tools that you’ll use in your every day work and life.
The workshop will be on Saturday from 1-3 in a suite at Caesar’s Palace, graciously provided by the fine folks at Atredis Partners.
If you’re interested, please sign up here. I’ll be in touch a week or so before to confirm your attendance.
Again the workshop is free, but if you like the work I do, I always appreciate folks donating to the ACLU (disclosure: I work there, but this is on my own time and I’m paying my own way to Vegas) or Equal Rights Advocates.
In a couple of weeks, I will be joining the ACLU’s Project on Speech, Privacy and Technology as a Technology Fellow. I will be working on activist issues near and dear to my heart – encryption, surveillance, and privacy rights that are facing renewed threat under the new administration. I am so excited to get to apply my decade of work in the security industry to helping shape conversations and policies on these topics.
More so than ever before, cyber security issues are at the forefront of public conversations about freedom and democracy. In my time on the Patch Tuesday team at Microsoft, doing incident response at Salesforce, and most recently at Slack, I have learned a lot about the nuts and bolts of how security is practiced in the real world – and how to communicate about it with the public. I further honed those skills through my work as an advisor to the Ada Initiative, the creator of the neveragain.tech pledge, and in providing behind-the-scenes security assistance to activists and public figures. Building on this foundation, I am looking forward to being an outspoken and effective advocate for our digital rights during the year of my fellowship and beyond.
My role will include collaborating with the ACLU’s lawyers and other staff to identify, understand, and potentially litigate issues related to security, technology, and civil liberties. I am also looking forward to working with journalists as a source for commentary on security and privacy issues. Please feel free to reach out to me via email (leigh at hypatia dot ca) or Twitter DM for my Signal number. My PGP key is also available here.
I am deeply grateful for and proud of my two years at Slack and will miss everyone a bunch (though I’m not going far – I’ll be working out of the San Francisco ACLU office). I was the third security employee at Slack, and helped grow and evolve the team over the past two years, eventually becoming manager of our incident response team. Early in my time at Slack, I worked to streamline and improve our highly successfulbug bounty program and update our security documentation. I got to interview my boss Geoff before we hired him as our first CSO. I worked with colleagues to build a next-generation secure development process, and most recently my work has focused on hiring and building our incident response practice. I’m happy to be able to help hire our next incident response leader in my last couple of weeks at the company – you can check out the job description and apply here, and I would be glad to talk about the role and my time at Slack with interested candidates.
One of the key roles of an Ombudsman is to identify when issues are systemic rather than one-off cases. Australia’s Financial Ombudsman Service has a succinct definition of systemic issues — they are those which “will have an effect on people beyond the parties to a dispute.” The training I attended included a couple of hours on this topic, and a rubric for evaluating issues that came in through the triage process to determine whether or not they represented potentially systemic issues.
With this context, I was shocked to see the confidence with which Uber board member Arianna Huffington declared that the company’s sexual harassment issues were not systemic. If you haven’t seen it already, watch this interview with her. It’s… honestly just appalling. She claims to have talked to “hundreds” of women at Uber, and when asked at the end if there is anything that would make her consider that Travis isn’t fit for the job, her answer is a clear “no”.
It is deeply inappropriate for Huffington to be making this assessment before the investigation that she’s overseeing (but ostensibly not part of?) is completed. Based on what’s been reported in the press, and what friends have been saying behind closed doors for years, I feel confident in saying that she is wrong to be drawing that conclusion at this juncture. She is also undermining any chance of credibility that the actual investigation has, by conflating her own… research? meddling? whatever she’s doing… with the investigation itself.
But you don’t need to just listen to me. To confirm my gut feeling, I decided to apply the Ombudsman’s rubric to what is known about the situation at Uber. The parts in bold are more or less verbatim from the course notes; there isn’t a copy online, but there’s a shorter version in an essay by the former Ombudsman at this link. Or if you’ve got CAD$124 burning a hole in your pocket, you may be interested in “Conducting Administrative, Oversight & Ombudsman Investigations,” but you’re probably not as much of a weirdo as me and therefore haven’t asked for that book for your birthday. ANYWAY, on to the rubric:
What Happened?
Lots of ink has been spilled on Uber’s gender issues both before and in the wake of Susan Fowler’s post. Joey deVilla has an extensive and colourful roundup of the history of Uber’s malfeasance, gender and otherwise, here.
Does the case have systemic implications?
Some of the factors to consider in determining if an issue has systemic implications or not are:
Are there a number of similar complaints? We have Fowler’s account, and, well, real talk here – the Silicon Valley women’s backchannel has had stories like hers going around for years. I don’t know of a single woman engineer who was surprised by Fowler’s story – what many were surprised by was that anyone listened this time.
Are there obvious systemic issues? HR’s (mis)handling of Fowler’s complaints just screams “obvious systemic issues” to me.
Does the issue encompass a range of policies/processes? At a rough guess, I’d say – HR, recruiting, engineering management – so yes.
Does it affect a lot of people? It certainly sounds like it has both within Uber as an organization and also outside – there are plenty of stories going around about crappy, biased engineering recruiting experiences at Uber. And that’s without even touching on how they treat drivers, or passengers who’ve had issues with sexual harassment/assault by drivers. So yes.
Is the issue sensitive and/or high-profile?
This is an easy one. A Google News search for “uber sexual harassment” returns nearly half a million results. Definitely high-profile.
Is an investigation in [the organization’s] interest?
In the Ombudsman’s rubric, this question is asked about the public interest rather than the organization’s interest – I’ve modified the rubric a bit to apply to a private entity. Factors to consider in determining interest include:
Is the alleged injustice so egregious (on the face of it) that an investigation is clearly necessary? I’d say yes, here.
What other organizations are involved or investigating? I expect that entities such as the EEOC have this issue on their radar, and they definitely will if employees file formal complaints.
Is it a matter of public discussion? Yup we’ve definitely got that one covered, that’s for sure.
Will the case likely result in significant recommendations for change if the complaint is substantiated? The HR processes that Fowler describes are profoundly broken and indicate substantial failures in organizational leadership. I’d sure hope that it becomes clear that significant change is needed.
Will the fact-gathering process be complex or protracted?
This is the one where Huffington’s statements really fall on the floor, as her rush to judgement makes it clear that either any investigation that’s taken place so far has been utterly biased (not that this is going to surprise anyone) or that she’s quite simply talking out of her posterior. Some factors that lead to thinking this needs to be treated as a systemic issue include that there are clearly facts in dispute, many potential witnesses will need to be interviewed, and many documents need to be assessed – starting with the entire record of Fowler’s correspondence with HR. And finally, multiple parts of the Uber organization need to be involved (HR and engineering management, to start with).
Will the investigation be a judicious use of resources?
This is less of an issue for a billion-dollar “unicorn” startup than it would be for a resource-constrained public service Ombudsman’s office. Uber has millions in the bank, and can easily afford a proper independent investigation. The cost of not properly investigating could potentially include: additional sexual harassment lawsuits down the road that could have been prevented, responding to independent investigations from organizations such as the EEOC or Department of Justice, an inability to hire engineers and other key employees, and the harm to current and former Uber employees’ career prospects as Uber becomes a toxic stain on their resumes.
Is there any potential to resolve the issue(s) informally?
It is clear from Fowler’s post that she made heroic efforts to have her mistreatment addressed through appropriate, pre-existing formal channels. Since it is amply evident that that didn’t work, informal resolution isn’t appropriate in this case.
Conclusion
Based on the Ontario Ombudsman’s rubric, the gender issues at Uber clearly meet the bar for a potential systemic issue worthy of deep investigation. In cases like that, a truly independent investigation is in order — not one conducted by a board member who has spoken dismissively of the issues. Last summer in our No More Rock Stars post about fighting systemic abuse in tech organizations, Valerie, Mary and I wrote that combating abuse in organizations requires “[starting] with the assumption that harassment reports are true and investigat[ing] them thoroughly“, and Huffington’s dismissal of Fowler’s complaint as a non-systemic issue violates that principle. The principle is not about “assuming guilt” but about thoroughness. It is about diligent, methodical, rigorous follow-up. Which I wholeheartedly hope Eric Holder’s investigation will involve, although I’ll be skeptical until I see it.
Obviously there’s much more Serious Business going on in the world than my romantic (mis)adventures, but a recent breakup has given me time to reflect on the things that have brought me comfort and meaning when my heart has faced tough times. I wanted to share them for others who are going through heartache, and just to have them all in one place should I need them again someday.
The first is from one of the earliest Captain Awkward posts, “The Golden Retriever/Kwisatz Haderach of Love“. NB: I’ve never read Dune nor seen the movie, the post is worth it even without knowing the references 🙂 Among the pieces of advice to the heartbroken letter-writer is this wonderful musing on love:
It’s okay to still be in love. Love is – as this hideous wedding-cake topper excruciatingly reminds us – patient, it is kind, it believes all things, hopes all things, endures all things. So there you are, all shaggy and embarrassing bounding toward your person wagging your tail and doing that adorable thing you do where you pretend that you’re not going to hand over the ball you’re carrying in your mouth and your person doesn’t even want your stupid ball and then the leash of reality yanks you back. That part of you is the purest and best and truest part of you, and you can’t really turn it off. It’s just going to love for a while.
I say this because it’s really fucking frustrating to try to talk yourself out of having a feeling or beat yourself up for having a feeling at the same time you’re having the feeling. So just have the feeling. Just be the Golden Retriever of Love. You’re not stupid for feeling it, you’re not a bad person, you didn’t do anything wrong. You just feel what you feel, and you’ll feel until one day you stop, and you can’t decide when that is, so don’t even try.
For me it’s one of those pieces of writing that I come back to over and over, like a worry stone. Just have the feeling. Just be the Golden Retriever of Love. It’s such a beautiful reminder to be kind to the best and most loving parts of yourself, even when they are hurting. Especially when they are hurting.
Next up is the Beyonce Freelancing Method, a delightfully raunchy reflection on the economic value of romantic attention by the Scottish writer and video game critic Cara Ellison:
This frame of mind has been percolating unconsciously for a while. It’s mainly about valuing men monetarily. I weigh up how much money I lose as a freelancer by spending time on pelvic sorcery rather than writing, and I calculate whether it is worth losing that money. […] It’s all about the pleasure return and the impact on my work. Does the sex, the hanging out, the effort to keep my attention leave me energised? Or does it make me really exhausted and sad and angry so that I can’t work? The first type is worth more monetarily. The second type is not worth it and I’ve been learning to refuse to invest in it.
Grieving and forgiveness are two things that I think about a lot in the context of breakups. A breakup leaves one grieving the end of what was, what was imagined to be but never really was, what could have been, or some combination of those. There’s plenty of pop-psych writing on grieving, but a thing I found very helpful was just understanding that the classic 5 stages “are not stops on some linear timeline[…]. Not everyone goes through all of them or in a prescribed order.” Grief is often a messy thing, but I’ve found the 5 “stages” to be a helpful lens to understand my feelings.
In a 2008 essay in the journal In Character, history professor Wilfred McClay writes that as a society we have twisted the meaning of forgiveness into a therapeutic act for the victim: “[F]orgiveness is in danger of being debased into a kind of cheap grace, a waiving of standards of justice without which such transactions have no meaning.” Jean Bethke Elshtain, a professor at the University of Chicago Divinity School writes that, “There is a watered-down but widespread form of ‘forgiveness’ best tagged preemptory or exculpatory forgiveness. That is, without any indication of regret or remorse from perpetrators of even the most heinous crimes, we are enjoined by many not to harden our hearts but rather to ‘forgive.’ ”
In the documentary version of Margaret Atwood’s Massey Lecture “Payback: Debt and the Shadow Side of Wealth,” she interviews Louise Arbour, former Canadian Supreme Court justice. Arbour says, on forgiveness:
Forgiveness is a link between the past and the future, it’s not the restoration of the past prior to the injury.
And it was one of those lines that jumped out at me so much that I paused the film to write it down. It’s available on Netflix in Canada or Amazon in the US, if you’re interested in watching it.
I mention forgiveness specifically because there’s often a rush to try to make nice with an ex, to preserve social bonds and mutual friendships, and that to me often feels like a jump to the “exculpatory forgiveness” Elhstain describes. A friend pointed out to me a few years back that often the reasons one might choose to break up are the same reasons one may not want to be friends. And that’s ok. The rush to be friends is often about one person’s absolution, particularly when it’s the dumper asking it of the dumpee. It’s such a frequent theme in r/relationships posts and Captain Awkward columns that it feels cliché to even mention, but you’re under no obligation to stay in touch or stay friends, and it’s often healthier not to.
It’s not a read either, but this clip of Oprah and Maya Angelou talking about Angelou’s exhortation to believe someone when they show you who they really are, the first time is worth a watch. Or several 🙂
On the longer side, there are a couple of books I come back to over and over as I process relationship stuff. I’ve read a lot of terrible garbage self-help books over the past few years, but these stand out as being works which have helped me grow and change as a person.
Three books have helped me through times I’ve been uncertain/ambivalent about relationships I’ve been in: Lundy Bancroft and JAC Patrissi’s Should I Stay or Should I Go?, and Mira Kirshenbaum’s Too Good to Leave, Too Bad to Stay, and her embarrassingly named Is He Mr Right. That last one helped Valerie and me develop this really cool spreadsheet for thinking about relationship preferences. In Mr. Right Kirshenbaum defines her “essential five elements of chemistry” as “ease & closeness, respect, safety, affection & passion, fun”, which I think is super helpful to read about just on their own – here’s a summary. Of the three books, Should I Stay and Mr. Right are aimed at women who date men. Too Good to Leave is less gender-specific (though still fairly heterocentric) and is in a neat Dr. House style “differential diagnosis” format I found very useful.
On the more seriously dysfunctional end of the spectrum, Lundy Bancroft’s book Why Does He Do That?: Inside the Minds of Angry and Controlling Men is essential reading and has been instrumental in my avoiding getting involved with abusive people in recent years. Despite the title, it’s worth a read regardless of your gender as the patterns of abusive mindsets are super helpful for people of all genders to understand.
And finally, when your heart is sad, you can always summon a calming manatee.
For the past couple of years, I’ve done Jen Dziura’s “Design Your $next_year” workbook towards the end of the year. It’s been a very helpful exercise. It’s definitely worth the couple of bucks.
One of the things it includes is making a list of the things you accomplished in the year you’re closing out; I did so in the workbook in my terrible handwriting, with items ending up in the margins and upside down as I tried to fit them all in. Which feels pretty good, I must say. This year I decided to also type it up and post it for posterity.
It’s a bit of a brain dump, and incomplete by necessity — this year included a fair bit of working towards goals that will not be public for a while, but also supporting people through crises that are not mine to disclose. The latter friend-crises came in the form of mental health stuff, intimate partner violence (which this book is an utterly essential read for friends who are trying to help), workplace harassment, and mass-scale online harassment.
That said, here’s the stuff I can talk about:
Throughout the year stuff:
Taught at least 5 Ally Skills workshops — at Slack, during (but not at) Defcon, and elsewhere, and finally attended a Train-The-Trainers for it so I could learn from how others teach it
Mentored a bunch of folks including some interns, yay!
Gained just over 2,000 Twitter followers. Thank you all for listening to me babble ❤
Did a bunch of skiing and coached friends
Helped hire a bunch of folks at Slack
Generally helped things not be on fire at Slack
Wrote some PHP for the first time in a decade
Wrote some very funny tweets on @SlackHQ but you’ll never know which ones were me!!!
Started lifting weights in earnest again. I learned a lot from Julian’s guide and Stumptuous. My biceps are AMAZING 💪
Generally ate super healthily and cooked lots of things (especially pork chops and also poached eggs) with my Nomiku (and finally got to meet Lisa, the founder! who just got funded on Shark Tank holy crap!!)
Volunteered for the Hillary campaign both on the infosec side and the more general GOTV side
Donated a few thousand dollars to causes I support like the ACLU and Callisto
Maxed out my 401k
Took good care of my brain by going to therapy regularly and (with medical supervision) tapered off one of the brain meds I had been taking
Rediscovered my childhood love of Star Wars and watched the entire Clone Wars and Rebels series and read several of the New Canon novels
A very mundane security bug I reported to Facebook netted a $1,000 donation to Callisto, and happened to be during a 3-to-1 matching challenge they were running. So my 5 minutes of work turned into $4,000 for them 😀
Tried a different hair colour scheme, but eventually decided to go back to my traditional pink and orange
Attended a private summit on continuous deployment best practices and talked about security stuff there too
Had the honour of speaking alongside Tatsiana to the amazing moms of the fall cohort of MotherCoders
Spent a weekend volunteering with a non-profit called All Hands to help with disaster recovery of the non-digital variety over in Denham Springs, Louisiana
Didn’t die on my way back from Louisiana, even though we hit wake turbulence
Started a pledge which got nearly 3,000 techies to say neveragain.tech
I learned a few things in 2016 as well — I need to work on saying no to things a bit more, as I’ve been very overcommitted and definitely dropped a few balls last year. I’m going to travel less and do less speaking this year, particularly for the first half.
I’m still working on the “plan your 2017” part of Jen’s workbook. I started it before the election and then put it aside for a couple of months. And then the election happened. I’m still figuring out how to re-prioritize how I spend my energy now that “fighting fascism” is a higher priority than “getting an MBA.” I’ll write more about that soon.
Happy New Year, and for all the good that I was fortunate enough to got done in it, good riddance to 2016.
We had been seeing each other long distance for several years, and I’d eventually decided to move to his city. This required my going back to school for a year to finish my degree so that I could get a visa to work in his country and move across the continent. About the only part of this that I don’t regret is finally finishing my damn degree.
Things lasted 10 weeks after I got there. It was the relationship equivalent of constructive dismissal; my partner was at times absent, at others cruel. But he was mainly just extremely focused on someone he’d started seeing over the summer as I finished my final class in university. I hadn’t yet figured out that polyamory is just too damn complicated for my tastes, and I didn’t particularly get along with her – an arch libertarian whose explanation for why she wanted kids started with “have you seen the movie Idiocracy?”
On a cold Saturday in December, I finally had enough. The only time I was going to be able to see him was around a talk he was giving at a local geek group, so I figured I’d tag along for that and then have The Conversation afterwards. When I got to his place, he was the most affectionate he’d been in the weeks since my transcontinental move, and my resolve weakened…
But not for long, because a few minutes into the half hour drive to the geek event, he sprung on me that New Partner would also be there. Well, that explained things.
We arrived at the meetup and I let New Partner know through clenched teeth that I couldn’t handle talking to her today. She left me be. I listened through the mildly interesting presentations, then there was some awkward socializing that involved my trying not to talk to old nerdy men, then we departed.
The arrangement was that my soon-to-be ex would drive me to my next engagement for the day – volunteering at the SPCA. It was a 40+ minute drive, of which I remember nothing.
We got to the parking lot, and I initiated The Conversation, and was met by the kind of “wow, you’re actually breaking up with me” that only those who have dated the intensely self-absorbed are familiar with. I had been mainlining the first year of Captain Awkward posts – he was an archetypal Darth Vader Boyfriend, but I did my best to be clear that it was not a negotiation.
He was quiet for a bit, and it finally dawned on him:
“Did you get me to take you to the SPCA so that you could break up with me in their parking lot and then go pet cats?”
Background: Y Combinator (YC) is an influential seed accelerator and VC firm founded by Paul Graham and run by Sam Altman. Sam may remember me from the time I counted how many women he follows on Twitter. One of YC’s part-time partners is Peter Thiel, who spoke at the Republican National Convention. He also donated $1.25 million to Trump’s presidential campaign in mid-October after more than a dozen women accused the candidate of sexual assault and Trump once again repeated his calls for imprisonment of five innocent black men. For more details, see Project Include’s post on the topic, or Erica Baker, Nicole Sanchez, and Maciej Cegłowski’s numerous and wise tweets around it.
One of the things I teach in the Ally Skills workshop is a concept in moral philosophy called the Paradox of Tolerance – in short, the one thing a tolerant society must be intolerant of is intolerance. It’s really helped me frame how I’ve been thinking about this situation – to consider whether or not Thiel’s support of Trump puts him into the “intolerable intolerance” camp or not. It wasn’t a particularly tough call for me – were I in Altman’s shoes, I’d ask for Thiel’s resignation. But there’s part of the situation that I haven’t seen addressed anywhere.
When you bring someone into your organization as an advisor/mentor/office-hour-holder (which is what Thiel’s role at YC seems to consist of), you are doing three things:
Giving them power over the people in your organization that they are tasked with advising
Endorsing their advice as being something that people in your organization should follow
Sharing your social capital with them
Now, obviously, Thiel has those first two powers in droves in his various other capacities, but in keeping him on as a “part-time partner”, YC is both saying that they value the advice he can give their founders as well as implicitly giving him a position of power over them – the power of making introductions or not, writing letters of recommendation or not, and so on – the power of a sanctioned mentoring role.
They are also saying that they trust him to not discriminate against the people they are giving him power over – the founders in their program – in ways that are not aligned with YC’s values. Thiel has made it clear through decades of public writing and actions what his values are. He wrote a book called “The Diversity Myth”, for starters. Thiel also considers women having the vote to have “rendered the notion of ‘capitalist democracy’ an oxymoron“. This hits me particularly hard as I can’t vote right now – I am in the US on a visa, not yet a citizen, and as a non-resident can no longer vote in Canada.
One last thing: I stressed for two days about writing this post, knowing that Thiel is willing to fund multi-million dollar lawsuits against his critics. I have no connection to him and he has no other power over me. Imagine how it would feel should any of his mentees need to criticize him.
We all get to make a choice as to what constitutes “intolerable intolerance”. YC has made it clear that Thiel’s actions and words are tolerable enough to them to continue to give him power over people in their organization, and I find this unconscionable.
