Code of Conduct Guidelines
A code of conduct is a set of guidelines, principles, values, standards, guidelines, or rules of behaviour. A code of conduct guides the decisions, procedures, and systems of an organization to help the welfare of its stakeholders, and to respect the rights of its constituents. See Wikipedia.
Externally, a code serves several important purposes: compliance such as with legislatiog; marketing such as a company showing it stands for high standards and right conduct; risk mitigation, such as reducing financial risks associated with government fines for ethical misconduct. The ethics perspective is by Ethics & Compliance Initiative.
This page has discussion that can help you understand what makes a good code of conduct, based on many peoples' experiences. We welcome help with this, and feedback, and advice. Discussion is edited for context, clarity, continuity, and anonymity. The discussion is thanks to Hacker News.
- What makes a good code of conduct?
- Aim for explicit formal encoding
- Code of conduct for working together
- Particpation areas
- Codes of Conduct from tech organizations
What makes a good code of conduct?
Make it clear how someone can complain about actions or events that occur. This is important because if you have high friction to reporting issues, issues don't get reported.
For a CoC all of these steps are important: 1. I can read what actions are allowed 2. I know that any actions that aren't allowed will be reported and handled using a well-defined process. 3. I know how people who receive reports will respond, how the issue will be mediated, and the range of penalties. 4. If I experience a violation caused by someone else I know how to report it.
A CoC should describe the appropriate mechanism for reporting an incident, and also should address topics of remediation, punishment, and restorative justice.
Good CoCs focus on conflict resolution and deescalation, assume good faith, and give benefit of the doubt.
A CoC should focus on conflict resolution and have mediators, where enforcement only comes after if mediators have failed, and with documented proof of failed deescalation.
The goal of conflict resolution is not about determining who is guilty and measuring out punishment, but rather to deescalate situation and fixing problems before there is a need for someone to be punished. The best moderations are those that are not seen because intervention occurred early and without escalating something small into something big.
Does it allow anonymous accusations? Is the accused allowed to know the charges against them, before a finding of guilt is rendered? Is there a presumption of innocence? Is the accused allowed to have a trusted third party - one who knows the rules of the game - to advocate on their behalf? Who, exactly, is responsible for deciding matters of fact vs matters of "law"? Is there an appeals process to fix possibly incorrect decisions?
If your process allows something that common law does not allow, then you should have a good answer for why that is.
I think we should generalize more, beyond codes of conduct: If you are building an adjudication process for resolving non-criminal personal conflicts (whether that be a Code of Conduct, an HR department, a Title IX proceeding, a professional organization, or something else), you should take a look at law and the safeguards against abuse that have been evolved over the centuries.
Aim for explicit formal encoding
We're professionals. Rules shouldn't be implicit in professional environments. Explicit rules are easier to use, and they make it easier to hold the authorities accountable for misusing them.
Without a common background (raised with similar upbringing, same religions), your implicit rules can diverge greatly with the others. Not to mention born in different era will play a big role in this. Some people simply don't grow with the changing time. That's why it is more favorable in today's environment to have explicit rules like CoC. At least it brings people to the same understanding quicker.
Process is valuable, process is important to have, but god-oh-god is it ever a massive pain. Designing, drafting, implementing and refining process is HARD. I professionally maintain what I'll brazenly call "actually important" process so I don't get why everyone is so squeamish around the idea of maintaining the CoC process.
Formalizing rules is fine. But then be clear about the expectations. Either those rules exist to create a fair, safe, productive space for everyone - at which point, you should go all in and set up institutional support that ensures the rules are fairly applied and there's appeals process to correct mistakes - or, they exist only to codify the capriciousness of the rule setter, at which point it should be said explicitly. Either is fine, but it's important they never get confused.
Formal rules only make sense when there is sizeable bureaucracy to execute them. Otherwise they just get used by privileged individuals for their own purposes, adding a veneer of legitimacy. And creating bureaucracy is just not compatible with software communities - developers want to focus on software, and continue to do software outside of work to get away from heavyweight management and HR. The rise of COCs have more to do with the corporate colonization of software communities than the desire for social justice.
CoCs are a formalization of expectations and rules for behavior. The are often tied (explicitly or implicitly) to an adjudication and enforcement process much more complicated than the person in charge just saying "get the out".
The task is to square the unsquarable circle of human diversity. That takes nuance, emotional intelligence and flexibility. You can never get that 100% right, and the mistake is thinking you can. That's where flexibility is important. Zero-tolerance is proudly anti-flexibility. Either you put in the effort to construct a humane environment or you decide that it's OK to throw the out-group under a bus (easier when you can dehumanize them). The latter takes a lot less work.
You'll never be able to completely encode everything. No resilient human system expects everything to be completely encoded in a written statement - it's entirely unreasonable, akin to asking one prove that unicorns don't exist. The devil is in the implementation details and how the CoC is wielded.
There will always be edge cases that need many hearings and re-hearings, with some discretion based on past precedence, nuances, etc., in the interpretation of written words in the code in an effort to make the code clearer for the future.
Code of conduct for working together
Acknowledge that people come from different backgrounds or belief systems where norms and customs are different. A good code of conduct offers a concise and easy-to-understand set of core expectations that the participants in a community agree to follow, along with a mechanism for reporting and curing violations when they occur. Curing violations should typically involve helping members learn and adopt better ways to communicate their ideas and interact with others, rather than shaming or punishing them for lacking these skills or for having a bad day.
Codes of conduct are sometimes abused to create cultural echo chambers. This isn’t because the concept of a code of conduct is flawed; rather, it is often (in my experience) because people adopt CoCs without having the knowledge and skill necessary to administer them. When this happens, the CoC can become a mechanism for suppressing disagreement instead of a mechanism for creating a healthy environment where ideas and relationships can thrive despite disagreement.
Like any other system of laws, a code of conduct necessarily restricts the boundaries of what one individual is allowed to do in order to ensure there is a safe space for others. When used correctly, instead of inhibiting the free exchange of ideas, a CoC helps keep participants in an open and receptive mindset instead of a closed and defensive one.
A functioning code of conduct should make the difference between someone saying “I don’t understand why anyone would believe X”, which is an open statement that invites thoughtful discussion, versus “X is stupid and anyone who believes it is an idiot”, which is a closed statement that triggers fighting instead.
I think the problem is essentially this: if you're a white male, you may essentially never experience or see racism / sexism in tech. If you are a woman or black or ... you will very likely experience sexism or racism. You will probably also see more, because you are used to identifying it.
If you don't have a CoC, there will be some people who think that racist or sexist jokes, sexual harassment, etc., are okay. They are not, and a CoC can help to make that clear. But you have to take your own CoC seriously and follow it, and not use it as an arbitrary excuse to harass people.
We've had frequent cases of sexual harassment (primarily men hitting on women at events) and a CoC has been extremely useful in dealing with those situations.
Codes of conduct vs. legal structures
If you're interested in making spaces more welcoming and existing legal structures aren't doing the job, codes of conduct are extremely valuable.
The legal system is very slow, very hard to report to, and in some cases actively discourages assault claims. CoCs can do better because they don't require as involved of a process.
FWIW, I know someone who wasn't able to get a police report for assault but was able to ban someone from an event.
Individual or organizational
Individuals might have the right to disassociate, but organizations have more power then individuals, and concentrate power in the hands of a small number of people, and thus should have some democratic checks on that power. Elections are one form of democratic check on power, but a randomized selection of peers works as a statistically sampled approximation, which is why the concept of a jury exists. Any organization without democratic checks to redistribute power to its constituents is generally seeking to hold hierarchical power over those constituents and others, and should be distrusted.
Contributors to open source
I think that a lot of prospective contributors (such as myself) do not want to be part of a community unless it is run by such a system. I also think that such contributors will be particularly incensed about contributing to such communities that say they are run by such systems but which are actually oligarchies. In that case, I would feel like I had originally contributed to the community as an equal, but I am instead now just a cog helping build someone else's dream. This will not just discourage me from contributing to the community, but it will make me regret ever doing so in the first place, and resent the community's leaders for lying to me.
I avoid giving my time to open source projects that have CoC's like the Contributor Covenant, mainly because - if my experience is anything to go by - they are a strong signal that the kind of people I wish to avoid will be involved. I want to contribute things that (hopefully) improve the world in objective ways, not be involved in the wrangling and petty politics of a fiefdom just so I can get something like a bug report considered.
Some CoCs require you to check a box that you've read and agree to the CoC before you participate. What do you do in those situations if you do not like the CoC? Do you just check the box anyway, or not particpate?
People who organise conferences have told me that there's a level of craziness that most attendees or speakers aren't exposed to. I don't know if a code of conduct makes their job easier or not, but glib dismissal fails to take into account that conference organisers don't enjoy judicial immunity and enforcement of anything -- be it written in a code of conduct or just common sense -- can make them liable for damages. One way to protect yourself is with a system of due process, and some lawyers think that a written code is helpful in establishing due process while others disagree.
If there are multiple organisers then it makes sense for them to talk amongst themselves, decide what they disagree on, and document it. That sort of CoC makes sense - one that the organisers use to settle their own disputes.
Enforcement and adjudication
The big themes in all the most exasperating cases to do with CoC enforcement: 1. Wide difference between rules as written and agreed to versus how they are applied. 2. Unchecked power for enforcers, who can flout punishment/scrutiny. 3. Insufficient interest from parties not directly impacted.
CoC enforcement is not without its flaws, and policing interpersonal interaction is never going to be a hard and fast thing. But CoCs give everyone tools to nudge behavior away from what is objectively causing (subjective) distress.
Rarely are creators of a CoC trained or able to run an adjucation process.
In principle, I believe codes of conduct are self-evidently a good thing, and generally introduced with good intent. It's the zero-tolerance that's harmful.
While zero tolerance policies are awful, at least there they serve an arguably useful purpose: avoiding litigation.
A CoC doesn't add anything to people already acting in good faith (other than being a thing they can be "cancelled" about), but does nothing against a dedicated malicious actor who couldn't care less about it anyway.
A CoC means that people can't say "I didn't know it wasn't ok to ____" or "XXX punishment is too harsh" - a common issue with poor actors.
It's worth thinking about how people operating in bad faith (either on the committee, or reporters to it) can abuse those features to achieve goals that are not actually aligned with what the Code of Conduct is trying to do. A poorly-run adjudication process can have significant negative personal and financial effects on people.
I think many of the people who write CoCs are oblivious to the fact that people lie, or may just be unreliable witnesses.
If you punish anyone who has a report filed against them without evaluating those reports or requesting any proof, then you will quickly be left with a small pool of very manipulative people looking to game the system.
Codes of Conduct from tech organizations
“How to Respond to Code of Conduct Reports” is written by Valerie Aurora and Mary Gardiner, and edited by Annalee Flower Horne. The book is available for free download at this website and in this repo /doc.
I elaborate on what the point of a CoC is: https://news.ycombinator.com/item?id=24930887
Counterpoint to nothing happens when it’s the organisers violating the CoC. PyCon AU 2019 https://2019.pycon-au.org/news/inclusivity-and-political-sta...
Overall it's the same kind of people, authoritarian/social dominants; see https://theauthoritarians.org/
Going by the linked document by Valerie Aurora, a good Code of Conduct allows anonymous accusations, the accused does not get to know the charges against them before a finding is rendered, there is no presumption of innocence, the accused does not get a third party advocate, matters of fact are necessarily decided by the same committee that makes the rules, and there is no appeal process.
Perhaps you should ask Violet Blue what she thinks of Valerie Aurora's "excellent" training: http://www.securitybsides.com/w/page/35868077/BSidesSanFranc...
If I had to choose one CoC to implement, it would be NCoc. https://www.contributor-covenant.org/version/2/0/code_of_con... https://github.com/domgetter/NCoC