[cabfpub] CAB Forum Draft Code of Conduct

Ryan Sleevi sleevi at google.com
Wed Apr 26 13:03:58 MST 2017

On Wed, Apr 26, 2017 at 3:41 PM, Virginia Fournier <vfournier at apple.com>

> Hi Ryan,
> I’m glad to see that you’re supportive of a code of conduct.  Thanks for
> reviewing the differences between CAs and browsers.  I just don’t see
> anything in those differences that would prevent the adoption of the
> proposed Code of Conduct.  I don’t think there’s anything inherent in the
> asymmetrical relationship between CAs and browsers that would prevent
> either category of members from being polite, professional, and respectful
> to the other.
> It would be extremely helpful if you would please point out the specific
> language in the proposed Code of Conduct that you believe would prevent
> browsers from enforcing their expectations with CAs?  Does that require
> unreasonable conduct?

I think the recent discussions around "sent", "submitted", "distributed",
"via", and "posted" highlight the reasonable concern that 'plain language'
is easily miscontrued, whether intentionally or not.

For example, "treat eachother with ... fairness" could be, for example,
misconstrued that a browser member should not discuss a CA member's failure
to abide by the Baseline Requirements, unless time was spent discussion all
CA member's failures, as that's the only way to be fair. This is a problem
that naturally arises from the imbalanced power dynamic.

"Disrupting Forum events, including meetings, talks, and presentations"
could be misconstrued as providing opposing viewpoints or disagreement, or
correctly identifying provably factual inaccuracies. Similarly, it could be
interpreted as a person who continues to raise a particular point, despite
all reasonable efforts to address it, and refusing to progress on this
topic or to allow others to talk. This is particularly exacerbated by the
inbalanced power dynamic, because it can be beneficial for a member to
engage in such 'stonewalling' or 'hypotheticals' as a way of trying to
prevent agreement that might improve security, but negatively impact their
business. In some spaces, this might be called 'concern trolling', and
determining whether or not that constitutes a disruption is,
understandably, difficult, even if from the plain reading it is not meant
to be.

Similarly, the proposal of moderation, while well intentioned, exacerbates
the power dynamic. Moderation can be used as a means of retaliation, and
the proposal explicitly discourages transparency. One of the concerted
efforts Google has made in the Forum for the past several years, and with
the thankful help of Apple along the way, is to bring greater transparency.
I certainly understand and agree with the spirit of trying to allow for an
amicable airing of concerns in a way that creates a non-threatening
environment, which I believe was your intent. That said, we've also seen
some fairly problematic practices, whether intentional or otherwise, and
it's important to speak truth to power and to do so transparently.

I admit, I don't have easy or good solutions to this, because I absolutely
think the spirit of having an agreed upon baseline is incredibly useful. I
similarly thought we had provided some basics of that through the Bylaws,
but events over the past 3 years have demonstrated that there are a wide
variety of interpretations about what is expected - of the Member
organization, of the Forum's operation, of the technical expectations, and,
of course, of the interpersonal behaviours. To support a code of conduct,
there needs to be a degree of trust in the shared goals and values, so that
we can use our similarities to overcome our differences and disagreements.
However, I'm not sure I'm optimistic enough to believe that, either
personally or organizationally, members have those shared goals. That's why
I raised the discussion about the dynamics of power - because it can
incentivize or reward abuse as much as correct and prevent it.

I realize this is beginning to sound like every "Code of Conduct"
discussion, and it's disheartening to be the one making these arguments
when I've looked so skeptically on them in the past. But I think it's at
least worth some degree of discussion, to figure out how to balance these
concerns in a particularly charged and complicated organization like the
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170426/e90f8fd5/attachment.html>

More information about the Public mailing list