7 January 2019

Debian's human rights paradox

by

It all started with a non-native-English speaker choosing the wrong pronoun in reference to a developer who identifies as non-binary. What, then, is the basis for this concern? Why do we give a damn about it?

Is it because Sage Sharp is a great friend of Debian? Or is it because we would have the same concern for all LGBTQ+ people? In other words, is it about egos or is it about principles?

I suspect and hope most people would agree it is about principles. We would expect the same respect to be shown referring to any person from a minority even if they have no relation to Debian whatsoever.

If it is about principles, then, do we need to identify the principles that guide us, to ensure consistency in decision making? Recent posts on debian-project suggested human rights may not apply in Debian as we are not a Government, the same attitude has been repeated more strongly in a private email of the Debian account managers (DAM):

This is not involving anything from the universal declaration of human rights. We are simply a project of volunteers which is free to chose its members as it wishes.

If that is true, what is the basis to protect Sage Sharp's rights? If that is true, then we have to go back to the question, why was any action taken at all?

In fact, if human rights principles are not present, what is the basis for Debian's anti-harassment team and the Code of Conduct?. If we don't want to be guided by human rights principles then could we take Norbert Preining's advice and dispense with those things?

Yet I suspect that is not about to happen. People may prefer to understand them better and improve upon the way they are designed and used.

When the Trump administration rescinded guidelines protecting transgender rights in education, they nonetheless allowed the following phrase in the new guidelines:

All schools must ensure that students, including L.G.B.T. students, are able to learn and thrive in a safe environment

Let's transpose that into the Debian context:

Our non-LGBT developers need to be able to learn about LGBT issues, making mistakes along the way, because that is part of learning. To thrive, they should not fear making mistakes. People learn in different ways too, if one method of helping them doesn't work, we need to try others.

We will continue to see people do things like deadnaming by mistake and we need to be able to deal with it patiently each time it happens. Given that anybody can post to the Internet and social media, there are a plethora of bad examples out there and people may not realize they are doing anything wrong. But if our reactions appear too strong, we run the risk that they never learn and just continue doing the same thing somewhere else.

Thousands of messages have been exchanged, thousands of man hours consumed reviewing recent actions that have an impact on individual members. Would those decisions have been easier to defend, or mistakes more easily avoided, if human rights principles were involved more explicitly from the beginning?

Let's consider some of Debian's guiding principles, the Debian Free Software Guidelines, which relate to intellectual property. It turns out intellectual property is not a Silicon Valley buzzword, it is a human right, firmly enshrined in article 27 of the declaration. Gotcha. Debian has been promoting human rights all along when we make a distinction between code that belongs in main and code that belongs in non-free.

So why do we put the rights of users on a pinnacle like this but do so little to document and protect the rights of members and contributors?

Another significant topic of debate now is the right to be heard. It appears that the Debian account managers consider it acceptable to summarily expel members without giving a member any evidence and without respecting the member's right of reply.

The Debian account managers have acknowledged they operate this way.

Yet without hearing from a member, they run the risk of operating on incomplete or inaccurate evidence, making decisions that could both be wrong and bring the project into disrepute.

In fact, when evidence is taken in secret, without review by any party, including the accused, we run the risk of falling back to a situation where decisions are made based on egos rather than principles. Ironically, the Debian project's widely respected reproducible builds effort aims to ensure a malicious actor can't insert malicious code into a binary package. A disciplinary process operating without any oversight or transparency may be just as attractive for infiltration by the same malicious actors (name a state) who would infiltrate Debian's code. Fixing the process is just as imperative as the Reproducible Builds effort.

By jumping head-first into these processes, the account managers may have also failed to act on information related to other human rights. Imagine if they made the mistake of subjecting somebody to a degrading or humiliating interaction, such as "demotion", at a time of personal tragedy. Society at large would find such a proceeding and the outcome quite repulsive. It may be unreasonably harmful to the person concerned and do severe and avoidable damage to the overall relationship: there are many times when it would be completely inappropriate for Debian to blindly send a member a long written list of their perceived defects, with no trace of empathy or compassion. There is never a good time to start gossip about a member but at certain times, it may be even more outrageous to do so. How can Debian target a member like that at a time of vulnerability and then talk about being a "safe space"? Is sending emails like this an abusive practice itself?

Wouldn't it be paradoxical to see the Debian account managers taking action against a member accused of violating gender identity rights while simultaneously the account managers are failing to observe due process and violating another member's rights in a multitude of different ways?

In fact, the violation of rights in the latter case may be far more outrageous than what may be a blogger's mistake because it has occurred at an institutional level, rejecting every opportunity to meet the person in question for almost a year and multiple pleas to act humanely and consider facts.

We wouldn't dismiss Sage Sharp's gender identity rights as "minutiae", yet there is no doubt whatsoever that dismissing another member's circumstances as "minutiae" in this specific case was extraordinarily callous and grossly offensive. People wondering where mutual trust and respect was damaged may wish to focus on interactions like that and ignore everything said since then.

Is it right to pick and choose human rights when convenient and ignore them when it isn't convenient, even in the same decision making process? Or is that the very reason why there is now so much confusion and frustration?

So there is a new reason to heed the UN HRC's call to Stand up for human rights: doing so may help Debian roll back the current mistakes more quickly, avoid repeating them in future and avoid the reputation damage that would occur if a vote was taken on an issue that both contravenes a member's human rights and appears manifestly abusive and callous to society at large.

It is my view that any processes that started without respecting the rights of the member should be rolled back and furthermore, everything that has happened since those rights were violated can be disregarded as part of a process to re-establish mutual trust.

Links

tags: