Seriously, y'all. If they make *you* uncomfortable, it is okay to make *them* uncomfortable. Think of it as a PSA for everyone on this subway car that would prefer not to be groped, and perhaps even a useful lesson for this *terribly misguided and confused* human.
Back in January 2015, I was fortunate to be able to attend the Ontario Ombudsman’s “Sharpening Yor Teeth” training program for administrative watchdogs. I’ve long been a fan of the Ontario Ombudsman’s Office’s work – from their meta-investigation of the Ontario Special Investigations Unit (itself a watchdog which investigates police misconduct), to the reforms they engendered in the lottery and gaming system, to their work on expanding access to vital cancer medications. I’m a bit of a nerd about this stuff — I’m pretty sure I was the only attendee who was there out of my own interest, rather than on behalf of an employer.
One of the key roles of an Ombudsman is to identify when issues are systemic rather than one-off cases. Australia’s Financial Ombudsman Service has a succinct definition of systemic issues — they are those which “will have an effect on people beyond the parties to a dispute.” The training I attended included a couple of hours on this topic, and a rubric for evaluating issues that came in through the triage process to determine whether or not they represented potentially systemic issues.
With this context, I was shocked to see the confidence with which Uber board member Arianna Huffington declared that the company’s sexual harassment issues were not systemic. If you haven’t seen it already, watch this interview with her. It’s… honestly just appalling. She claims to have talked to “hundreds” of women at Uber, and when asked at the end if there is anything that would make her consider that Travis isn’t fit for the job, her answer is a clear “no”.
It is deeply inappropriate for Huffington to be making this assessment before the investigation that she’s overseeing (but ostensibly not part of?) is completed. Based on what’s been reported in the press, and what friends have been saying behind closed doors for years, I feel confident in saying that she is wrong to be drawing that conclusion at this juncture. She is also undermining any chance of credibility that the actual investigation has, by conflating her own… research? meddling? whatever she’s doing… with the investigation itself.
But you don’t need to just listen to me. To confirm my gut feeling, I decided to apply the Ombudsman’s rubric to what is known about the situation at Uber. The parts in bold are more or less verbatim from the course notes; there isn’t a copy online, but there’s a shorter version in an essay by the former Ombudsman at this link. Or if you’ve got CAD$124 burning a hole in your pocket, you may be interested in “Conducting Administrative, Oversight & Ombudsman Investigations,” but you’re probably not as much of a weirdo as me and therefore haven’t asked for that book for your birthday. ANYWAY, on to the rubric:
Lots of ink has been spilled on Uber’s gender issues both before and in the wake of Susan Fowler’s post. Joey deVilla has an extensive and colourful roundup of the history of Uber’s malfeasance, gender and otherwise, here.
Does the case have systemic implications?
Some of the factors to consider in determining if an issue has systemic implications or not are:
- Are there a number of similar complaints? We have Fowler’s account, and, well, real talk here – the Silicon Valley women’s backchannel has had stories like hers going around for years. I don’t know of a single woman engineer who was surprised by Fowler’s story – what many were surprised by was that anyone listened this time.
- Are there obvious systemic issues? HR’s (mis)handling of Fowler’s complaints just screams “obvious systemic issues” to me.
- Does the issue encompass a range of policies/processes? At a rough guess, I’d say – HR, recruiting, engineering management – so yes.
- Does it affect a lot of people? It certainly sounds like it has both within Uber as an organization and also outside – there are plenty of stories going around about crappy, biased engineering recruiting experiences at Uber. And that’s without even touching on how they treat drivers, or passengers who’ve had issues with sexual harassment/assault by drivers. So yes.
Is the issue sensitive and/or high-profile?
This is an easy one. A Google News search for “uber sexual harassment” returns nearly half a million results. Definitely high-profile.
Is an investigation in [the organization’s] interest?
In the Ombudsman’s rubric, this question is asked about the public interest rather than the organization’s interest – I’ve modified the rubric a bit to apply to a private entity. Factors to consider in determining interest include:
- Is the alleged injustice so egregious (on the face of it) that an investigation is
clearly necessary? I’d say yes, here.
- What other organizations are involved or investigating? I expect that entities such as the EEOC have this issue on their radar, and they definitely will if employees file formal complaints.
- Is it a matter of public discussion? Yup we’ve definitely got that one covered, that’s for sure.
- Will the case likely result in significant recommendations for change if the
complaint is substantiated? The HR processes that Fowler describes are profoundly broken and indicate substantial failures in organizational leadership. I’d sure hope that it becomes clear that significant change is needed.
Will the fact-gathering process be complex or protracted?
This is the one where Huffington’s statements really fall on the floor, as her rush to judgement makes it clear that either any investigation that’s taken place so far has been utterly biased (not that this is going to surprise anyone) or that she’s quite simply talking out of her posterior. Some factors that lead to thinking this needs to be treated as a systemic issue include that there are clearly facts in dispute, many potential witnesses will need to be interviewed, and many documents need to be assessed – starting with the entire record of Fowler’s correspondence with HR. And finally, multiple parts of the Uber organization need to be involved (HR and engineering management, to start with).
Will the investigation be a judicious use of resources?
This is less of an issue for a billion-dollar “unicorn” startup than it would be for a resource-constrained public service Ombudsman’s office. Uber has millions in the bank, and can easily afford a proper independent investigation. The cost of not properly investigating could potentially include: additional sexual harassment lawsuits down the road that could have been prevented, responding to independent investigations from organizations such as the EEOC or Department of Justice, an inability to hire engineers and other key employees, and the harm to current and former Uber employees’ career prospects as Uber becomes a toxic stain on their resumes.
Is there any potential to resolve the issue(s) informally?
It is clear from Fowler’s post that she made heroic efforts to have her mistreatment addressed through appropriate, pre-existing formal channels. Since it is amply evident that that didn’t work, informal resolution isn’t appropriate in this case.
Based on the Ontario Ombudsman’s rubric, the gender issues at Uber clearly meet the bar for a potential systemic issue worthy of deep investigation. In cases like that, a truly independent investigation is in order — not one conducted by a board member who has spoken dismissively of the issues. Last summer in our No More Rock Stars post about fighting systemic abuse in tech organizations, Valerie, Mary and I wrote that combating abuse in organizations requires “[starting] with the assumption that harassment reports are true and investigat[ing] them thoroughly“, and Huffington’s dismissal of Fowler’s complaint as a non-systemic issue violates that principle. The principle is not about “assuming guilt” but about thoroughness. It is about diligent, methodical, rigorous follow-up. Which I wholeheartedly hope Eric Holder’s investigation will involve, although I’ll be skeptical until I see it.
I think anyone who thinks for a second about awards -- assuming the judgment is carried out in good faith -- says, well, it's to reward excellence. Yup! But what are the particular ways an award rewards excellence, and when might an award be a useful tool to wield?
Let's say you are an organization and you genuinely want to celebrate and encourage some activity or principle, because you think it's important and there's not enough of it, particularly because there are so many norms and logistical disincentives pushing to reduce it. For example, you might want to encourage altruistic resistance. Let's say your organization already has a bunch of ongoing processes, like teaching or making products or processing information, and maybe you make some changes in those processes to increase how likely it is that you're encouraging altrustic resistance, but that isn't really apparent to the world outside your doors in the near term, and the effects take a while to percolate out.
So maybe you could set up an award. An award can:
- get publicity for the idea that altruistic resistance is a thing to celebrate
- help one specific person or group who's currently practicing altruistic resistance keep going, with money and attention, and make a big difference to their stamina and effectiveness
- maybe bring attention to a list of finalists and help their work get more coverage
- ensure the award administrators (and any judging committee involved) and, to a lesser extent, the reporters covering the award, will spend time thinking about the importance of altruistic resistance
- cause a bunch of people to think "hmm, whom should I nominate?" and write a couple paragraphs about why their work is good and award-worthy (and, by causing that writing, also solidify the nominators' commitment to respecting and rewarding altruistic resistance)
- demonstrate your institutional commitment to altruistic resistance, potentially sending a hard-to-ignore message to your future self to guide future decisions
And if an award keeps going and catches on, then people start using it as a shorthand for a goal. New practitioners can dream of winning the acclamation that a Pulitzer, a Nobel, a Presidential Medal of Freedom carries. If there's an award for a particular kind of excellence, and the community keeps records of who wins that award, then in hard moments, it can be easier for a practitioner to think of that roll call of heroes and say to herself in hard moments, "keep on going". We put people on pedestals not for them, but for us, so it's easier for us to see them and model ourselves after them.
So, all awards are simplistic summative judgments, but if the problem is that we need to balance the scales a bit, maybe it'll help anyway.
Nalo Hopkinson is doing it via the Lemonade Award for kindness in the speculative fiction community. The Tiptree Award does it for the expansion & exploration of gender. Open Source Bridge does it for community-making in open source with the Open Source Citizenship Award for "someone who has put in extra effort to share knowledge and make the open source world a better place."* It's worth considering: in your community, do people lack a way to find and celebrate a particular sort of excellence? You have a lot of tools you could wield, and awards are one of them.
* I realized today that I don't think the list of past Open Source Citizenship Award recipients is in one place anywhere! Each of these people was honored with a "Truly Outstanding Open Source Citizen" medal or plaque by the Open Source Bridge conference to celebrate our engagement "in the practice of an interlocking set of rights and responsibilities."
The Linux Security Modules (LSM) API provides security hooks for all security-relevant access control operations within the kernel. It’s a pluggable API, allowing different security models to be configured during compilation, and selected at boot time. LSM has provided enough flexibility to implement several major access control schemes, including SELinux, AppArmor, and Smack.
A downside of this architecture, however, is that the security hooks throughout the kernel (there are hundreds of them) increase the kernel’s attack surface. An attacker with a pointer overwrite vulnerability may be able to overwrite an LSM security hook and redirect execution to other code. This could be as simple as bypassing an access control decision via existing kernel code, or redirecting flow to an arbitrary payload such as a rootkit.
Minimizing the inherent security risk of security features, is, I believe, an essential goal.
Recently, as part of the Kernel Self Protection Project, support for marking kernel pages as read-only after init (ro_after_init) was merged, based on grsecurity/pax code. (You can read more about this in Kees Cook’s blog here). In cases where kernel pages are not modified after the kernel is initialized, hardware RO page protections are set on those pages at the end of the kernel initialization process. This is currently supported on several architectures (including x86 and ARM), with more architectures in progress.
It turns out that the LSM hook operations make an ideal candidate for ro_after_init marking, as these hooks are populated during kernel initialization and then do not change (except in one case, explained below). I’ve implemented support for ro_after_init hardening for LSM hooks in the security-next tree, aiming to merge it to Linus for v4.11.
Note that there is one existing case where hooks need to be updated, for runtime SELinux disabling via the ‘disable’ selinuxfs node. Normally, to disable SELinux, you would use selinux=0 at the kernel command line. The runtime disable feature was requested by Fedora folk to handle platforms where the kernel command line is problematic. I’m not sure if this is still the case anywhere. I strongly suggest migrating away from runtime disablement, as configuring support for it in the kernel (via CONFIG_SECURITY_SELINUX_DISABLE) will cause the ro_after_init protection for LSM to be disabled. Use selinux=0 instead, if you need to disable SELinux.
It should be noted, of course, that an attacker with enough control over the kernel could directly change hardware page protections. We are not trying to mitigate that threat here — rather, the goal is to harden the security hooks against being used to gain that level of control.