A Code of Conduct Is Not Enough

This spring, a small group of volunteers organized !!Con (pronounced bang bang con), a two-day conference about “the excitement, joy, and surprise of programming.” We worked hard to make our conference as inclusive, safe, and welcoming as possible. It was free to attend. We had a gender-balanced organizing team. We did extensive, individually tailored outreach when soliciting talks, and we used an anonymous talk selection process; the result was an extraordinarily diverse lineup of speakers. At the event itself, we had real-time captioning of talks, a photography policy, gender-inclusive single-occupancy restrooms, food options to accommodate everyone, and no alcohol. We made a point of holding the conference at Hacker School, an established safe space, and we adopted the Hacker School social rules for our event.

Photo credit Julia Evans.

In spite of all these efforts, there were two reported violations of our code of conduct (CoC) at our tiny two-day conference with 120 attendees. Despite “doing everything right,” we failed to create a safe space for our attendees. How did we screw up?

Harassment still happens, even with a code of conduct

The push for adoption of anti-harassment policies at tech conferences has been a success: since 2010, hundreds of conferences have adopted an anti-harassment policy, many of them based on an example policy on the Geek Feminism wiki. Thanks in large part to anti-harassment policy advocacy by the Ada Initiative and other organizations, an anti-harassment policy is the done thing these days.

The introduction to the Geek Feminism wiki’s example policy states, “Simply having an anti-harassment policy can prevent harassment all by itself.” Indeed, the widespread adoption of conference codes of conduct is often considered a victory in its own right by tech culture activists.  

Unfortunately, it isn’t enough, and harassment at conferences continues. While it’s true that the existence of an anti-harassment policy or code of conduct can discourage the worst offenders from attending an event, or encourage some attendees to think more carefully about their behavior while there, we’ve seen firsthand that a code of conduct alone is not remotely sufficient to prevent all incidents of harassment and misconduct from occurring.

Don’t follow copy/paste culture

As many conferences do, we forked an existing conference’s code of conduct without many modifications. We posted a copy of our CoC on our website and briefly mentioned it at the beginning of the conference: “We have a code of conduct! Go read it.” We assumed, incorrectly, that all of the attendees of our tiny conference shared our values and knew why we had a CoC.

Having a token CoC that is never explicitly discussed is almost worse than no code of conduct at all. It tells conference-goers that you threw a CoC up on your website because doing so is expected, rather than as part of an intentional effort to define the culture of your event. Consider the all-too-common situation in which a conference’s CoC is publicly violated — for instance, by sexualized or gendered humor in a talk — but the violation is not publicly addressed. When this happens, it further reinforces the perception that the event only has a CoC because the organizers feel obligated to have one, or because they heard somewhere that it was important.

For us, spending even ten minutes in front of the entire conference articulating why we had a CoC, our thought process in creating it, and our hopes for how the CoC would define the culture of our event, would have been useful and informative. Ideally, doing so would have also made it easier for attendees to talk to each other and us about the code of conduct and the violations that occurred. There are other things that event organizers can do to make it clear that they take their own code of conduct seriously; for example, organizers could ask attendees (and organizers) to read and sign an event’s code of conduct as part of registering for the event.

Don’t ignore microaggressions

Marginalized people are used to microaggressions being a part of their everyday lives. To be in a space that is explicitly trying to deter microaggressions is novel to most attendees — marginalized and otherwise — and this needs to be spoken about explicitly. Yet it’s typical for CoCs to not mention microaggressions at all.

As organizers, we were very aware of this. We’ve all attended conferences whose anti-harassment policies only addressed overt harassment, and we’ve all experienced or seen microaggressions in those spaces anyway. For instance, a microaggression that women often encounter at a technical conference is the assumption that she is not part of the audience at whom the conference is primarily aimed — either she’s there in a non-technical capacity, or she’s “with someone there”. We attempted to explicitly address microaggressions like this one by incorporating Hacker School’s social rules into our code of conduct — these rules explicitly talk about a variety of microaggressions that can make a space feel less safe.

However, we didn’t do anything more. We didn’t do anything to explain to our attendees what a social rule violation looks like, or how to respond to it if they saw one. We could have done better by explicitly role-playing what a microaggression looks like and how a bystander could respond to it, and making it clear that microaggressions are considered CoC breaches that violators will be held accountable for.

Be clear about your values

Photo credit Leo Franchi.

One of the two known CoC violations at !!Con was reported directly to an organizer whose contact information was listed in our CoC. We learned of the other known violation indirectly because we were friends with the victim. We genuinely don’t know how many violations happened.

There’s a remarkable burden in asking people to report all incidents of misconduct or harassment to a designated organizer. In “Why didn’t you report it?”, s.e. smith discusses some of the many reasons why rape is underreported to law enforcement and campus officials: fear of reprisal, worries about not being believed, lack of faith in the authorities, and so on. In the setting of a conference, some of the same reasons for underreporting of CoC violations apply.

Especially when the organizers are not very clear about what they consider to be misconduct or a CoC violation, it makes the burden of reporting violations higher. Attendees are forced to speculate: “Will this organizer (who I don’t know, who I’ve never interacted with before) respond to my report seriously? Will they consider my report itself to be bad behavior?” At !!Con, we were not clear enough about our values to our attendees, which made it difficult for attendees to feel safe reporting violations to us.

As event organizers, we spend a lot of time thinking about and planning ways to make events as inclusive as possible, and then implementing those plans. We all know that inclusivity is one of our goals, and we all trust each other to prioritize it. But our attendees don’t necessarily know what our priorities are — after all, we are in many cases complete strangers to them. If a dry CoC document is the only artifact of all of our thinking about inclusivity, our attendees won’t know whether the inclusive aspects of the event were intentional choices we made, or just things that happened. We need to earn the trust of the people attending our event by telling them what choices we made and why. For instance, we had real-time captioning because there was a real need for it, not because it was fun (although it was tremendously fun). No alcohol, gender-neutral bathrooms, no Q&A, quiet rooms, and yes, our code of conduct — all these aspects of !!Con were choices we made explicitly for the benefit of our conference-goers. And we should have told them that.

Community accountability

Codes of conduct often put strong emphasis on the accountability of conference organizers. But this is only part of the picture: practically, we’ve found it is important for attendees themselves to play a role in developing the event’s culture, rather than having it all dictated, owned and enforced by organizers.

Hacker School’s social rules are an extraordinary example of bottom-up, community-driven accountability working together with top-down, organizer-enforced accountability. The social rules suggest: “If someone says, ‘hey, you just feigned surprise,’ or ‘that’s subtly sexist,’ don’t worry. Just apologize, reflect for a second, and move on.” The key here is acknowledging that mistakes will happen. The sting of a microaggression can be ameliorated by acknowledging the mistake, apologizing, and striving to not do it again (and to call other people on it when they do). Not all CoC violations should result in someone being kicked out of the conference, or require escalation to an organizer; some can be most effectively handled by a community process.

At !!Con, we tried to shoehorn this sense of community-building into our CoC by just including the Hacker School social rules wholesale, but we didn’t quite succeed (demonstrating again that culture isn’t something that can be copied and pasted). For this approach to work, we would have needed to educate attendees and actively foster an environment in which everybody is expected and allowed to remind each other of the social rules. An event that succeeds in doing this not only creates a better culture for all attendees, but it lightens the victim’s burden of speculating whether or not an incident is worth reporting to the organizers, and transmutes it into all attendees and organizers continually reflecting on our interactions with each other.

A code of conduct is not a replacement for culture

CoC violations sometimes will happen in spite of our best efforts. If we judge the success of our CoC (and of our event) by whether there are CoC violations, it will ultimately discourage reporting of violations, because nobody wants to be the one to have “ruined” the event by reporting. And that’s the opposite of what we want.

On the other hand, we absolutely do want to do everything we can to prevent misconduct in the first place. We don’t just want an event with fewer reported violations, we want an event with fewer violations, period.

A well-organized event, then, will in fact have two goals regarding misconduct:

• Make it easier to report misconduct.

• Make misconduct less likely.

Both goals are crucial. An event that emphasizes the second goal but not the first would be, for instance, one that doesn’t include contact information for organizers in its CoC, or one that doesn’t explain what will happen when misconduct is reported. Fluffy “be excellent to each other“-style CoCs can fall into this category.

Other conferences emphasize the first goal by listing in their CoC specific people to whom violations should be reported, and explaining the process by which the conference will respond to reported violations. This is the kind of CoC that !!Con had this year, and also the current accepted best practice for a CoC. However, making it easier to report misconduct is clearly not enough; we also need to work to make misconduct less likely in the first place. This second goal — that of making misconduct less likely — isn’t about the CoC document itself; it’s about how we talk about conduct with attendees, how we present the CoC to them, and what we do to create a culture in which people can be accountable to each other. It’s about being explicit about the culture of the space of the conference, and what is different about the conference’s space from the outside world.

A code of conduct is not a replacement for culture.