When I met Empower Work founder Jaime-Alexis this spring, I wasn’t surprised by her research. Across over 200+ survey responses and more than 200 in-depth interviews, data confirmed that while workplace challenges were nearly universal — and extremely difficult — accessible resources to navigate them don’t exist. (Check out some of her research to delve into the backstory.)
Empower Work is a creative new approach to providing support at critical work moments. Anyone in the U.S. can connect with a trained peer counselor via text or web chat. When you’re questioning what you may be facing (is this normal in a workplace?), how you might want to handle it, and whether there might be other resources, Empower Work is there.
They’ve moved from research to pilot to supporting people across 42 states in under a year – pretty amazing. Their service intentionally has no barrier to entry – cost or otherwise. When you’re worried you may be fired in 15 min, or you’ve just been bullied in a meeting and aren’t sure where to turn, or you need to make a decision about an offer by end of day, they’re there.
They partner with professional and affinity groups across the country to provide support in particular for less-resourced or less-represented communities – from Year Up to Tech Ladies. Their work has been featured in TechCrunch, Quartz, Fast Company and more. We must change how we support people in workplaces, and it’s great to see them get recognition that this is the case.
I believe in their mission and their work, which is why I’m personally matching all donations between now and December 21st, up to $2,000. They’ve got a big goal to raise $25,000 by December 31st. I hope you’ll chip in what you can to help them scale up to serve tens of thousands of working people in 2019.
It’s been two weeks since the smoke from the fire finally cleared and San Francisco was drenched in rain. I’d never experienced air pollution like it – the 2017 fires were bad, but this year’s smoke settled over the city like an unwelcome houseguest.
What I didn’t expect was that even all this time later, I’m just starting to come out of the fog of the smoke myself. It hit me harder than I expected – the combination of being unable to go outside during the day right as the clocks changed left me feeling like “oh, it’s bedtime” right as soon as the sun set… at 5PM.
I did all the right things – I got an air purifier, minimized time outside and consistently wore a mask when I did, and ultimately left town for a couple days when the smoke was at its worst. I was fortunate to be able to afford to do all the “right” things – and I was still a mess, and it still hit me harder than I even realized when I was in the thick of it, and took much longer to recover from.
This probably could have just been a couple of tweets but I wanted to write it out to remind myself of how I felt if the fires (and smoke) hit again next year – both for myself as a reminder of how bad it was, and for others, too. Bay Area friends, know that if you’ve been feeling like shit this fall, you’re not alone and you’re not weird. It’s been rough, even as a generally pretty physically healthy person (albeit with mild asthma – a visit I had to the pulmonologist today reminded me to write this post). I’ve been thinking, too, of this smart twitter thread about disability, denial, and the smoke:
re: the fires/smoke. a lot of my friends have been reflecting on the deep denial lots of folks are in, just going around doing normal ass things like this is an acceptable way to live (eating outdoors, jogging, etc), and the level of alienation from one's body that requires
I am deeply lucky to only have had to deal with the smoke’s effects on my lungs and my brain. Nearly 100 people lost their lives, more are still missing, and thousands of people are now homeless – climate refugees in California, a state in perpetual housing crisis. My post-election worry that the federal government would bungle aid to natural disasters in California proved somewhat true – enough to make me feel justified about having checked off some of the Wirecutter’s disaster preparedness list a while back. Raking the leaves isn’t going to save us from climate change. But at least for now, for those currently still dealing with the aftermath, you can make tax-deductible donations to fire relief efforts via the North Valley Community Foundation here.
As part of launching my new company Tall Poppy, I’ve been getting to know other organizations who are doing anti-harassment and anti-abuse work – from Empower Work’s high-impact SMS-based counselling on tough workplace issues, to Anxiety Gaming’s work on mental health in the gamer community, to Citizen Lab’s interactive online security guide, Security Planner.
Over the past year, I’ve had the good fortune to get to know the founders of BetterBrave. I edited their Guide for Allies and have otherwise been supporting their work where I could. BetterBrave provides essential tools to people facing workplace harassment. They have produced up-to-date, plain-language legal guides – including detailed information about the sometimes very short timeframes targets have to report harassment. They also offer referrals to attorneys, therapists, and other experts to people facing workplace harassment.
Tammy and Grace, the cofounders of BetterBrave, conducted over a hundred hours of interviews in developing the guides on the site. Their guides have even been signal-boosted by whistleblower Susan Fowler:
This is a guide to how to handle sexual harassment. It's the best one I've seen. Please read and share widely: https://t.co/VOWOOtronb
This August, BetterBrave is hoping to raise $25,000 to support their efforts over the next year. While I’m running pretty lean these days, this work is incredibly important to me so I am making a matching challenge: I will match up to $1,000 in donations to BetterBrave made before August 31st. You can donate at this link, or tweet your donation receipts to me!
Donations are tax deductible as BetterBrave is fiscally sponsored by the Philanthropic Ventures Foundation, EIN 94-3136771. And don’t forget to get your employer to match your donation if that’s a thing they offer – just note in the match form that the donation is designated for BetterBrave.
This post no longer updated as of February 2018. I’ve put an updated and reorganized version of this post on a dedicated page accessible at hypatia.ca/safety – please link to that going forward.
It seems we’re about due for another round of Shitty Infosec Dude Gets Outed As A Predator. If you don’t know what I’m talking about, I’ll link to it when stories appear. In this case, I’m referring to Morgan Marquis-Boire. Having been through this myself last year, I want to stand in solidarity with other survivors, as well as to ask journalists to not be fucking assholes.
Some things I learned as a survivor coming forward:
Coming forward is a HUGE step towards protecting other people. If you’ve done so willingly, thank you for your profound courage. We talk a lot in infosec about whistleblowers, but you should know that you are a goddamn whistleblower too. If your story has been told without your consent, I know that that’s a wretched retraumatizing experience and I am so sorry – but please do know that it’s not without impact and WILL keep other people safe in the future.
Carefully vet the reporters you talk to. I have personally worked with and trust the security practices and sensitivity to survivors of Sarah Jeong, Selena Larson, Kate Conger, Cyrus Farivar, and Jessica Guynn – journalists who are covering this, feel free to reach out and if I trust you and think it’s appropriate I will add you here. There is at least one male journalist sniffing around about this who I have personally seen mistreat women. Approach with caution. Another good tactic here is to ask if they’ve previously covered sexual assault and/or sexism in tech and ask for press clippings of previous coverage.
If you’re talking to the press, email interviews are a great hack. You get the time to consider what to say and make sure that it won’t open you up to litigation, you can just decline to answer some of the questions (because cripes, the questions people will ask you…). Working over email also lets you run your responses by a trusted and hopefully less-traumatized friend to make sure they’re unambiguous and don’t reveal more than you intend.
Some useful language re: the press. Know the difference between these terms, and get the reporter you’re talking to to agree to the one you prefer before you say anything:
On the record: can be published, can be attributed to you by name
Off the record: can’t be published, can’t be attributed to you by name
On background: can be quoted or paraphrased and used as a story detail without direct attribution but with a vague organizational affiliation, eg. “a person in the White House who was not authorized to speak to the press” – this is the usual “anonymous source” mode
On deep background, not for attribution: can be quoted or paraphrased and used as a story detail without any attribution
When you want to say something on either “background” and “deep background,” it’s useful to give a clear definition of what you mean, just so you’re both on the same page. The definitions given above are commonly used. If you want, copy/paste those exact sentences into the email with the reporter so you’re unmistakably clear about your boundaries.
You can ask for anonymity. You can ask for press time to be delayed. You can negotiate anything as long as you do it before you give the quote. If you have conditions, make sure your agreement is hashed out in advance. Journalists are not bound to conditions imposed after the fact.
If the reporter is working for a magazine, sometimes they will ask you for a phone number so that a fact-checker can call you. Don’t be freaked out: this is common practice and doesn’t mean you’re going to be de-anonymized. Incidentally: the fact-checker is not obligated to read back to you verbatim what’s going to be in the piece, but you will get a sense of what’s going to end up in the piece based the questions they do ask.
Again, if this freaks you out, negotiate a different process before you give the quote, such as doing the fact-checking over email.
You can do things like “anything below this line is on the record” or “anything in italics is off the record” – just get an agreement in writing with the journalist as to the shared format
The rules around on the record / off the record / not for attribution / anonymity and so on are built to give journalists flexibility in dealing with sources who have power, like the PR divisions of major corporations. If a journalist pushes the outer bound of ethics really far with a victim, that has entirely different consequences than doing that to a company. Keep in mind that corporations and government sources negotiate these kinds of terms with journalists all the time, and very aggressively: there’s no reason why they shouldn’t be in your toolkit too.
It is up to you whether this is a good time or not to be open to hearing from other victims. Last summer, I noted in my post that I wasn’t ready to listen to other survivors’ stories, and directed folks to appropriate counselling resources. Almost everyone respected this, for which I was grateful. It gave me time and space to process going public without being retraumatized by trying to help others process their own experiences. I have since spoken with many other survivors (of the same assailant and others) and it has been a very important part of my healing process, but it was important to me to take the time to just process the media drama with close and trusted friends, and my therapist, first.
I was fortunate to have access to good pro bono legal advice and some familiarity of my own with the laws around defamation. You probably want to find a lawyer to talk to (it’s worth paying money for if you can’t find someone to talk to you for free). Local domestic violence shelters and rape crisis hotlines may be able to help here with referrals. Remember that lawyers tend to be conservative due to the nature of their work; “this could get you sued” is not the same as “this WILL get you sued”. Sometimes the risk is worth it. The other thing to look are the “anti-SLAPP” laws in your jurisdiction – some of them have language that specifically deals with the right to speak out about one’s own experiences with DV or sexual assault.
Now I’m not actually an expert on how reporters should treat survivors of sexual violence, so I’ll mainly link to some excellentexisitingguides. Please comment or ping me if you have resources I should add. But what I will note is a few things I learned from my experience last year:
If you’re sleeping with the perpetrator, don’t report on this story. The disgrace to the profession of journalism I’m subtweeting here knows who she is.
Don’t name victim’s employers unless it’s actually relevant to the reporting. William Turton did this to me last year. He never reached out to me for comment about my report of harassment, just went straight to naming my employer in his article. Gross.
I’m going to write more here soon including some of the more egregious Bad Questions I got asked but wanted to get this posted for survivors first.
We’re thrilled with the recenttrendtowards sexual harassment in the tech industry having actual consequences – for the perpetrator, not the target, for a change. We decided it was time to write a post explaining what we’ve been calling “the Al Capone Theory of Sexual Harassment.” (We can’t remember which of us came up with the name, Leigh or Valerie, so we’re taking joint credit for it.) We developed the Al Capone Theory over several years of researching and recording racism and sexism in computer security, open source software, venture capital, and other parts of the tech industry. To explain, we’ll need a brief historical detour – stick with us.
As you may already know, Al Capone was a famous Prohibition-era bootlegger who, among other things, ordered murders to expand his massively successful alcohol smuggling business. The U.S. government was having difficulty prosecuting him for either the murdering or the smuggling, so they instead convicted Capone for failing to pay taxes on the income from his illegal business. This technique is standard today – hence the importance of money-laundering for modern successful criminal enterprises – but at the time it was a novel approach.
The U.S. government recognized a pattern in the Al Capone case: smuggling goods was a crime often paired with failing to pay taxes on the proceeds of the smuggling. We noticed a similar pattern in reports of sexual harassment and assault: often people who engage in sexually predatory behavior also faked expense reports, plagiarized writing, or stole credit for other people’s work. Just three examples: Mark Hurd, the former CEO of HP, was accused of sexual harassment by a contractor, but resigned for falsifying expense reports to cover up the contractor’s unnecessary presence on his business trips. Jacob Appelbaum, the former Tor evangelist, left the Tor Foundation after he was accused of both sexual misconduct and plagiarism. And Randy Komisar, a general partner at venture capital firm KPCB, gave a book of erotic poetry to another partner at the firm, and accepted a board seat (and the credit for a successful IPO) at RPX that would ordinarily have gone to her.
Then we realized what the connection was: all of these behaviors are the actions of someone who feels entitled to other people’s property – regardless of whether it’s someone else’s ideas, work, money, or body. Another common factor was the desire to dominate and control other people. In venture capital, you see the same people accused of sexual harassment and assault also doing things like blacklisting founders for objecting to abuse and calling people nasty epithets on stage at conferences. This connection between dominance and sexual harassment also shows up as overt, personal racism (that’s one reason why we track both racism and sexism in venture capital).
So what is the Al Capone theory of sexual harassment? It’s simple: people who engage in sexual harassment or assault are also likely to steal, plagiarize, embezzle, engage in overt racism, or otherwise harm their business. (Of course, sexual harassment and assault harms a business – and even entire fields of endeavor – but in ways that are often discounted or ignored.) Ask around about the person who gets handsy with the receptionist, or makes sex jokes when they get drunk, and you’ll often find out that they also violated the company expense policy, or exaggerated on their résumé, or took credit for a colleague’s project. More than likely, they’ve engaged in sexual misconduct multiple times, and a little research (such as calling previous employers) will show this, as we saw in the case of former Uber and Google employee Amit Singhal.
Organizations that understand the Al Capone theory of sexual harassment have an advantage: they know that reports or rumors of sexual misconduct are a sign they need to investigate for other incidents of misconduct, sexual or otherwise. Sometimes sexual misconduct is hard to verify because a careful perpetrator will make sure there aren’t any additional witnesses or records beyond the target and the target’s memory (although with the increase in use of text messaging in the United States over the past decade, we are seeing more and more cases where victims have substantial written evidence). But one of the implications of the Al Capone theory is that even if an organization can’t prove allegations of sexual misconduct, the allegations themselves are sign to also urgently investigate a wide range of aspects of an employee’s conduct.
Some questions you might ask: Can you verify their previous employment and degrees listed on their résumé? Do their expense reports fall within normal guidelines and include original receipts? Does their previous employer refuse to comment on why they left? When they give references, are there odd patterns of omission? For example, a manager who doesn’t give a single reference from a person who reported to them can be a hint that they have mistreated people they had power over.
Another implication of the Al Capone theory is that organizations should put more energy into screening potential employees or business partners for allegations of sexual misconduct before entering into a business relationship with them, as recently advocated by LinkedIn cofounder and Greylock partner Reid Hoffman. This is where tapping into the existing whisper network of targets of sexual harassment is incredibly valuable. The more marginalized a person is, the more likely they are to be the target of this kind of behavior and to be connected with other people who have experienced this behavior. People of color, queer people, people with working class jobs, disabled people, people with less money, and women are all more likely to know who sends creepy text messages after a business meeting. Being a member of more than one of these groups makes people even more vulnerable to this kind of harassment – we don’t think it was a coincidence that many of the victims of sexual harassment who spoke out last month were women of color.
What about people whose well-intentioned actions are unfairly misinterpreted, or people who make a single mistake and immediately regret it? The Al Capone theory of sexual harassment protects these people, because when the organization investigates their overall behavior, they won’t find a pattern of sexual harassment, plagiarism, or theft. A broad-ranging investigation in this kind of case will find only minor mistakes in expense reports or an ambiguous job title in a resume, not a pervasive pattern of deliberate deception, theft, or abuse. To be perfectly clear, it is possible for someone to sexually harass someone without engaging in other types of misconduct. In the absence of clear evidence, we always recommend erring on the side of believing accusers who have less power or privilege than the people they are accusing, to counteract the common unconscious bias against believing those with less structural power and to take into account the enormous risk of retaliation against the accuser.
Some people ask whether the Al Capone theory of sexual harassment will subject men to unfair scrutiny. It’s true, the majority of sexual harassment is committed by men. However, people of all genders commit sexual harassment. We personally know of two women who have sexually touched other people without consent at tech-related events, and we personally took action to stop these women from abusing other people. At the same time, abuse more often occurs when the abuser has more power than the target – and that imbalance of power is often the result of systemic oppression such as racism, sexism, cissexism, or heterosexism. That’s at least one reason why a typical sexual harasser is more likely to be one or all of straight, white, cis, or male.
What does the Al Capone theory of sexual harassment mean if you are a venture capitalist or a limited partner in a venture fund? Your first priority should be to carefully vet potential business partners for a history of unethical behavior, whether it is sexual misconduct, lying about qualifications, plagiarism, or financial misdeeds. If you find any hint of sexual misconduct, take the allegations seriously and step up your investigation into related kinds of misconduct (plagiarism, lying on expense reports, embezzlement) as well as other incidents of sexual misconduct.
Because sexual harassers sometimes go to great lengths to hide their behavior, you almost certainly need to expand your professional network to include more people who are likely to be targets of sexual harassment by your colleagues – and gain their trust. If you aren’t already tapped into this crucial network, here are some things you can do to get more access:
Seek out opportunities to meet, socialize with, and sponsor targets of oppression
These are all aspects of ally skills – concrete actions that people with more power and privilege can take to support people who have less.
Finally, we’ve seen a bunch of VCs pledging to donate the profits of their investments in funds run by accused sexual harassers to charities supporting women in tech. We will echo many other women entrepreneurs and say: don’t donate that money, invest it in women-led ventures – especially those led by women of color.
For the fourth year in a row, I’ll be teaching a free Ally Skills workshop the week of Security Summer Camp. Previous years have been a lot of fun, and I’m looking forward to once again not attending Defcon but still doing my part to make security a better place for underrepresented people.
The Ally Skills workshop teaches concrete skills to fight biases like sexism, racism, and transphobia through a (very) short talk followed by a series of scenarios that are discussed in small groups. There’s no awkward role-playing, and people are always surprised by how much fun it is. This isn’t a tedious legally mandated workshop, it’s a practical set of tools that you’ll use in your every day work and life.
The workshop will be on Saturday from 1-3 in a suite at Caesar’s Palace, graciously provided by the fine folks at Atredis Partners.
If you’re interested, please sign up here. I’ll be in touch a week or so before to confirm your attendance.
Again the workshop is free, but if you like the work I do, I always appreciate folks donating to the ACLU (disclosure: I work there, but this is on my own time and I’m paying my own way to Vegas) or Equal Rights Advocates.
In a couple of weeks, I will be joining the ACLU’s Project on Speech, Privacy and Technology as a Technology Fellow. I will be working on activist issues near and dear to my heart – encryption, surveillance, and privacy rights that are facing renewed threat under the new administration. I am so excited to get to apply my decade of work in the security industry to helping shape conversations and policies on these topics.
More so than ever before, cyber security issues are at the forefront of public conversations about freedom and democracy. In my time on the Patch Tuesday team at Microsoft, doing incident response at Salesforce, and most recently at Slack, I have learned a lot about the nuts and bolts of how security is practiced in the real world – and how to communicate about it with the public. I further honed those skills through my work as an advisor to the Ada Initiative, the creator of the neveragain.tech pledge, and in providing behind-the-scenes security assistance to activists and public figures. Building on this foundation, I am looking forward to being an outspoken and effective advocate for our digital rights during the year of my fellowship and beyond.
My role will include collaborating with the ACLU’s lawyers and other staff to identify, understand, and potentially litigate issues related to security, technology, and civil liberties. I am also looking forward to working with journalists as a source for commentary on security and privacy issues. Please feel free to reach out to me via email (leigh at hypatia dot ca) or Twitter DM for my Signal number. My PGP key is also available here.
I am deeply grateful for and proud of my two years at Slack and will miss everyone a bunch (though I’m not going far – I’ll be working out of the San Francisco ACLU office). I was the third security employee at Slack, and helped grow and evolve the team over the past two years, eventually becoming manager of our incident response team. Early in my time at Slack, I worked to streamline and improve our highly successfulbug bounty program and update our security documentation. I got to interview my boss Geoff before we hired him as our first CSO. I worked with colleagues to build a next-generation secure development process, and most recently my work has focused on hiring and building our incident response practice. I’m happy to be able to help hire our next incident response leader in my last couple of weeks at the company – you can check out the job description and apply here, and I would be glad to talk about the role and my time at Slack with interested candidates.