Some advice for survivors and those writing about them

wheatpasted street art. on the left, text in all caps stating "your heart is a weapon the size of your fist keep loving keep fighting". on the right a white drawing of a hand holding a heart on a black background.

It seems we’re about due for another round of Shitty Infosec Dude Gets Outed As A Predator. If you don’t know what I’m talking about, I’ll link to it when stories appear. In this case, I’m referring to Morgan Marquis-Boire. Having been through this myself last year, I want to stand in solidarity with other survivors, as well as to ask journalists to not be fucking assholes.

Some things I learned as a survivor coming forward:

  • Coming forward is a HUGE step towards protecting other people. If you’ve done so willingly, thank you for your profound courage. We talk a lot in infosec about whistleblowers, but you should know that you are a goddamn whistleblower too. If your story has been told without your consent, I know that that’s a wretched retraumatizing experience and I am so sorry – but please do know that it’s not without impact and WILL keep other people safe in the future.
  • Lock your online stuff down as best as you can. Here’s an extensive guide I wrote much of which covers security stuff as well as physical threats like SWATting, and here’s a short one that covers the computery essentials. The even shorter version: use a password manager to set up unique passwords on key accounts, and enable two-factor auth on your email/Facebook/Twitter.
  • Carefully vet the reporters you talk to. I have personally worked with and trust the security practices and sensitivity to survivors of Sarah Jeong, Selena LarsonKate CongerCyrus Farivar, and Jessica Guynn – journalists who are covering this, feel free to reach out and if I trust you and think it’s appropriate I will add you here. There is at least one male journalist sniffing around about this who I have personally seen mistreat women. Approach with caution. Another good tactic here is to ask if they’ve previously covered sexual assault and/or sexism in tech and ask for press clippings of previous coverage.
  • If you’re talking to the press, email interviews are a great hack. You get the time to consider what to say and make sure that it won’t open you up to litigation, you can just decline to answer some of the questions (because cripes, the questions people will ask you…). Working over email also lets you run your responses by a trusted and hopefully less-traumatized friend to make sure they’re unambiguous and don’t reveal more than you intend.
  • Some useful language re: the press. Know the difference between these terms, and get the reporter you’re talking to to agree to the one you prefer before you say anything:
    • On the record: can be published, can be attributed to you by name
    • Off the record: can’t be published, can’t be attributed to you by name
    • On background: can be quoted or paraphrased and used as a story detail without direct attribution but with a vague organizational affiliation, eg. “a person in the White House who was not authorized to speak to the press” – this is the usual “anonymous source” mode
    • On deep background, not for attribution: can be quoted or paraphrased and used as a story detail without any attribution
      • When you want to say something on either “background” and “deep background,” it’s useful to give a clear definition of what you mean, just so you’re both on the same page. The definitions given above are commonly used. If you want, copy/paste those exact sentences into the email with the reporter so you’re unmistakably clear about your boundaries.
    • You can ask for anonymity. You can ask for press time to be delayed. You can negotiate anything as long as you do it before you give the quote. If you have conditions, make sure your agreement is hashed out in advance. Journalists are not bound to conditions imposed after the fact.
    • If the reporter is working for a magazine, sometimes they will ask you for a phone number so that a fact-checker can call you. Don’t be freaked out: this is common practice and doesn’t mean you’re going to be de-anonymized. Incidentally: the fact-checker is not obligated to read back to you verbatim what’s going to be in the piece, but you will get a sense of what’s going to end up in the piece based the questions they do ask.
      • Again, if this freaks you out, negotiate a different process before you give the quote, such as doing the fact-checking over email.
    • You can do things like “anything below this line is on the record” or “anything in italics is off the record” – just get an agreement in writing with the journalist as to the shared format
    • The rules around on the record / off the record / not for attribution / anonymity and so on are built to give journalists flexibility in dealing with sources who have power, like the PR divisions of major corporations. If a journalist pushes the outer bound of ethics really far with a victim, that has entirely different consequences than doing that to a company. Keep in mind that corporations and government sources negotiate these kinds of terms with journalists all the time, and very aggressively: there’s no reason why they shouldn’t be in your toolkit too.
  • It is up to you whether this is a good time or not to be open to hearing from other victims. Last summer, I noted in my post that I wasn’t ready to listen to other survivors’ stories, and directed folks to appropriate counselling resources. Almost everyone respected this, for which I was grateful. It gave me time and space to process going public without being retraumatized by trying to help others process their own experiences. I have since spoken with many other survivors (of the same assailant and others) and it has been a very important part of my healing process, but it was important to me to take the time to just process the media drama with close and trusted friends, and my therapist, first.
  • Therapy is great and has been an essential part of being resilient in the face of garbage fires like you’re going through. If you’re employed, your work may have an EAP that will get you a therapist with minimal fuss. If it’s not covered by your insurance Captain Awkward has a guide to locating low-cost mental health services in the US and Canada, and a newer post on other free and low-cost mental health resources.
  • I was fortunate to have access to good pro bono legal advice and some familiarity of my own with the laws around defamation. You probably want to find a lawyer to talk to (it’s worth paying money for if you can’t find someone to talk to you for free). Local domestic violence shelters and rape crisis hotlines may be able to help here with referrals. Remember that lawyers tend to be conservative due to the nature of their work; “this could get you sued” is not the same as “this WILL get you sued”. Sometimes the risk is worth it. The other thing to look are the “anti-SLAPP” laws in your jurisdiction – some of them have language that specifically deals with the right to speak out about one’s own experiences with DV or sexual assault.

Now I’m not actually an expert on how reporters should treat survivors of sexual violence, so I’ll mainly link to some excellent exisiting guides. Please comment or ping me if you have resources I should add. But what I will note is a few things I learned from my experience last year:

  • If you’re sleeping with the perpetrator, don’t report on this story. The disgrace to the profession of journalism I’m subtweeting here knows who she is.
  • Don’t name victim’s employers unless it’s actually relevant to the reporting. William Turton did this to me last year. He never reached out to me for comment about my report of harassment, just went straight to naming my employer in his article. Gross.
  • I’m going to write more here soon including some of the more egregious Bad Questions I got asked but wanted to get this posted for survivors first.

Finally, some resources for horrified bystanders:

The Al Capone theory of sexual harassment

This post was co-authored by Valerie Aurora and Leigh Honeywell and cross-posted on both of our blogs.

We’re thrilled with the recent trend towards sexual harassment in the tech industry having actual consequences – for the perpetrator, not the target, for a change. We decided it was time to write a post explaining what we’ve been calling “the Al Capone Theory of Sexual Harassment.” (We can’t remember which of us came up with the name, Leigh or Valerie, so we’re taking joint credit for it.) We developed the Al Capone Theory over several years of researching and recording racism and sexism in computer security, open source software, venture capital, and other parts of the tech industry. To explain, we’ll need a brief historical detour – stick with us.

As you may already know, Al Capone was a famous Prohibition-era bootlegger who, among other things, ordered murders to expand his massively successful alcohol smuggling business. The U.S. government was having difficulty prosecuting him for either the murdering or the smuggling, so they instead convicted Capone for failing to pay taxes on the income from his illegal business. This technique is standard today – hence the importance of money-laundering for modern successful criminal enterprises – but at the time it was a novel approach.

al_capone_mural_cropped_480
A mural depicting Al Capone smoking a cigar in front of a bridge and a subway, used under CC-SA from Wikipedia

The U.S. government recognized a pattern in the Al Capone case: smuggling goods was a crime often paired with failing to pay taxes on the proceeds of the smuggling. We noticed a similar pattern in reports of sexual harassment and assault: often people who engage in sexually predatory behavior also faked expense reports, plagiarized writing, or stole credit for other people’s work. Just three examples: Mark Hurd, the former CEO of HP, was accused of sexual harassment by a contractor, but resigned for falsifying expense reports to cover up the contractor’s unnecessary presence on his business trips. Jacob Appelbaum, the former Tor evangelist, left the Tor Foundation after he was accused of both sexual misconduct and plagiarism. And Randy Komisar, a general partner at venture capital firm KPCB, gave a book of erotic poetry to another partner at the firm, and accepted a board seat (and the credit for a successful IPO) at RPX that would ordinarily have gone to her.

Initially, the connection eluded us: why would the same person who made unwanted sexual advances also fake expense reports, plagiarize, or take credit for other people’s work? We remembered that people who will admit to attempting or committing sexual assault also disproportionately commit other types of violence and that “criminal versatility” is a hallmark of sexual predators. And we noted that taking credit for others’ work is a highly gendered behavior.

Then we realized what the connection was: all of these behaviors are the actions of someone who feels entitled to other people’s property – regardless of whether it’s someone else’s ideas, work, money, or body. Another common factor was the desire to dominate and control other people. In venture capital, you see the same people accused of sexual harassment and assault also doing things like blacklisting founders for objecting to abuse and calling people nasty epithets on stage at conferences. This connection between dominance and sexual harassment also shows up as overt, personal racism (that’s one reason why we track both racism and sexism in venture capital).

So what is the Al Capone theory of sexual harassment? It’s simple: people who engage in sexual harassment or assault are also likely to steal, plagiarize, embezzle, engage in overt racism, or otherwise harm their business. (Of course, sexual harassment and assault harms a business – and even entire fields of endeavor – but in ways that are often discounted or ignored.) Ask around about the person who gets handsy with the receptionist, or makes sex jokes when they get drunk, and you’ll often find out that they also violated the company expense policy, or exaggerated on their résumé, or took credit for a colleague’s project. More than likely, they’ve engaged in sexual misconduct multiple times, and a little research (such as calling previous employers) will show this, as we saw in the case of former Uber and Google employee Amit Singhal.

Organizations that understand the Al Capone theory of sexual harassment have an advantage: they know that reports or rumors of sexual misconduct are a sign they need to investigate for other incidents of misconduct, sexual or otherwise. Sometimes sexual misconduct is hard to verify because a careful perpetrator will make sure there aren’t any additional witnesses or records beyond the target and the target’s memory (although with the increase in use of text messaging in the United States over the past decade, we are seeing more and more cases where victims have substantial written evidence). But one of the implications of the Al Capone theory is that even if an organization can’t prove allegations of sexual misconduct, the allegations themselves are sign to also urgently investigate a wide range of aspects of an employee’s conduct.

Some questions you might ask: Can you verify their previous employment and degrees listed on their résumé? Do their expense reports fall within normal guidelines and include original receipts? Does their previous employer refuse to comment on why they left? When they give references, are there odd patterns of omission? For example, a manager who doesn’t give a single reference from a person who reported to them can be a hint that they have mistreated people they had power over.

Another implication of the Al Capone theory is that organizations should put more energy into screening potential employees or business partners for allegations of sexual misconduct before entering into a business relationship with them, as recently advocated by LinkedIn cofounder and Greylock partner Reid Hoffman. This is where tapping into the existing whisper network of targets of sexual harassment is incredibly valuable. The more marginalized a person is, the more likely they are to be the target of this kind of behavior and to be connected with other people who have experienced this behavior. People of color, queer people, people with working class jobs, disabled people, people with less money, and women are all more likely to know who sends creepy text messages after a business meeting. Being a member of more than one of these groups makes people even more vulnerable to this kind of harassment – we don’t think it was a coincidence that many of the victims of sexual harassment who spoke out last month were women of color.

What about people whose well-intentioned actions are unfairly misinterpreted, or people who make a single mistake and immediately regret it? The Al Capone theory of sexual harassment protects these people, because when the organization investigates their overall behavior, they won’t find a pattern of sexual harassment, plagiarism, or theft. A broad-ranging investigation in this kind of case will find only minor mistakes in expense reports or an ambiguous job title in a resume, not a pervasive pattern of deliberate deception, theft, or abuse. To be perfectly clear, it is possible for someone to sexually harass someone without engaging in other types of misconduct. In the absence of clear evidence, we always recommend erring on the side of believing accusers who have less power or privilege than the people they are accusing, to counteract the common unconscious bias against believing those with less structural power and to take into account the enormous risk of retaliation against the accuser.

Some people ask whether the Al Capone theory of sexual harassment will subject men to unfair scrutiny. It’s true, the majority of sexual harassment is committed by men. However, people of all genders commit sexual harassment. We personally know of two women who have sexually touched other people without consent at tech-related events, and we personally took action to stop these women from abusing other people. At the same time, abuse more often occurs when the abuser has more power than the target – and that imbalance of power is often the result of systemic oppression such as racism, sexism, cissexism, or heterosexism. That’s at least one reason why a typical sexual harasser is more likely to be one or all of straight, white, cis, or male.

What does the Al Capone theory of sexual harassment mean if you are a venture capitalist or a limited partner in a venture fund? Your first priority should be to carefully vet potential business partners for a history of unethical behavior, whether it is sexual misconduct, lying about qualifications, plagiarism, or financial misdeeds. If you find any hint of sexual misconduct, take the allegations seriously and step up your investigation into related kinds of misconduct (plagiarism, lying on expense reports, embezzlement) as well as other incidents of sexual misconduct.

Because sexual harassers sometimes go to great lengths to hide their behavior, you almost certainly need to expand your professional network to include more people who are likely to be targets of sexual harassment by your colleagues – and gain their trust. If you aren’t already tapped into this crucial network, here are some things you can do to get more access:

These are all aspects of ally skills – concrete actions that people with more power and privilege can take to support people who have less.

Finally, we’ve seen a bunch of VCs pledging to donate the profits of their investments in funds run by accused sexual harassers to charities supporting women in tech. We will echo many other women entrepreneurs and say: don’t donate that money, invest it in women-led ventures – especially those led by women of color.

Vegas Ally Skills 2017

For the fourth year in a row, I’ll be teaching a free Ally Skills workshop the week of Security Summer Camp. Previous years have been a lot of fun, and I’m looking forward to once again not attending Defcon but still doing my part to make security a better place for underrepresented people.

Me giving a talk, looking all fancy
I won’t look quite this fancy while teaching the workshop. Photo by Mike Bridge https://twitter.com/michaelbridge/status/875801248888311808

The Ally Skills workshop teaches concrete skills to fight biases like sexism, racism, and transphobia through a (very) short talk followed by a series of scenarios that are discussed in small groups. There’s no awkward role-playing, and people are always surprised by how much fun it is. This isn’t a tedious legally mandated workshop, it’s a practical set of tools that you’ll use in your every day work and life.

The workshop will be on Saturday from 1-3 in a suite at Caesar’s Palace, graciously provided by the fine folks at Atredis Partners.

If you’re interested, please sign up here. I’ll be in touch a week or so before to confirm your attendance.

Again the workshop is free, but if you like the work I do, I always appreciate folks donating to the ACLU (disclosure: I work there, but this is on my own time and I’m paying my own way to Vegas) or Equal Rights Advocates.

Joining the ACLU

In a couple of weeks, I will be joining the ACLU’s Project on Speech, Privacy and Technology as a Technology Fellow. I will be working on activist issues near and dear to my heart – encryption, surveillance, and privacy rights that are facing renewed threat under the new administration. I am so excited to get to apply my decade of work in the security industry to helping shape conversations and policies on these topics.

More so than ever before, cyber security issues are at the forefront of public conversations about freedom and democracy. In my time on the Patch Tuesday team at Microsoft, doing incident response at Salesforce, and most recently at Slack, I have learned a lot about the nuts and bolts of how security is practiced in the real world – and how to communicate about it with the public. I further honed those skills through my work as an advisor to the Ada Initiative, the creator of the neveragain.tech pledge, and in providing behind-the-scenes security assistance to activists and public figures. Building on this foundation, I am looking forward to being an outspoken and effective advocate for our digital rights during the year of my fellowship and beyond.

My role will include collaborating with the ACLU’s lawyers and other staff to identify, understand, and potentially litigate issues related to security, technology, and civil liberties. I am also looking forward to working with journalists as a source for commentary on security and privacy issues. Please feel free to reach out to me via email (leigh at hypatia dot ca) or Twitter DM for my Signal number. My PGP key is also available here.

I am deeply grateful for and proud of my two years at Slack and will miss everyone a bunch (though I’m not going far – I’ll be working out of the San Francisco ACLU office). I was the third security employee at Slack, and helped grow and evolve the team over the past two years, eventually becoming manager of our incident response team. Early in my time at Slack, I worked to streamline and improve our highly successful bug bounty program and update our security documentation. I got to interview my boss Geoff before we hired him as our first CSO. I worked with colleagues to build a next-generation secure development process, and most recently my work has focused on hiring and building our incident response practice. I’m happy to be able to help hire our next incident response leader in my last couple of weeks at the company – you can check out the job description and apply here, and I would be glad to talk about the role and my time at Slack with interested candidates.

But is it systemic?

Back in January 2015, I was fortunate to be able to attend the Ontario Ombudsman’s “Sharpening Yor Teeth” training program for administrative watchdogs. I’ve long been a fan of the Ontario Ombudsman’s Office’s work – from their meta-investigation of the Ontario Special Investigations Unit (itself a watchdog which investigates police misconduct), to the reforms they engendered in the lottery and gaming system, to their work on expanding access to vital cancer medications. I’m a bit of a nerd about this stuff — I’m pretty sure I was the only attendee who was there out of my own interest, rather than on behalf of an employer.

One of the key roles of an Ombudsman is to identify when issues are systemic rather than one-off cases. Australia’s Financial Ombudsman Service has a succinct definition of systemic issues — they are those which “will have an effect on people beyond the parties to a dispute.” The training I attended included a couple of hours on this topic, and a rubric for evaluating issues that came in through the triage process to determine whether or not they represented potentially systemic issues.

With this context, I was shocked to see the confidence with which Uber board member Arianna Huffington declared that the company’s sexual harassment issues were not systemic. If you haven’t seen it already, watch this interview with her. It’s… honestly just appalling. She claims to have talked to “hundreds” of women at Uber, and when asked at the end if there is anything that would make her consider that Travis isn’t fit for the job, her answer is a clear “no”.

It is deeply inappropriate for Huffington to be making this assessment before the investigation that she’s overseeing (but ostensibly not part of?) is completed. Based on what’s been reported in the press, and what friends have been saying behind closed doors for years, I feel confident in saying that she is wrong to be drawing that conclusion at this juncture. She is also undermining any chance of credibility that the actual investigation has, by conflating her own… research? meddling? whatever she’s doing… with the investigation itself.

But you don’t need to just listen to me. To confirm my gut feeling, I decided to apply the Ombudsman’s rubric to what is known about the situation at Uber. The parts in bold are more or less verbatim from the course notes; there isn’t a copy online, but there’s a shorter version in an essay by the former Ombudsman at this link. Or if you’ve got CAD$124 burning a hole in your pocket, you may be interested in “Conducting Administrative, Oversight & Ombudsman Investigations,” but you’re probably not as much of a weirdo as me and therefore haven’t asked for that book for your birthday. ANYWAY, on to the rubric:

What Happened?

Lots of ink has been spilled on Uber’s gender issues both before and in the wake of Susan Fowler’s post. Joey deVilla has an extensive and colourful roundup of the history of Uber’s malfeasance, gender and otherwise, here.

Does the case have systemic implications?

Some of the factors to consider in determining if an issue has systemic implications or not are:

  • Are there a number of similar complaints? We have Fowler’s account, and, well, real talk here – the Silicon Valley women’s backchannel has had stories like hers going around for years. I don’t know of a single woman engineer who was surprised by Fowler’s story – what many were surprised by was that anyone listened this time.
  • Are there obvious systemic issues? HR’s (mis)handling of Fowler’s complaints just screams “obvious systemic issues” to me.
  • Does the issue encompass a range of policies/processes? At a rough guess, I’d say – HR, recruiting, engineering management – so yes.
  • Does it affect a lot of people? It certainly sounds like it has both within Uber as an organization and also outside – there are plenty of stories going around about crappy, biased engineering recruiting experiences at Uber. And that’s without even touching on how they treat drivers, or passengers who’ve had issues with sexual harassment/assault by drivers. So yes.

Is the issue sensitive and/or high-profile?

This is an easy one. A Google News search for “uber sexual harassment” returns nearly half a million results. Definitely high-profile.

Is an investigation in [the organization’s] interest?

In the Ombudsman’s rubric, this question is asked about the public interest rather than the organization’s interest – I’ve modified the rubric a bit to apply to a private entity. Factors to consider in determining interest include:

  • Is the alleged injustice so egregious (on the face of it) that an investigation is
    clearly necessary? I’d say yes, here.
  • What other organizations are involved or investigating? I expect that entities such as the EEOC have this issue on their radar, and they definitely will if employees file formal complaints.
  • Is it a matter of public discussion? Yup we’ve definitely got that one covered, that’s for sure.
  • Will the case likely result in significant recommendations for change if the
    complaint is substantiated? The HR processes that Fowler describes are profoundly broken and indicate substantial failures in organizational leadership. I’d sure hope that it becomes clear that significant change is needed.

Will the fact-gathering process be complex or protracted?

This is the one where Huffington’s statements really fall on the floor, as her rush to judgement makes it clear that either any investigation that’s taken place so far has been utterly biased (not that this is going to surprise anyone) or that she’s quite simply talking out of her posterior. Some factors that lead to thinking this needs to be treated as a systemic issue include that there are clearly facts in dispute, many potential witnesses will need to be interviewed, and many documents need to be assessed – starting with the entire record of Fowler’s correspondence with HR. And finally, multiple parts of the Uber organization need to be involved (HR and engineering management, to start with).

Will the investigation be a judicious use of resources?

This is less of an issue for a billion-dollar “unicorn” startup than it would be for a resource-constrained public service Ombudsman’s office. Uber has millions in the bank, and can easily afford a proper independent investigation. The cost of not properly investigating could potentially include: additional sexual harassment lawsuits down the road that could have been prevented, responding to independent investigations from organizations such as the EEOC or Department of Justice, an inability to hire engineers and other key employees, and the harm to current and former Uber employees’ career prospects as Uber becomes a toxic stain on their resumes.

Is there any potential to resolve the issue(s) informally?

It is clear from Fowler’s post that she made heroic efforts to have her mistreatment addressed through appropriate, pre-existing formal channels. Since it is amply evident that that didn’t work, informal resolution isn’t appropriate in this case.

Conclusion

Based on the Ontario Ombudsman’s rubric, the gender issues at Uber clearly meet the bar for a potential systemic issue worthy of deep investigation. In cases like that, a truly independent investigation is in order — not one conducted by a board member who has spoken dismissively of the issues. Last summer in our No More Rock Stars post about fighting systemic abuse in tech organizations, Valerie, Mary and I wrote that combating abuse in organizations requires “[starting] with the assumption that harassment reports are true and investigat[ing] them thoroughly“, and Huffington’s dismissal of Fowler’s complaint as a non-systemic issue violates that principle. The principle is not about “assuming guilt” but about thoroughness. It is about diligent, methodical, rigorous follow-up. Which I wholeheartedly hope Eric Holder’s investigation will involve, although I’ll be skeptical until I see it.

Breakup Comfort Reads

broken-heart
thanks, emojipedia

Obviously there’s much more Serious Business going on in the world than my romantic (mis)adventures, but a recent breakup has given me time to reflect on the things that have brought me comfort and meaning when my heart has faced tough times. I wanted to share them for others who are going through heartache, and just to have them all in one place should I need them again someday.

The first  is from one of the earliest Captain Awkward posts, “The Golden Retriever/Kwisatz Haderach of Love“. NB: I’ve never read Dune nor seen the movie, the post is worth it even without knowing the references 🙂 Among the pieces of advice to the heartbroken letter-writer is this wonderful musing on love:

It’s okay to still be in love. Love is – as this hideous wedding-cake topper excruciatingly reminds us – patient, it is kind, it believes all things, hopes all things, endures all things. So there you are, all shaggy and embarrassing bounding toward your person wagging your tail and doing that adorable thing you do where you pretend that you’re not going to hand over the ball you’re carrying in your mouth and your person doesn’t even want your stupid ball and then the leash of reality yanks you back. That part of you is the purest and best and truest part of you, and you can’t really turn it off. It’s just going to love for a while.

I say this because it’s really fucking frustrating to try to talk yourself out of having a feeling or beat yourself up for having a feeling at the same time you’re having the feeling. So just have the feeling. Just be the Golden Retriever of Love. You’re not stupid for feeling it, you’re not a bad person, you didn’t do anything wrong. You just feel what you feel, and you’ll feel until one day you stop, and you can’t decide when that is, so don’t even try.

For me it’s one of those pieces of writing that I come back to over and over, like a worry stone. Just have the feeling. Just be the Golden Retriever of Love. It’s such a beautiful reminder to be kind to the best and most loving parts of yourself, even when they are hurting. Especially when they are hurting.

Next up is the Beyonce Freelancing Method, a delightfully raunchy reflection on the economic value of romantic attention by the Scottish writer and video game critic Cara Ellison:

This frame of mind has been percolating unconsciously for a while. It’s mainly about valuing men monetarily. I weigh up how much money I lose as a freelancer by spending time on pelvic sorcery rather than writing, and I calculate whether it is worth losing that money. […] It’s all about the pleasure return and the impact on my work. Does the sex, the hanging out, the effort to keep my attention leave me energised? Or does it make me really exhausted and sad and angry so that I can’t work? The first type is worth more monetarily. The second type is not worth it and I’ve been learning to refuse to invest in it.

Grieving and forgiveness are two things that I think about a lot in the context of breakups. A breakup leaves one grieving the end of what was, what was imagined to be but never really was, what could have been, or some combination of those. There’s plenty of pop-psych writing on grieving, but a thing I found very helpful was just understanding that the classic 5 stages “are not stops on some linear timeline[…]. Not everyone goes through all of them or in a prescribed order.” Grief is often a messy thing, but I’ve found the 5 “stages” to be a helpful lens to understand my feelings.

On forgiveness, I think often of these quotations from an essay in the journal Character, which Emily Yoffe (the former Dear Prudence) excerpted in a column on choosing whether or not to forgive abusive parents:

In a 2008 essay in the journal In Character, history professor Wilfred McClay writes that as a society we have twisted the meaning of forgiveness into a therapeutic act for the victim: “[F]orgiveness is in danger of being debased into a kind of cheap grace, a waiving of standards of justice without which such transactions have no meaning.” Jean Bethke Elshtain, a professor at the University of Chicago Divinity School writes that, “There is a watered-down but widespread form of ‘forgiveness’ best tagged preemptory or exculpatory forgiveness. That is, without any indication of regret or remorse from perpetrators of even the most heinous crimes, we are enjoined by many not to harden our hearts but rather to ‘forgive.’ ”

In the documentary version of Margaret Atwood’s Massey Lecture “Payback: Debt and the Shadow Side of Wealth,” she interviews Louise Arbour, former Canadian Supreme Court justice. Arbour says, on forgiveness:

Forgiveness is a link between the past and the future, it’s not the restoration of the past prior to the injury.

And it was one of those lines that jumped out at me so much that I paused the film to write it down. It’s available on Netflix in Canada or Amazon in the US, if you’re interested in watching it.

I mention forgiveness specifically because there’s often a rush to try to make nice with an ex, to preserve social bonds and mutual friendships, and that to me often feels like a jump to the “exculpatory forgiveness” Elhstain describes. A friend pointed out to me a few years back that often the reasons one might choose to break up are the same reasons one may not want to be friends. And that’s ok. The rush to be friends is often about one person’s absolution, particularly when it’s the dumper asking it of the dumpee. It’s such a frequent theme in r/relationships posts and Captain Awkward columns that it feels cliché to even mention, but you’re under no obligation to stay in touch or stay friends, and it’s often healthier not to.

It’s not a read either, but this clip of Oprah and Maya Angelou talking about Angelou’s exhortation to believe someone when they show you who they really are, the first time is worth a watch. Or several 🙂

On the longer side, there are a couple of books I come back to over and over as I process relationship stuff. I’ve read a lot of terrible garbage self-help books over the past few years, but these stand out as being works which have helped me grow and change as a person.

A couple of books which talk about attachment styles have been very helpful: Attached: The New Science of Adult Attachment and How It Can Help YouFind – and Keep – Love by Levine and Heller, and Hold Me Tight: Seven Conversations for a Lifetime of Love by Canadian family therapist Sue Johnson, who is it turns out a different person from Canadian sex educator Sue Johanson whose Sunday Night Sex Show educated an entire generation of Canadian radio listeners. I digress. Both of those books are relevant to people of all genders, and manage to avoid the pitfalls of heterocentricity that many relationship books fall into. Emily Nagoski’s Come as You Are: The Surprising New Science that Will Transform Your Sex Life has helped me unpack the inner mechanics of my desires. It is primarily directed at cisgendered women (and their partners), but it also has a great primer on attachment theory as it pertains to sexuality that is broadly applicable.

Three books have helped me through times I’ve been uncertain/ambivalent about relationships I’ve been in: Lundy Bancroft and JAC Patrissi’s Should I Stay or Should I Go?, and Mira Kirshenbaum’s Too Good to Leave, Too Bad to Stay, and her embarrassingly named Is He Mr Right. That last one helped Valerie and me develop this really cool spreadsheet for thinking about relationship preferences. In Mr. Right Kirshenbaum defines her “essential five elements of chemistry” as “ease & closeness, respect, safety, affection & passion, fun”, which I think is super helpful to read about just on their own – here’s a summary. Of the three books, Should I Stay and Mr. Right are aimed at women who date men. Too Good to Leave is less gender-specific (though still fairly heterocentric) and is in a neat Dr. House style “differential diagnosis” format I found very useful.

On the more seriously dysfunctional end of the spectrum, Lundy Bancroft’s book Why Does He Do That?: Inside the Minds of Angry and Controlling Men is essential reading and has been instrumental in my avoiding getting involved with abusive people in recent years. Despite the title, it’s worth a read regardless of your gender as the patterns of abusive mindsets are super helpful for people of all genders to understand.

And finally, when your heart is sad, you can always summon a calming manatee.

Looking back on 2016

For the past couple of years, I’ve done Jen Dziura’s “Design Your $next_year” workbook towards the end of the year. It’s been a very helpful exercise. It’s definitely worth the couple of bucks.
One of the things it includes is making a list of the things you accomplished in the year you’re closing out; I did so in the workbook in my terrible handwriting, with items ending up in the margins and upside down as I tried to fit them all in. Which feels pretty good, I must say. This year I decided to also type it up and post it for posterity.

It’s a bit of a brain dump, and incomplete by necessity — this year included a fair bit of working towards goals that will not be public for a while, but also supporting people through crises that are not mine to disclose. The latter friend-crises came in the form of mental health stuff, intimate partner violence (which this book is an utterly essential read for friends who are trying to help), workplace harassment, and mass-scale online harassment.

That said, here’s the stuff I can talk about:

  • Throughout the year stuff:
    • Taught at least 5 Ally Skills workshops — at Slack, during (but not at) Defcon, and elsewhere, and finally attended a Train-The-Trainers for it so I could learn from how others teach it
    • Mentored a bunch of folks including some interns, yay!
    • Gained just over 2,000 Twitter followers. Thank you all for listening to me babble ❤
    • Did a bunch of skiing and coached friends
    • Helped hire a bunch of folks at Slack
    • Generally helped things not be on fire at Slack
    • Wrote some PHP for the first time in a decade
    • Wrote some very funny tweets on @SlackHQ but you’ll never know which ones were me!!!
    • Started lifting weights in earnest again. I learned a lot from Julian’s guide and Stumptuous. My biceps are AMAZING 💪

      Seriously, biceps
    • Made some good progress towards getting some gut health stuff that’s been annoying for a long time figured out (if you have IBS and haven’t heard of SIBO, there’s a bunch of new and interesting research!)
    • Generally ate super healthily and cooked lots of things (especially pork chops and also poached eggs) with my Nomiku (and finally got to meet Lisa, the founder! who just got funded on Shark Tank holy crap!!)
    • Volunteered for the Hillary campaign both on the infosec side and the more general GOTV side
    • Donated a few thousand dollars to causes I support like the ACLU and Callisto
    • Maxed out my 401k
    • Took good care of my brain by going to therapy regularly and (with medical supervision) tapered off one of the brain meds I had been taking
    • Rediscovered my childhood love of Star Wars and watched the entire Clone Wars and Rebels series and read several of the New Canon novels
    • Started painting
  • One-off stuff, in rough chronological order

I learned a few things in 2016 as well — I need to work on saying no to things a bit more, as I’ve been very overcommitted and definitely dropped a few balls last year. I’m going to travel less and do less speaking this year, particularly for the first half.

I’m still working on the “plan your 2017” part of Jen’s workbook. I started it before the election and then put it aside for a couple of months. And then the election happened. I’m still figuring out how to re-prioritize how I spend my energy now that “fighting fascism” is a higher priority than “getting an MBA.” I’ll write more about that soon.

Happy New Year, and for all the good that I was fortunate enough to got done in it, good riddance to 2016.