Category Archives: Ada Initiative resources in use

Guest post: Conference codes of conduct as seen from your world and mine

This is a guest post by Andromeda Yelton about how conference codes of conduct actually improve the protection of free speech for women and other disadvantaged groups in tech, originally posted on her blog here. Andromeda Yelton is a librarian and freelance software engineer. She teaches librarians to code; speaks and writes about libraries, technology, and gender; and is on the Board of the Library & Information Technology Association.

In discussing ALA’s Statement of Appropriate Conduct with ever-wider audiences, I get the growing feeling that we stand at different starting lines, and it affects our understandings of the words in the statement.

So if you looked at the Statement and your first reaction was “but…free speech?” or “nanny state” or “political correctness”, this is for you. Let me attempt to explain some starting points. (Trigger warning: graphic violence, rape, rampant misogyny.)

Proponents of these codes are not concerned that people might disagree with them (even disagree passionately). We aren’t concerned that people might not be nice. We aren’t wanting to run to some hammer of authority every time someone says a group we’re in might be other than pure unicorns and roses.

Here is the world I live in:

I live in a world where famed game developer and technical writer Kathy Sierra disappeared entirely from the internet for years after she received a series of death threats, including publishing of her home address, social security number, and false allegations that she had abused her children.

I live in a world where Anita Sarkeesian ran a Kickstarter to support a project on sexism in video games, and as a result someone created and distributed a video game consisting solely of clicking on her face until you had beaten it to a bloody pulp.

I live in a world where merely having a female-gendered nickname on IRC (a chat network important in the technology world) makes you 25 times more likely to receive unsolicited malicious private messages, even if you never say a word.

I live in a world where I have zero interest in going to CES because I don’t want to have to deal with the naked booth babes (and am therefore cutting myself off from the biggest trade show relevant to my interests). Where a friend of mine takes for granted there will probably be naked women on conference slides in her field. Where people complaining that a joke about being “raped by dickwolves” in a comic about gaming isn’t funny leads to its creators selling dickwolves t-shirts and large numbers of people to this day defending this as a reasonable position to hold. Where a hackathon sponsored by a major tech news web site gives time on stage to an app intended solely for sharing photos of women’s cleavage, with a nine-year-old-girl in the audience. Where a major tech news discussion site is so prone to misogyny many women never bother to spend time there, at the same time as it is suspected of repeatedly quashing discussion critical of misogyny.

I live in a world where I treat it as great and inexplicable good luck that no one has yet threatened to rape or kill me just because I blog and speak publicly about technology and sexism under an obviously female name, and I have the backup plan in my head of how to moderate comments and log IPs if it’s ever needed, and the list of which friends have my back enough that I’d ask them to wade through that kind of cesspit for me. I live in a world where using my own name on github and IRC was aspecific conscious choice that required actual bravery from me, because I know that I am statistically exposing myself to retribution for doing so.

Let’s say that again: I live in a world where being myself in public, talking about things I care about under my own name in public, is a specific choice which requires both courage and a backup plan.

In this world some people choose not to be themselves in public. They choose not to speak, or to speak only under disguises – ones they can’t wear at conferences, face-to-face.

That is my concern about free speech. That right there.

That is the aim of conference codes of conduct. To clarify the threats — not to eliminate them, because you can’t ever do that, but to state that this is a place where silencing people through graphic threats of sexual violence or open and regular degradation is treated as unacceptable, that if it happens to you there’s a place to go, and to (crucially) say that the bystanders care too. That you’re not in a place where a lot of people are decent but indifferent and someone somewhere might attack you and it’s all on you to cope, but you’re in a place where a lot of people are decent and affirmatively have your back.

And by clarifying the threats, by publicly affirming the decency of the bystanders, we create a world where you don’t have to be quite so brave to speak up. A world where the uncertain, the new, the outsiders have a voice too. A world where maybe the barrier for being a woman in tech — or an outsider coming in — is not the ability to say “fuck you”, but merely the interest in saying something, anything.

If you have been reading the statement of acceptable conduct from the frame of mind that you haven’t encountered problems and things seem fine and the only speech you can imagine it chilling is the edgier end of the perfectly fine, please go back and reread it from my world. It reads differently.

New accessible dropdown menus plugin for WordPress now available

Good news for accessibility on the web: a new open source plugin to make dropdown menus more accessible to people with disabilities is now available for several WordPress themes, including the popular Twenty Ten through Twenty Thirteen themes. The accessible dropdown menu plugin was made possible by Amy Hendrix, Graham Armfield, AdaCamp attendees, and the supporters of the Ada Initiative.

Picture of a laptop with screen reader attached

One screen reader, CC-BY Paul Downey

An AdaCamp attendee pointed out that the menus on the Ada Initiative and AdaCamp web sites did not work for people using screen readers, a device that converts text or other information on a computer screen into speech, Braille, or other forms of output usable by people with visual impairment. As a result, much of our web site content was hidden from anyone with a range of disabilities, including visual impairment and difficulty using a mouse.

We immediately asked our WordPress consultant, Amy Hendrix, to make our menus accessible. Amy adapted an open source accessible menus plugin written by Graham Armfield for the Twenty Twelve theme we use on our web sites and installed it within days of the request.

Now the accessible dropdown menus is available for free download on the WordPress plugin directory, with Amy and Graham supporting the plugin together going forward. If you are using any of the Twenty Ten, Twenty Eleven, Twenty Twelve, Twenty Thirteen, or Underscore themes, you can install the plugin today. If you aren’t, you can request adding support for your theme to the plugin (or pay Amy to do the work, as we did).

Why is accessibility important for women in open tech/culture?

Improving accessibility is a key part of supporting all women in open technology and culture, not just able-bodied women. Accessibility at conferences is particularly important in open tech/culture given how central conferences are to participating in these communities. To help understand the effect of paying attention to accessibility, you can read Liz Henry’s post on her recent experiences with accessibility at work and conferences.

Just a few ways to improve the accessibility of your events and web sites:

Accessibility lane at WisCon

CC-BY-NC sandphin

To learn more about improving accessibility at conferences, start with WisCon’s accessibility policy.

Thank you to AdaCampers, Amy Hendrix, Graham Armfield, and the supporters of the Ada Initiative for making this work possible!

Kicking impostor syndrome in the head: lessons from AdaCamp DC and SF

Impostor syndrome is a common reaction to doing publicly visible and publicly criticised work like that done in open technology and culture; it’s a feeling that you haven’t earned and aren’t qualified for the status you or your work have and a fear of failing publicly and being discovered to be an impostor. It is very prevalent among women in the space, many of whom have been socialised to value other’s opinion of their work above their own, and to do things “by the book”.

At the Ada Initiative’s AdaCamp, impostor syndrome is such a popular topic of discussion that five sessions ran on it at AdaCamp DC in July 2012. More recently at AdaCamp San Francisco Leigh Honeywell ran an opening session for most conference attendees on combating impostor syndrome.

Video: Denise Paolucci, “Overcoming Impostor Syndrome”

As a result of the AdaCamp DC discussions, at 2013 in January Ada Initiative board member and Dreamwidth Studios co-founder Denise Paolucci gave a talk on Overcoming Impostor Syndrome, sharing the strategies that were discussed at AdaCamp DC. Denise’s talk has great strategies for both sufferers of impostor syndrome and for allies and leaders to help people realistically judge their own work and to seek help and support when they need it.

Talk transcript at the bottom of the post.

Denise’s talk also appeared recently at Open Source Bridge in Portland.

Values exercise: Leigh Honeywell

At AdaCamp San Francisco, one of Leigh Honeywell’s exercises for participants was based on the hypothesis that impostor syndrome is a manifestation of stereotype threat — the tendency of people to perform in ways that confirm stereotypes of groups they identify with, such as women performing worse on a math test if its mentioned that the test is looking for gender differences in performance — and had participants perform a values exercise that they can use before doing something like writing a resume or taking a test.

Leigh’s exercise is based on Miyake et al’s finding that writing about one’s values helps combat stereotype threat. Participants identify five values (from a list including examples such as Decisiveness, Pleasure, Self-reliance and Wisdom) that are important to them, and write about one value. The worksheet also asks them to describe a time when they were asked for advice, ie treated as an expert. With this short, simple exercise, participants are primed for a more realistic, positive assessment of their own ability and achievements.

Leigh has released the values worksheet under Creative Commons Attribution, and welcomes contributions.

Talk transcript: Denise Paolucci, “Overcoming Impostor Syndrome”

This talk transcript is based on the caption file for the video of Denise’s talk, prepared by Mirabai Knight of StenoKnight CART Services.

Continue reading

In Arbeit: Das Ende von Sexismus in der Hackerkultur

This is a German translation of our recent blog post on sexism in hacker culture (click here for the English original). Translation courtesy of @fin, @bekassine und @michaelem.

[Übersetzung ins Deutsche von @fin, @bekassine und @michaelem]

Letzte Woche wurde wieder global über Sexismus in der Hackerkultur diskutiert. Auslöser dafür waren eine Reihe von sexistischen Vorfällen am 29ten Chaos Communication Congress, einer Veranstaltung die jährlich in der letzten Woche des Jahres in Deutschland abgehalten wird.

Die Vorfälle begannen damit, dass jemand aus den sogenannten “Creeper Move Cards” ein Bild eines nackten Frauenkörpers (Link führt nicht direkt zum Bild) an eine Wand klebte. Diese “Creeper Move Cards” waren gedruckt worden um auf das Thema Sexismus aufmerksam zu machen, was in diesem Fall auch gelungen war. Weiters wurde im Wiki der Konferenz eine Seite erstellt, die die TeilnehmerInnen im Rahmen eines Spiels dafür belohnte, anderen gegenüber sexistische Kommentare abzulassen oder unerwünschte sexuelle Annäherungsversuche zu unternehmen. Außerdem machte ein Moderator des beliebten Spiels “Hacker Jeopardy” im Rahmen der Show wiederholt sexistische Kommetare wie zB. “Jetzt müssen wir leider aus Gleichstellungsgründen eine Frau nehmen”, ohne dass die Organisatoren der Konferenz eingegriffen hätten.

Schnell reagierten sowohl KonferenzteilnehmerInnen, als auch die weltweite Community. TeilnehmerInnen erstellten eine Webseite, auf der sexistische Vorfälle am Congress dokumentiert wurden. Die Kritik verbreitete sich explosionsartig durch die sozialen Medien – “Ich behaupte, die Konferenz-Orga hat versagt und euer Team ist eine symbolische und sinnlose Geste” [übersetzt] – wiederum nicht nur auf der Konferenz, sondern auch in der weiteren Community.

Diese Vorfälle brachten für die bekannte Online-Aktivistin und Cryptoparty-Gründerin Asher Wolf das Fass zum Überlaufen und sie bloggte über die sexistische Diskriminierung und Belästigung, die sie in der Hacker-Community erfahren hatte. Wie zum Beweis ihrer Aussagen wurde kurz darauf ihre Website gehackt und persönliche Daten online gepostet.

Diese Vorfälle waren umso schlimmer, weil nur ein paar Tage zuvor eine offizielle Anti-Harassment-Policy (Anti-Belästigungs-Richtlinie) veröffentlicht wurde. Im Zuge dessen wurde auch eine Telefonnummer eingerichtet, an die diskriminierende Vorfälle gemeldet werden konnten und es stand ein Team zur Verfügung, das auf Meldungen reagieren sollte. Die Ada Initiative sah dies als ein Zeichen des Fortschritts, auch weil der 29c3 damit bereits als dritte Hackerkonferenz eine spezifische, durchsetzbare Policy hatte.

Kritik an der Reaktion der Organisatoren war unter KonferenzteilnehmerInnen weit verbreitet und dauert bis heute an. Wir sind selbst traurig und bestürzt, dass viele TeilnehmerInnen aller Geschlechter Belästigung erfahren hatten und von den Organisatoren im Stich gelassen wurden. Wundert es also, dass Viele öffentlich verzweifelten und fragten, ob Frauen jemals eine Hackerkonferenz besuchen könnten, ohne als Stück Fleisch gesehen zu werden?

So sieht Fortschritt aus

Unsere hoffnungsvolle Ansage: Genau so sieht Fortschritt aus. So schmerzhaft diese letzte Woche auch war, so sehr zeigen diese Ereignisse auch, dass sich die Hackerkultur in eine Zukunft bewegt, in der Frauen nicht aktiv entmutigt werden, Teil der Hackercommunity zu sein.

Als letzten August Sexismus bei der Hacker-Konferenz DEFCON Schlagzeilen machte, drehte sich die Diskussion innerhalb der Community darum, ob Sexismus überhaupt existierte, ob Grenzübertretungen und Beschimpfungen als Sexismus zählen, ob Frauen ein wertvoller Bestandteil der Hackerkultur sein können und ob sexuelle Übergriffe zentraler Bestandteil der Hackerkultur sind. Im August 2012 hatte keine Hacker-Konferenz eine öffentliche, konkret durchsetzbare Anti-Harassment Policy.

Letzte Woche hingegen drehte sich die Diskussion darum, wie die Hackercommunity auf Sexismus reagieren sollte, nicht ob er existiert oder ob Frauen einfach mit Übergriffen rechnen müssen. Nun haben drei Hackerkonferenzen öffentliche, spezifische und durchsetzbare (wenn auch vielleicht schlecht durchgesetzte) Anti-Harassment Policies. Als diese Policy am Congress schlecht durchgesetzt wurde, organisierten sich Anwesende spontan, diskutierten Verbesserungen für die nächste Konferenz und stellten eine Liste mit praktischen, sinnvollen Verbesserungsvorschlägen zusammen. Sexismus in der Hackercomunity hat schon immer existiert, allerdings sind sich jetzt mehr Leute denn je dessen bewusst und ergreifen Maßnahmen um diesen zu bekämpfen.

Der Kampf gegen Sexismus: ein laufender Prozess

Von hier an ist bestimmt nicht alles ein Zuckerschlecken: Um im Kampf gegen Sexismus erfolgreich zu sein, müssen wir weiter auf die Verantwortlichkeit mächtiger Menschen pochen, unabhängig davon ob das für sie unangenehm oder peinlich ist. Wir sind hier um zu diskutieren, wie dieser Prozess funktioniert.

Zuerst wollen wir ein Beispiel geben, wie dieser Prozess in ähnlichen internationalen, kreativen, peer-to-peer-organisierten Communities funktioniert. In den letzten zwei Jahren gab es messbaren Fortschritt für Frauen in Open Source Software, Wikipedia, und ähnlichen Communities. Die Ada Initiative sieht sich in einer Führungsrolle für diese Bewegung: Wir arbeiten direkt mit Konferenzen und Firmen zusammen, vernetzen Frauen in dem Bereich durch die AdaCamp Konferenzen und arbeiten an einer freien (CC-BY-SA lizenzierten) Wissensdatenbank über Feminismus im Geek-Kontext mit, damit nicht jede Community und jede Konferenz ganz von vorne anfangen muss.

Wir haben gelernt, dass gesellschaftlicher Wandel ein Prozess ist. Wir sehen diesen folgendermaßen:

  1. Sensibilisierung: Leuten beizubringen, dass das Problem existiert
  2. Lösungsfindung: Praktische Methoden zu finden, die Community zu ändern
  3. Maßnahmen ergreifen: Diese Methoden implementieren

Das Erstellen und Austeilen der “Creeper Move Cards” hat unübersehbar ein Bewusstsein dafür geschaffen, dass Sexismus auf Konferenzen existiert. Das Erstellen und Verbreiten von Anti-Harassment-Policies für Konferenzen hat einen Lösungsweg aufgezeigt. Dass Konferenzorganisatoren jetzt diese Policies durchsetzen ist eine Implementierung dieses Lösungswegs.

Damit dies funktioniert müssen wir diese Schritte immer und immer wieder gehen, wir müssen riskieren, Fehler zu machen und wir müssen lernen, es nächstes Mal besser zu machen. Ein Beispiel für eine erfolgreiche Umsetzung dieses Prozesses ist die Australische/Neuseeländische Opensource Konferenz

Beispielfall: eine Konferenz über Opensource Software ist die bekannteste Opensource Konferenz in dieser Region und zieht hunderte von ReferentInnen und TeilnehmerInnen aus allen Teilen der Welt an. Heutzutage hat sie eine starke, gut durchgesetzte Anti-Harassment Policy, einen hohen Anteil von Frauen als Referentinnen und Teilnehmerinnen und einen Ruf als freundliche und einladende Konferenz für alle. Aber es war nicht immer so.

Vor einigen Jahren hatte die Vorfälle, in denen Frauen ohne deren Zustimmung fotografiert, Teilnehmerinnen körperlich bedroht und Witze darüber gemacht wurden, dass Hans Reiser Teilnehmerinnen töten würde. Im Jahr 2010 hatte die Konferenz zum ersten Mal eine “Diskriminierungspolicy”, die belästigendes und diskriminierendes Verhalten verbot. Diese Policy war jedoch so vage formuliert, dass es Diskussionen darüber gab, ob beispielsweise sexistische Witze diskriminierend seien.

Als Ende 2010 eine in der Open Source Community bekannte Frau den Namen des Mannes nannte, der sie auf der ApacheCon begrapscht hatte, löste das eine weltweite Diskussion über sexuelle Belästigung und sexuelle Übergriffe in der Open Source Community aus. Dieser Diskurs führte schließlich (neben der Gründung der Ada Initiative) dazu, dass eine Vorlage für eine konkrete und vollziehbare Anti-Harassment Policy ausgearbeitet wurde, welche die im Jahr 2011 übernahm.

Als ein Keynote-Sprecher 2011 diese Policy mehrfach verletzte (und zum Beispiel pornografische Bilder in seiner Präsentation verwendete), folgte eine Diskussion, die die Community mehrere Monate beschäftigte und zu weiteren sexistischen Vorfällen auf der Mailingliste der Konferenz führte. Schlussendlich entschuldigte sich der Referent und die Videoaufnahme des Vortrages wurde editiert um zu reflektieren, dass der Vortrag die Konferenzregeln und die Prinzipien der Organisatoren verletzte. Linux Australia, die Organisation, die hinter der Konferenz steht, bestätigte die Unterstützung ihrer Anti-Harassment-Policy und die Konferenz hatte 2012 keine signifikanten Vorfälle.

Einzelne Mitglieder der Community unterstützen weiterhin Sexismus und handeln weiterhin sexistisch, nur wissen sie jetzt, dass sie mit Sanktionen, Strafen und Abscheu von Seiten der Community rechnen müssen. Die Kulturnormen dieses Teils der Opensource Community haben sich sichtlich verändert.

Im Großen und Ganzen ist es mittlerweile in der Open Source Community die Norm, dass gegen Belästigung auf Konferenzen gekämpft wird.
Die meisten großen und auch kleinen Konferenzen haben Anti-Harassment-Policies und setzen sie auch durch. Die Python Software Foundation geht sogar weiter und verkündete vor Kurzem, dass sie keine Events ohne solchen Policies finanziell unterstützen würden, und uns wurde gesagt, dass viele Sponsoren der gleichen Meinung sind, dies aber nicht nach außen kommunizieren. Ermutigend ist besonders, dass Open Source Konferenzen nun ihre Aufmerksamkeit auf die Auswahl von ReferentInnen legen und sowohl auf Diversität bei der Auswahl der ReferentInnen achten, als auch Konferenzen darauf aufmerksam machen, wenn sie nur männliche und nur weiße ReferentInnen haben.

Hört auf, meine Konferenz zu ruinieren!

Wir werden immer wieder gefragt: Können wir all diese Unannehmlichkeiten nicht einfach überspringen und stattdessen nach dem Grundsatz “be excellent to each other” leben? Wir sind schließlich erwachsene Menschen, nicht wahr?

Gesellschaftliche Veränderung findet nicht statt, weil wir einfach darum bitten.

Veränderungen passieren durch Proteste, Hungerstreiks und öffentliche Aktionen. Veränderungen blockieren den Verkehr auf den Straßen großer Städte. Veränderungen passieren, wenn geheime Regierungsdokumente geleakt werden. Sie geschehen als Resultat von Unruhen, ausgebrannten Häusern und Tränengaskanistern auf die Nasen von Demonstranten. Wir können uns glücklich schätzen, dass Protest gegen Sexismus in der Hackerkultur hauptsächlich mit bösen Worten gekontert wird – besonders wenn wir gegen etwas Protestieren, das oft genug körperliche sexuelle Übergriffe auf Frauen beinhaltet. Wenn du noch keine Übergriffe oder Belästigung erlebt hast, mag diese unangenehme Diskussion wie ein Schritt zurück aussehen, aber für jene, die so etwas schon erlebt haben, ist die Diskussion eine klare Verbesserung!

Die Folgen dieser Art von Protesten sind unbequem und manchmal gefährlich für Leute die ihren Alltag leben. Jedoch sind diese Unannehmlichkeiten oft schon zuvor im Leben von Unterdrückten zu finden. Viele Frauen können schon nicht zu Hackerkonferenzen gehen, ohne mit Sexismus rechnen zu müssen. Wenn du diese Woche zum ersten Mal mit Sexismus konfrontiert wurdest, stell dir vor wie es ist, jedes Mal mit Sexismus konfrontiert zu werden, wenn du einen IRC-Channel betrittst, öffentlich bloggst oder zu einer Konferenz gehst. Das wäre ziemlich schrecklich, oder? Es könnte sogar dazu führen, dass du die Hackercommunity verlässt.

Die Antwort auf “hört auf meine Konferenz zu ruinieren” darf nicht “hört auf Sexismus aufzuzeigen” sein, sondern muss “hört auf sexistisch zu handeln” lauten. Beschuldige nicht die Opfer dafür, dass sie Sexismus aufzeigen, oder dass sie es auf eine für dich unangenehme Weise machen. Schlussendlich macht Sexismus sowohl Männer als auch Frauen mehr als leicht betroffen; Sexismus verletzt sie und vertreibt sie aus der Community. Wir forden den Chaos Communication Congress auf, hinter seiner Policy zu stehen, umfassende und funktionierende Prozeduren zu entwickeln und sich in Zukunft zu ihrer Durchsetzung zu bekennen

Wenn wir alle weiter zusammen arbeiten, laut bleiben und Maßnahmen gegen Diskriminierung ergreifen, wird sich Sexismus aus der Hackercommunity zurückziehen, wie es schon in anderen Communities passiert ist. Und das kannst du selbst tun:

Danke an alle, die letzte Woche über Sexismus und Belästigung diskutiert haben. Ihr macht gesellschaftliche Veränderung möglich. Kontaktiert uns gerne, wenn ihr Unterstützung braucht.

[Kommentare sind nur unter der englischen Version dieses Posts aktiv.]

Die Ada-Initiative ist eine gemeinnützige Organisation, die sich für die Steigerung der Partizipation und des Status von Frauen im Feld “Open Technology and Culture” einsetzt. Unsere Arbeit, welche diesen Blogpost, die Vorlage für eine Anti-Harassment Policy und viel der dazugehörigen Dokumentation beinhaltet, wird durch Spenden von Community Mitgliedern wie dir finanziert.

Donate now

Re-post: Why conference harassment matters

This is a repost of one of our most popular articles of 2012, originally published August 1, 2012. It has been updated to include announcements of anti-harassment policies by three hacker conferences, BruCON, DeepSec, and CCC 29.

This weekend was DEFCON 20, the largest and most famous hacker[1] conference in the world. I didn’t go to DEFCON because I’m a woman, and I don’t like it when strangers grab my crotch.

Let’s back up a little bit. DEFCON is a stellar computer security conference, attended by famous computer security experts, shadowy government “spooks,” creative hackers of all sorts, and the journalists who write about them. I first attended DEFCON in 1995 as a gawky 17-year-old. DEFCON 3 was just a few hundred computer security experts wearing black leather jackets and milling around in a ballroom at the Tropicana Hotel in Las Vegas.

DEFCON 3 badge

The author’s first DEFCON badge

That weekend I learned about Kevin Mitnick getting hunted down by the FBI, war-dialing for modems, and the existence of the Internet. I met a guy with long red hair named Dan Farmer who had written a program called something like EVIL, or SATAN, I wasn’t sure which.

I was so inspired by the fascinating, brilliant, frequently leather-clad people I met at DEFCON 3 that I became a computer programmer. I still have my first DEFCON badge, a cheesy purple and white laminated number with only my first name – at age 17, I wasn’t about to to give my full name to a conference full of hackers!

DEFCON today

Fast forward 17 years to DEFCON 20. Every time I read about something cool happening at DEFCON, I wanted to jump on the next flight to Las Vegas. But I didn’t, because of my own bad experiences at DEFCON, and those of people like KC, a journalist and student in San Francisco who wrote about attending DEFCON 19:

Nothing could have prepared me for the onslaught of bad behavior I experienced. Like the man who drunkenly tried to lick my shoulder tattoo. Like the man who grabbed my hips while I was waiting for a drink at the EFF party. Like the man who tried to get me to show him my tits so he could punch a hole in a card that, when filled, would net him a favor from one of the official security staff.

Or the experience of one of my friends, who prefers to remain anonymous. At a recent DEFCON, while leaning over to get her drink at the bar, someone slid his hand up all the way between her legs and grabbed her crotch. When she turned around, the perpetrator had already disappeared into the crowd.

My own stories from DEFCON seem tame compared to what these women went through, but I couldn’t take the constant barrage of sexual insults and walked out halfway through DEFCON 16, swearing not to return if I was going to be harassed like that again.

Unfortunately, DEFCON isn’t unusual among hacker conferences. Similar stories about Black Hat, HOPE, CCC, and others are also common. Sexual harassment at other computer conferences often appears unintentional, but at hacker conferences it’s often clear that the perp is doing it on purpose, and enjoying the hell out of it. As a woman, it’s hard to justify attending a hacker conference when I can go to an academic computer conference and get treated like a human being most of the time.

Why harassment matters

At this point, some of you are thinking, “Well, if DEFCON is so bad for women, women just shouldn’t go. Who cares?”

As KC puts it, “Defcon is also many wonderful things. It is a fantastic environment to learn, network, and connect with friends old and new.” There’s a reason that I attended DEFCON five times before I quit. DEFCON and other hacker conferences are popular for all the reasons that conferences exist at all: learning new things, meeting people in your field, improving your reputation, finding jobs, and making new friends.

I’ll start with the most obvious benefit of attending DEFCON: jobs. Did you know that Twitter is recruiting computer security experts at DEFCON? So are Zynga and the NSA:

@netik: Twitter is hiring security people. If you are at defcon and need work, @ reply me and let's meet up.

Happy Recruiting! NSA top spy going to #Defcon 2012  via @examinercom #infosec #cybersecurity

I am recruiting for AppSec, SecEng, and SecIR positions at @Zynga this week at BsidesLV, Defcon, and Blackhat. Lets talk.

Twitter, Zynga, and the NSA are only a few of the companies and government agencies that consider DEFCON prime recruiting ground for experts in all sorts of areas: network security, operating systems, robotics, surveillance, electrical engineering, intrusion detection, and anything that communicates via electromagnetic waves. When companies recruit at DEFCON, and women aren’t at DEFCON, both the companies and the women miss out.

But how do you become qualified for a computer security job in the first place? Computer security isn’t very well documented, or taught in any depth in most universities. After my first DEFCON, I knew to sign up for the DEFCON mailing list, read the 2600 magazine, and check out a copy of the UNIX Systems Administration Handbook from the computer center library. When I got a computer account at my university, I logged into the UNIX workstations instead of the Windows machines because I knew UNIX was what hackers used. I poked around UNIX until I found files I couldn’t read and commands I couldn’t run, and then I started reading manuals to understand why. I eventually became a worldwide UNIX file systems expert – all because I went to this obscure little conference in Las Vegas in 1995.

For those women who work or want to work in a computer security related field, conferences like DEFCON are the best chance to meet influential people in the field. Take Bruce Schneier, a professional speaker and the author of “Applied Cryptography” (known outside computer security for coining the term “security theater” to describe TSA security measures). I met Schneier at DEFCON 6, when I made a joke that he reused in his talk a few minutes later. The DEFCON speaker list is a who’s who of modern digital glitterati – and in a strange twist of fate, now includes the Director of the NSA.

Giving the right talk at DEFCON can make your entire career and net you dozens of offers for jobs, contracts, and book deals. DEFCON is good for hands-on learning too: For example, every year teams of security experts compete in contests like “Capture the Flag” to show off their skills and learn from each other.

Finally, everyone at DEFCON benefits from more women attending. Women “hackers” – in the creative technologist sense – are everywhere, and many of them are brilliant, interesting, and just plain good company (think Limor Fried, Jeri Ellsworth, and Angela Byron). Companies recruiting for talent get access to the full range of qualified applicants, not just the ones who can put up with a brogrammer atmosphere. We get more and better talks on a wider range of subjects. Conversations are more fun. Conferences and everyone at them loses when amazing women don’t attend.

When you say, “Women shouldn’t go to DEFCON if they don’t like it,” you are saying that women shouldn’t have all of the opportunities that come with attending DEFCON: jobs, education, networking, book contracts, speaking opportunities – or else should be willing to undergo sexual harassment and assault to get access to them. Is that really what you believe?

Is change coming to hacker conferences?

Back to KC:

I know Im not alone in being frustrated with the climate at Defcon. Last year at Deepsec in Vienna, I met a fantastically intelligent woman developer who flat out refused to attend Defcon because of interactions like those listed above. I can think of countless other women I know in the tech industry who are regular Defcon participants and speakers who are just as fed up with this crap as me. I wonder why we’ve all been so polite about such an unhealthy atmosphere.

Red/yellow (and green) cardsRed/yellow (and green) cardsKC stopped being polite, and started doing something about the sexist atmosphere at DEFCON: she created the Red/Yellow Card Project. She got the idea from a joke a rugby-obsessed friend made after she complained about sexism at DEFCON, suggesting that she hand out red and yellow penalty cards to people making sexist comments. She designed and printed the cards and distributed them at this year’s DEFCON, with mixed reception. Some people vehemently objected, but others loved it. DEFCON founder Jeff Moss offered to pay for the printing costs of the cards.

How the Ada Initiative is changing conferences

The cards are a hilarious way to raise awareness of the problem of brutal sexual harassment at DEFCON and similar conferences. Unfortunately, it will take more than raising awareness to make hacker conferences safe for women. That’s one reason why I quit my cushy computer programmer job and co-founded the Ada Initiative, a non-profit supporting women in open technology and culture. Our scope includes open source software, open hardware, and open data – all of which are major parts of hacker conferences like DEFCON.

The Ada Initiative’s first project: an example written policy that bans harassment at conferences, sexual or otherwise, of people of all genders. Organizers for literally hundreds of conferences have adopted some form of this policy, including open source software conferences from Linux to Python to Git, the world’s largest Wikipedia conference, Wikimania, and a plethora of others including gaming cons, open video conferences, science fiction conventions, and even skeptic/atheist meetups.

The policies aren’t just empty words; several conferences have enforced their policies successfully. Many conference organizers have told us that they had record women’s attendance after they adopted a policy aimed at reducing harassment (and often higher overall attendance as well). One conference organizer said that the first year they worked hard to invite 30% women, everyone enjoyed the conference so much more that they’ve done it every year since. When women feel welcome at a conference, everyone enjoys the conference more.

A call to action and a challenge

We’re waiting to hear about the first[2] hacker conference to adopt a specific, enforceable, well-planned policy protecting women from harassment – and then we’re going to promote the hell out of it. Will it be HOPE? CCC? DEFCON? Whichever hacker conference is first will get dozens or hundreds of new attendees, women and everyone else, too. If you want this to be your conference, and you want help designing and implementing a policy, email us at

Updated to add on December 28, 2012: The first[3] three hacker conferences to adopt and publicize an anti-harassment policy are BruCON, DeepSec, a hacker conference in Vienna, and Chaos Communications Congress, a hacker conference in Germany. You can read more in an interview with the BruCON organizers, a report from the first BruCON with a policy, and an interview with the DeepSec organizers. CCC is on-going at the time of this post; see here for more information on how to report harassment to the organizers. See below for more on our criteria for listing conferences for this challenge.

If you’re not a conference organizer, you can help too! We’ve created a list of actions to take to support policies preventing harassment at conferences, all field-tested for effectiveness. To name just a few, you can publicly request a policy by blogging or tweeting, organize a community petition asking for a policy, and when speaking, make your appearance contingent on a policy.

Finally, if you like the work that the Ada Initiative is doing, you can support us by joining our announcement mailing list or donating to support our work for women in open technology and culture (we’re a tax-exempt non-profit charitable organization supported by donations and we do this for a living).

Donate now

[1] The precise meaning of the word “hacker” has been the subject of furious debate for at least 30 years. Suffice to say that in this post it does not mean exclusively “person who breaks into computers” and it includes people who experiment with computers and hardware for curiosity’s sake.

[2] Updated on December 28, 2012: The title of “first” hacker conference to have a “specific, enforceable, well-planned policy protecting women from harassment” is in dispute. Kiwicon is a hacker conference that has a (hilarious) Code of Conduct:

Kiwicon attempts to be a relatively informal conference where all members of the hacking community can come together over one weekend. Individuals intent on sprinkling fetid douchenuggets over the ice-cream sundae of anyone else’s enjoyment may incur penalties, reprisals or sanctions at the discretion of the Crue. In other words, the Crue reserve the right to kick you out, own your boxen and publicly shame you if you’re being an idiot.

CCC 27 and 28 previously had a FAQ entry banning harassment but did not publicize the change or enforcement widely. Other hacker conferences have contacted us to say they have secret anti-harassment policies.

None of these meet our criteria of a “specific, enforceable, well-planned policy protecting women from harassment.” In particular, we have observed that an anti-harassment policy is ineffective unless it is both specific and widely publicized and publicly enforced (see this guide we contributed to for documentation on how to do so). Half the purpose of an anti-harassment policy is to educate the attendees about specific actions that are harassing, which can only be done if the policy lists specific actions and if the attendees read it. As a result, we consider BruCON to be the first hacker conference to adopt (and by all accounts, successfully enforce) an anti-harassment policy.

Chaos Communications Congress 29 becomes third hacker conference to ban harassment

Drum roll, please! The third major “hacker” conference to publicly adopt an anti-harassment policy is Chaos Communications Congress 29! CCC is a conference about technology, society, and creativity, and is one of the most popular conferences in the field. Thousands of people travel from all over the world to Germany during the last week of December each year to attend CCC.

CCC joins BruCON and DeepSec as the first three hacker conferences to publicly pledge that they do not condone and will respond to harassment based on age, gender, sexual orientation, race, physical appearance or disability. CCC 29 has set up a special team available 24 hours a day to respond to harassment, with a phone number, email address, and even Twitter account! (We note that the German translation of KC Crowell‘s “Creeper Move” cards was also recently announced.)

Updated to add Fri Dec 28 07:30 UTC:Tips on reporting harassment, responding to reports of harassment, and related resources are available on the Geek Feminism wiki. Writing these kinds of documents are part of what the Ada Initiative does.

We at the Ada Initiative are astonished and amazed to close out 2012 with so much progress in the area of harassment of women at conferences – and it goes way beyond conferences. Each time conference organizers make a public pledge like this, it kicks off a conversation that reveals people’s opinions and beliefs about the role of women in their community – and often changes them for the better. What we find out is often not pretty, but it is also the reality that women in our communities experience. Becoming aware of the problem is the first step in fixing it and becoming the kind of community we believe we truly are.

Bravo and congratulations to the organizers of CCC, BruCON, DeepSec, and everyone else who worked in 2012 to make open technology and culture more welcoming to people of all genders!

Note to conference organizers: The title is still open for the first non-European hacker conference to adopt a public, specific, and enforceable policy against harassment. The honor could be yours!

Python Software Foundation publicly announces requirement for code of conduct at all sponsored events

The Python Software Foundation just announced that it will require a code of conduct (an anti-harassment policy) for all events that it sponsors. While many sponsoring organizations have quietly made this a de facto rule (for example, four sponsors told PyCon US 2013 organizers they would not sponsor without a policy in place), the Python Software Foundation is the first the Ada Initiative has heard of to make this requirement a formal, public policy.

Current PSF chair and PyCon US chair Jesse Noller wrote an engaging, comprehensive essay on how this resolution helps the Python Software Foundation in its core mission to grow and support the Python community. This is a must-read for any organization that runs or sponsors events.

The PSF has long been a leader in diversity in open source. Will your organization be the next to join the PSF on this list of pro-diversity sponsors?

The next major PSF event is PyCon US 2013, in Santa Clara, California on March 13-21. Financial aid is available, and women are specifically encouraged to attend and apply.