This code of practice applies to all CiviCERT spaces, either in online interactions or associated events or social gatherings. Members and participants are responsible for knowing the values promoted by the CiviCERT, which are detailed in this document, and abiding by the rules detailed below.
The aim of the CiviCERT is to engage, connect, and support its members to better help civil society build capacity and strength. CiviCERT strives to facilitate collaborations as needed, share information to alert emerging digital security threats to civil society, and foster other digital security help desks in improving protection for civil society members and organizations.
CiviCERT is committed to providing a safe and welcoming environment for addressing and discussing issues related to the holistic and digital security of the communities in which we work. In particular, we aim to banish any shame or stigma surrounding digital security mistakes or hacking, so we encourage all those involved to approach interactions with open, listening and supportive attitudes, and to engage constructively with others at all times.
More specifically, CiviCERT spaces are committed to promote the following values:
Confidentiality: We will handle all incoming information confidentially and will not disclose it to third parties without consent. We will handle incoming information responsibly and protect it against inadvertent disclosure to unauthorised parties. The security of the methods of storing and transmitting information inside or outside the CiviCERT will be appropriate to its sensitivity. We invite all members to read the CiviCERT policy regarding how information should be classified, stored, shared, and destroyed.
Any remote coordination or online initiatives will happen through secure channels that run on free and open source software and, especially if not end-to-end encrypted, are managed and hosted by trusted parties, ideally by CiviCERT members. Commercial or proprietary tools will be avoided, especially if they have a history of violating users’ privacy.
Collaboration: We have a strong commitment towards fostering solidarity, connection, cooperation and a sense of community in our convening spaces.
Inclusivity: We believe in the importance of diversity in a way that fosters non-discrimination, free expression, participation and equality.
Do-No-Harm: We are aware of how our actions, behaviors and ways of communicating can have a positive or negative effect on the people surrounding us, and try to mitigate these as much as possible. We are aware of the elements affecting our own position of power, and make space for acknowledging these structures within CiviCERT spaces. CiviCERT is dedicated to providing a harassment-free experience for everyone, regardless of gender, gender identity and expression, age, sexual orientation, disability, physical appearance, body size, race, ethnicity, religion (or lack thereof), technology choices, skill set or level of knowledge. We do not tolerate harassment of community members in any form. Anyone who violates this code of conduct may be sanctioned or expelled from these spaces at the discretion of the CiviCERT team.
Harassment
Harassment may occur online or in person. Examples of unacceptable behavior include:
- Offensive comments which reinforce social structures of domination and/or are related to gender, gender identity and expression, sexual orientation, disability, mental illness, neuro(a)typicality, physical appearance, body size, age, race, or religion.
- Offensive comments and flamewars about other people’s choices of recommended practices, skills, procedures and tools.
- Unwelcome comments regarding a person’s lifestyle choices and practices, including those related to food, health, parenting, drugs, and employment.
- Deliberate misgendering or use of ‘dead’ or rejected names.
- Gratuitous or off-topic sexual images or behavior in spaces where they’re not appropriate.
- Physical contact and simulated physical contact (e.g., textual descriptions like “hug” or “backrub”) after request to stop. Threats of violence.
- Incitement of violence towards any individual, including encouraging a person to commit suicide or to engage in self-harm.
- Deliberate intimidation.
- Stalking or following.
- Harassing photography or recording, including logging online activity for harassment purposes.
- Sustained disruption of discussion, talks or other events.
- Unwelcome sexual attention or physical contact.
- Pattern of inappropriate social contact, such as requesting/assuming inappropriate levels of intimacy with others
- Continued one-on-one communication after requests to cease.
- Deliberate “outing” of any aspect of a person’s identity without their consent except as necessary to protect vulnerable people from intentional abuse.
- Publication of non-harassing private communication.
- Publishing another persons’ private information, such as physical or electronic addresses, without explicit permission
- Advocating for, or encouraging, any of the above behaviour
- Drugging food or drink
- Violating the privacy policy of an event in order to attract negative attention to an attendee
- Enlisting the help of others, whether in person or online, in order to target a member We prioritise marginalised people’s safety over privileged people’s comfort.
Our team will not act on complaints regarding:
- ‘Reverse’ -isms, including ‘reverse racism,’ ‘reverse sexism,’ and ‘cisphobia’
- Reasonable communication of boundaries, such as “leave me alone,” “go away,” or “I’m not discussing this with you.”
- Communicating in a ‘tone’ you don’t find congenial
- Criticising racist, sexist, cissexist, or otherwise oppressive behavior or assumptions
Let someone leave a conversation that makes them uncomfortable, and do not follow people who asked to be left alone. If you discuss difficult topics that may be traumatic for participants, provide warnings so people may leave a conversation or plan coping strategies.
Reporting
If you are being harassed, notice that someone else is being harassed, or have any other concerns, please notify sending an email to aloha@civicert.org. Currently, there are four persons receiving these emails: Alexandra from DDP, Bahaa, Beatrice from Access Now, and Mario from Conexo. Reports are confidential. You will not be asked to take actions that make you feel unsafe.
This code of practice applies to CiviCERT spaces, but if you are being harassed by a person involved in CiviCERT outside our spaces, we still want to know about it. We will take all good-faith reports of harassment seriously. This includes harassment outside our spaces and harassment that took place at any point in time.
The response team will contact the accused person in order to inform them about the process and give them an opportunity to respond. The response team reserves the right to exclude people from CiviCERT based on their past behavior, including behavior outside CiviCERT spaces. We will respect confidentiality requests for the purpose of protecting victims of abuse. At our discretion, we may publicly name a person about whom we’ve received harassment complaints, or privately warn third parties about them, if we believe that doing so will increase the safety of partners or people involved with CiviCERT. We will not name harassment victims without their affirmative consent.
Harassment and other code of conduct violations reduce the value of our community for everyone. We want you to be happy in our community as people like you make it a better place. If the person who is harassing you is part of the organizing staff, they will recuse themselves from handling your incident. We will respond as promptly as we can.
Consequences
Participants asked to stop any harassing behavior are expected to comply immediately. If a participant engages in harassing behavior, the Response Team may take any action they deem appropriate, up to and including expulsion from all CiviCERT spaces and identification of the participant as a harasser to other CiviCERT members or the general public.
Licensing
This policy is licensed under the Creative Commons Zero license. It is public domain, no credit and no open licensing of your version is required. It is based on the Rapid Response Network Code of Practice. That policy in turn is based on the example policy from the Geek Feminism wiki, created by the Geek Feminism community, and the Code Of Conduct Generator.