Sonasoft: We never had access to Eastasia

Sonasoft is in a tough position these days. They’re probably no worse than any other company that’s pursuing government contracts, but they found themselves in the wrong place at the wrong time, and anything they say makes things worse.

The IRS lost Lois Lerner’s email messages during a critical period, allegedly because of a computer crash. White House press secretary Josh Earnest mocked the skeptics by implying data loss is routine and no measures exist to prevent it: “You’ve never heard of a computer crashing before?” Well, yes, I have. And I’ve heard of backup. Earnest was somehow hoping that most Americans in this computer age haven’t.

Between the timing of the loss and the administration’s attempt to pretend that irrecoverable loss is routine and inevitable, there’s plenty of grounds for suspicion. On the other hand, bureaucrats will routinely pretend nothing is wrong even if it makes them look worse in the end, and there’s a plausible case that only sloppiness was to blame. An article by Megan McArdle for Bloomberg makes this case.

According to the article, the IRS arbitrarily limited mailboxes to 500 megabytes in 2011. Lerner was archiving her mail on her local hard drive, which wasn’t backed up. The server had been backed up, but the 2011 backup tape had been recycled long ago. This is inexcusably negligent; it’s also very common practice, in both government and private business. No intent to cover up is necessary. However, according to testimony by U.S. Archivist David Ferriero, the IRS did not follow the law when it failed to report the data loss.

More recently it was disclosed that the IRS had contracted to Sonasoft to do backups, with the contract ending shortly after the period of Lerner’s lost email. On Twitter, the company boasted of this:

If the IRS uses Sonasoft products to backup their servers why wouldn't you choose them to protect your severs? http://www.sonasoft.com

— Sonasoft.com (@Sonasoft) October 9, 2009

Now Sonasoft has reversed itself, trying to minimize its role in doing backups for the IRS. In a weirdly Orwellian phrasing, it declares: “Sonasoft does not have IRS email. Sonasoft never had access to IRS email.” We’re now told that Sonasoft provided backup only for IRS Counsel and not any other division, which sounds rather different from “the IRS uses Sonasoft products to backup their servers.”

Were people in the IRS trying to hide something, or was this just one more snafu? I don’t know, but either way the IRS and its defenders in the Obama administration come out looking really bad.

The thinking behind fannish speech codes

Having face-to-face discussions helps to understand how people are thinking when they want something that looks like a really bad idea. It may not make it look more sensible, but it’s valuable for formulating an answer in a way that addresses their concerns.

From a recent conversation about treating the content of speech as “harassment,” I can see what some of the advocates are trying to do and what they’re missing. Others might be coming from a different start, of course, but this is what I was seeing.

The place they’re starting from is the assumption that people’s reactions can provide the basis of a code of conduct, because the hurt that people experience from others’ words is real hurt. If someone I respect says I’m being an idiot, it hurts. If they’re right, the knowledge that I was and others recognize it hurt. If they’re wrong, the realization that their judgment doesn’t live up to my image hurts. If someone I don’t respect says I’m an idiot, I might feel anger, which is a kind of pain. In some cases, I might also feel fear. This last point was stressed in the conversation I had. I’m familiar enough with it myself, from the harassment campaign I experienced in the late nineties.

Another discussion with some of the same people was on how people think in narratives, affecting how they evaluate actions and events. If you think of a speech code as part of a campaign to keep people from being intimidated and distressed at conventions, it can seem good and admirable. If you think of it as the first step down the road to enforced conformity, not so much so. In fact, it can take on aspects of both story lines at once. You have to consider all the consequences of an action, not just the ones that support one worldview.

I can agree with this much: When people say things that cause undeserved distress, anger, or fear, they deserve to be rebuked. In cases like this they’re being unjust, and even if their target is strong enough not to feel bothered, it’s wrong. The problem comes when you try to use people’s reactions as the basis of a code of conduct.

First, you have to separate warranted from unwarranted hurt. If someone entrusted with selling other people’s merchandise shorted the sales figures, then calling them on it will hurt them, not just emotionally but in their business reputation. A code which prohibits humiliating and embarrassing people would prohibit making their actions public, and thus leave the victim with less recourse. This is a real-life example, by the way; I publicly called the perpetrator out on this, and one person verbally attacked me for it. By the “humiliation is harassment” standard, the cheat was the victim, I was the harasser, and the person cheated was expected to stay quiet. (This was over 10 years ago; I’m not bringing out any names now.)

If a convention policy just concerns itself with whether someone feels hurt, then people are prohibited from telling painful truths. If it gets into whether they deserve it or not, then the concom has to become the judge of complicated debates.

Another problem with basing a policy on people’s emotional pain is that it encourages playing the victim. The person who’s strong enough not to feel hurt — or stubborn enough not to show it — has no case to make. The person who’s offended by everything can use that as a weapon. It’s to your advantage to be hurt, or at least to look that way.

The people I was talking with stressed the cases where any reasonable person would agree the speaker was a complete jerk. As the ones running the con, they wouldn’t apply a policy in a way that let people play the victim. I’m sure they don’t intend to. But the problem is that once you set a policy, you have to stick by it or look bad. With weapon policies, you can’t just ban weapons for the people who are too stupid to handle them safely; you have to apply the same policy to everyone. The same will be true with speech policies. You can’t just apply them to the jerks and let your friends speak freely.

The problem isn’t just that people inevitably play favorites; it’s that you can’t know what’s really going on in people’s heads. You can’t base an objective policy on people’s feelings. Even if you’re completely impartial and unbiased, you just don’t have access to the knowledge you need.

This doesn’t mean you can’t do anything about the jerks; it means that you have to pick the right criteria. I tried to make this point in the conversation, not as clearly as I would have liked. Persistently trying to talk with or stay close to a person who doesn’t want it is certainly a legitimate basis for sanctions. So is being disruptive or physically intimidating.

Speech codes just aren’t necessary to what most fans legitimately want in order to feel safe. They’re a lazy solution, encouraged by the handful of people in fandom who really do want to suppress ideas they don’t like. We can do better than that at creating an environment that’s safe for all, including people with unpopular opinions.

“Agile” vs. agility

About two years ago, I wrote a post called The anti-Agile manifesto, which has been the most often accessed post on this blog since then. After experiencing enough Agile to make me quit a job, I still stand by it; “Agile” is a senseless set of rituals that is supposed to magically cause productivity. Still, there are a few good ideas behind it that, better expressed, would be worth salvaging. This year Dave Thomas, one of the authors of the Agile Manifesto posted a new article, “Agile Is Dead (Long Live Agility),” which brings out the gulf between the authors’ original aim and what “Agile” has become.

The Agile Manifesto was badly written and caused the problems that followed. But the idea which made “Agile” appeal to people was the one of responding rapidly to change and keeping development iterations short. This, not stand-up meetings, “stories” that must fit prescribed formulas, walls full of Post-It notes, Fibonacci number cards, doing without documentation, and high-priced “scrum masters” to bring in when none of those things work, is what’s worth aiming for. I like Thomas’s distinction between “agility” as a way of doing things and “Agile” as a senseless noun.

I’ve found myself arguing lately for better responsiveness to changing software requirements, for improved communication among developers and feedback loops with stakeholders. If this were what Agile meant, I’d be all for it. Call it “agility” or “effective communication” or “feedback management” or whatever you like. Following a set of rituals doesn’t improve productivity, but a commitment to these improvements can.