GitHub shows how not to manage a crisis
Off the Beat: Bruce Byfield's Blog
The allegations of workplace harassment at GitHub make for an ugly story. They're ugly if they're true, and ugly in another way if they are motivated by personal differences. But either way, GitHub could use a lesson or two in crisis management.
The allegations are made by Julie Anne Horvath, the organizer of a monthly series of feminist talks called Passion Projects and previously a defender of GitHub in the feminist community. Horvath claims that for two years she was harassed by GitHub co-founder Tom Preston-Werner and his wife. Horvath also claims that she was harassed by a fellow GitHub employee, and received no support from the company.
In response, GitHub CEO Chris Wanstrath announced that the company had launched an investigation that found "evidence of mistakes and errors of judgment," but nothing illegal. As a consequence, Preston-Werner resigned while denying that he and his wife had done anything that made them guilty of harassment or discrimination.
Horvath, who no longer works for GitHub, denounced the investigation as a "sham."
Problems with the approach
However you parse events, GitHub's announcement of Preston-Werner's resignation is a classic example of how not to do corporate crisis management. That is, it creates the appearance of handling the crisis responsibly while being carefully worded to avoid giving anyone an opening in which to bring legal action.
The announcement specifically denies that Preston-Werner and his wife did anything illegal, giving them no reason to accuse GitHub of libel or unlawful dismissal. Instead, Preston-Werner is said to have "submitted his resignation, which the company has accepted." Whatever happened, Preston-Werner is presented as blamless of anything worse than "mistakes and errors of judgment." In fact, by supposedly resigning of his own initiative, Preston-Werner is portrayed as responsible, and his parting of ways with GitHub as aimiable. This is the same perspective that prevails in his blog about his resignation.
At the same time, the announcement is careful to admit nothing that might help Horvath allege haraassment. Instead, Horvath and her supporters are implicitly offered Preston-Werner's departure as an answer to her grievance. In addition, they are promised unspecified "new HR and employee-led initiatives as well as training opportunities to make sure employee concerns and conflicts are taken seriously and dealt with appropriately."
Basically, the announcement tries to resolve the situation while never admitting that the situation exists. This balancing act is common in the corporate world, and, if all those involved had a corporate orientation, would have had a strong chance of succeeding. Whatever everyone actually thought, they could accept the announcement as an official version of events, and move on.
The only trouble is, Horvath and her supporters are not prepared to go along with this scenario. They are not executives who will stay silent for the sake of their careers, but programmers with a different set of values than the announcement anticipates.
Perhaps they are mindful of events last January, when Wanstrath was newly appointed CEO, and feminist critiques of the limits of meritocracy in computing convinced him to replace a rug in Github's waiting room that proclaimed the "United Meritocracy of GitHub" with one reading "In collaboration we trust." Having influenced his actions once, feminists might believe that they could influence Wanstrath again.
More importantly, Horvath and her supporters are in no mood for the polite compromise that the announcement invites. Depending on how you interpret events, they are either genuinely angry at injustice, or else, having made claims of harassment, they are trapped defending their position to maintain credibility. Either way, what they want is a vindication of their position -- an admission that harassment took place. Horvath's additional allegations are an indication that she is not prepared to back down
In other words, in making the announcement, GitHub misjudged its audience. Instead of quietening the issue, the announcement has guaranteed its continuation.
The only right thing the announcement did was to end with "We know we still have work to do." That sentence had something of the personal and the candid that the entire announcement needed, except that it was far too short.
So what else might have done? Given the legal concerns, possibly not very much. Certainly an admission that harassment has taken place would have been impossible -- because then both Horvath and Preston-Werner might have a case against the company. With the priority of protecting GitHub legal the main concern, pleasing both Horvath and Preston-Werner would be impossible.
Still, GitHub could have done considerably better. One strategy might have been simply to announce Preston-Werner's resignation, and say nothing else. Such an approach would have made the effort at compromise less obvious, and might therefore have had a slightly better chance of being accepted in feminist circles.
Alternatively, GitHub might have announced, not simply promised, new internal policies. Without specifics, judging whether internal changes would be enough to answer Horvath's complaints is impossible, and the promise becomes meaningless. For added credibility, GitHub might have consulted women in computing about what those policies should be -- if not Horvath, then other feminists.
However, the greatest problem with the announcement is the complete lack any proof of sincerity or of concern beyond legalities. Granted, an apology to Horvath might be out of the question for fear that it might justify her taking legal actions. But what about starting a general discussion of harassment in the workplace and other barriers to women in technology? The announcement appears on a blog full of technical notes, in which very little suggests that GitHub is concerned about such matters.
Another proof of sincerity would have been a substantial donation to a woman's group. A donation is the kind of gesture that is associated with apologies, even when one is not actually made, and the willingness to assume an extra cost would go some way towards suggesting GitHub is committed to solving the issues raised by the episode.
None of these suggestions would guarantee rehabilitation. But, then, what GitHub actually did only resulted in getting itself on to blacklists -- and not just feminist ones. Who, after all, is going to defend a company with a reputation, deserved or not, for being soft on harassment? Almost any alternative would be an improvement.
GitHub started by making the mistake that it was addressing executives when it is actually addressing programmers -- ironically, the people who are supposed to compose its client base. Adding a focus on legalities only produced the impression of insincerity. The company now faces a year or more of rehabilitating its reputation, assuming that it can do so at all.
GitHub might eventually improve its response, but so far its actions are a case study in the pitfalls of angering your markets. Not everyone agrees with feminists in computing, but their concerns are no less important for being personal, and not about go away. To assume otherwise, as GitHub seems to have done, is only to invite immediate and relentless trouble.comments powered by Disqus
Mozilla’s product think tank sinks silently into history.
TODO group will focus on open source tools in large-scale environments.
New tool will look like GParted but support a wider range of storage technologies.
New public key pinning feature will help prevent man-in-the-middle attacks.
Carnegie Mellon researchers say 3 million pages could fall down the phishing hole in the next year.
The US government rolls new best-practice rules for protecting SSH.
Klaus Knopper announces the latest version of his iconic Live Linux system.
All websites that use these popular CMS tools could be vulnerable to denial of service attacks if users don't install the updates.
According to a report, many potential victims of the Heartbleed attack have patched their systems, but few have cleaned up the crime scene to protect themselves from the effects of a previous intrusion.
DARPA and NICTA release the code for the ultra-secure microkernel system used in aerial drones.