![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
jducoeurI just read yesterday's update from the Board of Directors about the ACCEPS mess. It actually makes me even crankier with them than I was before.
Mind, I don't think they're lying or anything. They should damned well be providing some documentation for the allegations, but the idea that ACCEPS' security is weak is totally unsurprising -- the system is *ancient*, and should have been replaced 5-8 years ago. It was a fine service for its day, but it is pretty obviously way behind the times now.
But let's be clear: SCA Corporate is at *least* an equal partner in this mess. It isn't as if the folks behind ACCEPS went and begged everyone to use their system. It became the de facto standard because for *years* now, despite an increasing clamor across the SCA for decently modern, up-to-date alternatives, Corporate has stuck its fingers in its ears, as it tends to do, and gone "la-la-la-we-can't-hear-you-why-aren't-you-happy-just-using-ACCEPS". They essentially pushed the Society to use ACCEPS. And the upshot of the current announcement is that they probably did so without any sort of proper oversight, because I find it unlikely that this security problem -- that is deadly enough to demand not just an immediate cessation of use but threats of force against any officers who use it -- just happened. Rather, the implication is that Corporate has been effectively pushing everyone to use a system that they weren't paying attention to. Who, exactly, is at fault here?
I wouldn't be nearly so cross about all of this if it wasn't for the latest letter, which manages to be simultaneously incredibly defensive and offensive. There is no thanks for the people who have done the Society a lot of service for a lot of years. There is none of the sense of sorry loss that any competent manager would consider basic decency when letting somebody go. Instead, there is simply desperate blame-shifting. Yes, I get it -- you felt that, having found out that there has probably been a weakness in the system *for a decade now*, you felt you had to do something about it. But this suddenly? That rudely?
The issue here isn't whether ACCEPS needed to go. Like I said, I've been arguing for at least 5 years that it was outdated and needed replacement. But this sort of panicked management-by-crisis is incompetent, cruel, and in a club run by volunteers, deeply unwise. I'm disappointed.
Mind, I don't think they're lying or anything. They should damned well be providing some documentation for the allegations, but the idea that ACCEPS' security is weak is totally unsurprising -- the system is *ancient*, and should have been replaced 5-8 years ago. It was a fine service for its day, but it is pretty obviously way behind the times now.
But let's be clear: SCA Corporate is at *least* an equal partner in this mess. It isn't as if the folks behind ACCEPS went and begged everyone to use their system. It became the de facto standard because for *years* now, despite an increasing clamor across the SCA for decently modern, up-to-date alternatives, Corporate has stuck its fingers in its ears, as it tends to do, and gone "la-la-la-we-can't-hear-you-why-aren't-you-happy-just-using-ACCEPS". They essentially pushed the Society to use ACCEPS. And the upshot of the current announcement is that they probably did so without any sort of proper oversight, because I find it unlikely that this security problem -- that is deadly enough to demand not just an immediate cessation of use but threats of force against any officers who use it -- just happened. Rather, the implication is that Corporate has been effectively pushing everyone to use a system that they weren't paying attention to. Who, exactly, is at fault here?
I wouldn't be nearly so cross about all of this if it wasn't for the latest letter, which manages to be simultaneously incredibly defensive and offensive. There is no thanks for the people who have done the Society a lot of service for a lot of years. There is none of the sense of sorry loss that any competent manager would consider basic decency when letting somebody go. Instead, there is simply desperate blame-shifting. Yes, I get it -- you felt that, having found out that there has probably been a weakness in the system *for a decade now*, you felt you had to do something about it. But this suddenly? That rudely?
The issue here isn't whether ACCEPS needed to go. Like I said, I've been arguing for at least 5 years that it was outdated and needed replacement. But this sort of panicked management-by-crisis is incompetent, cruel, and in a club run by volunteers, deeply unwise. I'm disappointed.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
Clueless
Date: 2015-04-21 12:30 pm (UTC)"I did not anticipate that my official memorandum to the Kingdom Seneschals (the same email was sent by the Corporate Treasurer to the Kingdom Exchequers) would be disseminated in whole or in part on Social Media feeds"
If that's a true statement, it argues the the author is completely out of touch with the membership and the modern age.
Re: Clueless
Date: 2015-04-21 12:47 pm (UTC)The fact that the author seems to be downplaying this is frankly terrible.
Re: Clueless
Date: 2015-04-21 02:43 pm (UTC)Actually, as someone who has sat on several boards, I can honestly say that official news should NOT be put on social media feeds. Generally, there are press releases that go out onto social media, while leaving the rest for behind the scenes. In fact, one of my associations brought legal recourse against an officer who released more information than permitted. These stipulations are all outlined in the paperwork we have to sign to become officers.
Maybe that's something people in the SCA need to remember. When you're an officer you are expected to act professionally. I've never been paid for any of the professional boards that I have sat on. But, to release information in a professional document to the membership is inexcusable to me. Everyone does not need to know everything.
Re: Clueless
Date: 2015-04-21 04:00 pm (UTC)And frankly, an announcement like this, which has dramatic effects on the day-to-day running on the Society (a lot of people have come to expect and depend upon ACCEPS), absolutely *must* be done publicly. This isn't a minor administrative detail -- it affects hundreds of officers, and thousands of attendees, and was stated in terms of, "If you violate this brand-new ruling from this moment forward, you're fired", so it *needed* to be released far and wide, ASAP. The fact that the announcement was *not* made publicly in the first place was a gaffe.
So yes, I agree, not everything needs to be chewed over on social media. But this one totally did, and it was foolish of them to not realize that it would be.
(And just for the record, I disagree that it is ever inexcusable to release policy statements publicly. They're policy, they affect the public, and it is always reasonable for the public to know that they're there...)
Re: Clueless
Date: 2015-04-21 08:43 pm (UTC)Yes, a press release should have been done publicly, and people could be made to know things that they needed to. But, not everyone needed to know everything because 1) We're adults and that's the way the world works, and 2) Not everyone understands every facet. Sometimes too much information is even more detrimental than a small chunk.
Re: Clueless
Date: 2015-04-21 09:10 pm (UTC)You're missing my point -- it's not that the Board are volunteers, it's the *hundreds and hundreds* of volunteer branch Seneschals, most of them untrained to any significant degree and many holding their offices solely because *somebody* had to do it or the group gets flushed. This letter was essentially directed to them, and expecting them to not talk publicly about a threat to fire them is just plain nonsensical.
Sometimes too much information is even more detrimental than a small chunk.
Nice theory, but the history of the club says that the more secretive the Board is about something, the bigger the blunder they're probably making. There are dozens of examples of this over the decades. So saying "we're professionals; trust us" simply doesn't wash -- the distrust is deeply earned, and too often deserved. (Even now, and I will be clear -- the Board are a lot better than they once were.)
Indeed, a chunk of the problem is that the people at the top are, by and large, significantly *less* trained and *less* professional than many of the members. I know any number of folks in the SCA who have serious professional training in running organizations of all sorts, who are constantly exasperated by the unprofessional mistakes that the SCA makes.
Unfortunately, our system of government for the Corporation is only slightly better at selecting for relevant skills than our Crown Tournies are. I marvel at the fact that a system quite so dysfunctional has managed to go for over 45 years without entirely exploding...
Re: Clueless
Date: 2015-04-22 02:25 pm (UTC)Your points notwithstanding, the SCA is badly run, from the top down. And that includes the lower levels that demand things they should not have.
They've been trained and taught to expect this stuff, but that doesn't make it a good habit: it's a bad habit.
Whether it can be cured is another question, entirely.
Re: Clueless
Date: 2015-04-22 01:41 am (UTC)Re: Clueless
Date: 2015-04-22 02:25 pm (UTC)Re: Clueless
Date: 2015-04-22 03:54 pm (UTC)1. They were sufficiently incompetent that they didn't actually have the data.
2. They were covering somebody's ass. Disclosure of the data would have required a reveal of something like embezzlement or gross financial negligence.
3. The organization had made an undisclosed settlement of a lawsuit, and releasing the financial data would have required it to reveal that it had made such a settlement.
My point is that all three answers are unacceptable behavior, and the membership has a right to know which of those things actually happened. To specifically address #3, I believe that our position should be that we don't make undisclosed settlements, ever, under any circumstances, no matter how much the lawyers beg us to do it.
But that was only the capstone of many years of insufficient disclosure about what the SCA, Inc was doing with our money. The organization's financial disclosures were minimal for many years; we really had no idea what all the money we were sending to Milpitas was being spent on.
The situation has improved somewhat since the lawsuit I mentioned; although they didn't release the requested data, they seem to not want to be sued AGAIN. But I still find it inadequate. I admit to being a radical in this regard. I want the SCA to operate on a basis of radical organizational honesty, where ALL information is public unless there is a compelling reason for it to be otherwise. This is exactly opposite to typical corporate behavior, where all information is private unless the corporation is legally required to reveal it (or it leaks).
Re: Clueless
Date: 2015-04-22 03:59 pm (UTC)Re: Clueless
Date: 2015-04-22 04:04 pm (UTC)But I was asking you a different question. You make the rather remarkable statement that "Everybody DOES need to know everything".
That runs counter to most of what I've learned over the years about corporate governance and non-profit governance.
Now, obviously: when I was a plaintiff, I was asking for particular information, information that the SCA had promised to make public, and which (based upon recent events) it seemed appropriate to see. We won: and we did get that data, actually.
But my question of your comment still stands: what information, expertise or even pure emotion supports your rather broad and remarkable statement?
Re: Clueless
Date: 2015-04-23 05:21 am (UTC)There are reasons that corporations do it; secrets can convey competitive advantage. (I think the damage done by excessive secrecy outweighs the private benefit that that's a discussion for another day.) But that reason doesn't apply to us. (Nor does it apply to government in most cases.) We have no reason whatsoever to care about competition; if other organizations use our lessons to find ways to make people happier than we do, more power to them. Therefore we should be aspire to a higher ideal than corporations do, and I believe that the radically honest disclosure that I am advocating is that higher ideal.
Re: Clueless
Date: 2015-04-23 05:32 am (UTC)Best possible outcome for the SCA, but could not have been accomplished under your terms.
Rebuttal? Because I have more examples.
Re: Clueless
Date: 2015-04-23 05:59 am (UTC)But I can't help thinking about the situation that the Catholic Church has found itself in recently (as in the past few years). The reason they took such a beating on abuse is not merely because it happened, but because the Church swept it under the rug for many years. In other words, institutional secrecy made the situation far worse than it otherwise would have been.
I don't know whether anything similar happened in the Schragger case. But from the outside, I can't help wondering whether there was a failure on the part of the SCA to respond immediately and publicly to abuse.
Re: Clueless
Date: 2015-04-23 12:52 pm (UTC)Any government, at any level, requires checks and balances. The SCA has a bad habit of excessive secrecy, dating right back to the beginning (things were much, much worse in 1972 than they are today), and we need to always be watchful for that. But that's not the same thing as saying that we must necessarily swing to the absolute opposite pole; rather, it means that the membership should have effective ways of providing checks on Corporate. Extreme openness is neither necessary nor sufficient for that -- it's over-simplistic. Indeed, it's arguably a distraction from what we *should* be focused on, which is creating actually-effective checks.
By and large, I actually think Corporate is doing a decent job of appropriate openness these days: they're making a sincere and usually fairly effective effort to keep the membership in the loop. (They still make idiotic mistakes, such as the colossal fuckup around the Masters of Defense, but those tend to be more problems of process than secrecy.) That's why the current example stands out -- the naivete of "I didn't think this strongly-worded threat was going to get to social media" was kind of breath-taking. Once something *is* semi-public, it's going to become public; that's always been true, and is only moreso today. Failing to understand that and take it into account is just going to get you in trouble...
Re: Clueless
Date: 2015-04-23 01:24 pm (UTC)I think we can all agree that we wouldn't want AJ writing press releases for us, personally. :-)
I know one of his deputies, pretty well: if he'd worked with that deputy BEFORE sending stuff out, it would likely have been much more benignly written, and less foolish on the social media front.
As I apply 20/20 hindsight, I wish that the SCA has worked more closely with the ACCEPS staff: asking them to stop taking new applications for events, and quietly winding up their existing event affiliations. Reading between the lines a little more closely than is warranted, perhaps they felt that ACCEPS would be non-responsive, if asked.
But they could have dropped this same hammer at that time, in the worst case, and with more justification.
Justin, since you and I have both worked in software security, we both know that if there is a known vulnerability in a process, you attempt to resolve it quietly and secretly, and only announce it when the hole is closed, or when the hole clearly will NOT be closed.
Pryder is just wrong on the secrecy extremism - but that is a good-hearted mistake, based mostly on a lack of experience, I think. "If secrecy is bad, more transparency is good, and arguably ultimate transparency is best".
This is a "take the whole bottle of aspirin" theory, to which I do not subscribe.
Re: Clueless
Date: 2015-04-23 05:39 am (UTC)Re: Clueless
Date: 2015-04-23 05:53 am (UTC)Organized activity is not fungible in the way that manufactured goods are. People may be drawn away from the SCA because they find other things to be more fun, but we won't lose members because some other organization undercuts our prices by a nickel or a dollar. We don't have to worry about losing our bids for people's time because a competitor reads our bids in advance and underbids us.
And suppose that the SCA fades away because people lose interest and spend their time and money on other things? If that happens, I don't see it as a tragedy. You may disagree.
Re: Clueless
Date: 2015-04-23 01:29 pm (UTC)That is obviously not the case, and you haven't proved otherwise. In fact, you have proved my point: that the SCA does have competition, and does have to worry about other groups, as you'd said earlier.
We're probably a lot closer in agreement than this discussion makes us appear: but your unsupported absolutism is just not something I can get behind. You are making very extreme statements as if they are facts, but lack the evidence or experience to back them up.
That should be a sign to you to be open to education, further discussion, and perhaps a change of position. I can't argue with a "faith-based" position, but it isn't particularly persuasive, either.
Re: Clueless
Date: 2015-04-21 03:19 pm (UTC)Re: Clueless
Date: 2015-04-22 02:27 pm (UTC)And well said, too. ::chuckle::
(no subject)
Date: 2015-04-21 12:46 pm (UTC)(no subject)
Date: 2015-04-21 01:45 pm (UTC)I like him, personally, and he's smart and he cares.
I've back-stopped some of his SocSen staff on various projects, as friends: I helped them out when they needed it. It's clear to me that this note of his was not written with any outside help: it reads like the drafts of his that we then massively changed.
I know that "he's a good guy" is either a weak defense, or no defense at all. But he is. As one of those that have helped him behind the scenes, it is maddening that he didn't get that help again.
(no subject)
Date: 2015-04-21 02:02 pm (UTC)(no subject)
Date: 2015-04-22 01:44 am (UTC)(no subject)
Date: 2015-04-22 02:28 am (UTC)For example, the CEO at my employer is bad at social media. But he has staff who are gifted at it.
Same for AJ. But when he says that he is not reachable on social media, that is exactly what he means. That doesn't mean that none of his staff are on social media.
I'm sure that if you could find a more perfect volunteer and could get them to take the job for nothing, the Board would be happy to appoint them at the end of AJ's service period.
I am familiar with both his strengths and weaknesses. He has both. Overall, I think there was no better candidate that wanted the job at that time.
(no subject)
Date: 2015-04-21 02:48 pm (UTC)(no subject)
Date: 2015-04-22 02:29 am (UTC)Similar issues, though.