Previous Entry Share Next Entry
Just when I thought I couldn't get crosser at the Board...
device
jducoeur
I just read yesterday's update from the Board of Directors about the ACCEPS mess. It actually makes me even crankier with them than I was before.

Mind, I don't think they're lying or anything. They should damned well be providing some documentation for the allegations, but the idea that ACCEPS' security is weak is totally unsurprising -- the system is *ancient*, and should have been replaced 5-8 years ago. It was a fine service for its day, but it is pretty obviously way behind the times now.

But let's be clear: SCA Corporate is at *least* an equal partner in this mess. It isn't as if the folks behind ACCEPS went and begged everyone to use their system. It became the de facto standard because for *years* now, despite an increasing clamor across the SCA for decently modern, up-to-date alternatives, Corporate has stuck its fingers in its ears, as it tends to do, and gone "la-la-la-we-can't-hear-you-why-aren't-you-happy-just-using-ACCEPS". They essentially pushed the Society to use ACCEPS. And the upshot of the current announcement is that they probably did so without any sort of proper oversight, because I find it unlikely that this security problem -- that is deadly enough to demand not just an immediate cessation of use but threats of force against any officers who use it -- just happened. Rather, the implication is that Corporate has been effectively pushing everyone to use a system that they weren't paying attention to. Who, exactly, is at fault here?

I wouldn't be nearly so cross about all of this if it wasn't for the latest letter, which manages to be simultaneously incredibly defensive and offensive. There is no thanks for the people who have done the Society a lot of service for a lot of years. There is none of the sense of sorry loss that any competent manager would consider basic decency when letting somebody go. Instead, there is simply desperate blame-shifting. Yes, I get it -- you felt that, having found out that there has probably been a weakness in the system *for a decade now*, you felt you had to do something about it. But this suddenly? That rudely?

The issue here isn't whether ACCEPS needed to go. Like I said, I've been arguing for at least 5 years that it was outdated and needed replacement. But this sort of panicked management-by-crisis is incompetent, cruel, and in a club run by volunteers, deeply unwise. I'm disappointed.

  • 1
While I agree with your points, one line in the letter stood out, to me.

"I did not anticipate that my official memorandum to the Kingdom Seneschals (the same email was sent by the Corporate Treasurer to the Kingdom Exchequers) would be disseminated in whole or in part on Social Media feeds"

If that's a true statement, it argues the the author is completely out of touch with the membership and the modern age.

Let's also be super clear here - it's not as if this "official memorandum" was a private email that got copy/pasted to Facebook. It was a posting on the official Society Seneschal website that is public-facing.

The fact that the author seems to be downplaying this is frankly terrible.

This line stuck out to me too.

Actually, as someone who has sat on several boards, I can honestly say that official news should NOT be put on social media feeds. Generally, there are press releases that go out onto social media, while leaving the rest for behind the scenes. In fact, one of my associations brought legal recourse against an officer who released more information than permitted. These stipulations are all outlined in the paperwork we have to sign to become officers.

Maybe that's something people in the SCA need to remember. When you're an officer you are expected to act professionally. I've never been paid for any of the professional boards that I have sat on. But, to release information in a professional document to the membership is inexcusable to me. Everyone does not need to know everything.

While I understand that viewpoint, it's just plain unrealistic in an all-volunteer club -- especially when you're issuing dire threats of revoking peoples' warrants. Y'know -- people talk to each other. So it's naive to believe that this wouldn't leak quickly. I've afraid that the "out of touch" label sticks.

And frankly, an announcement like this, which has dramatic effects on the day-to-day running on the Society (a lot of people have come to expect and depend upon ACCEPS), absolutely *must* be done publicly. This isn't a minor administrative detail -- it affects hundreds of officers, and thousands of attendees, and was stated in terms of, "If you violate this brand-new ruling from this moment forward, you're fired", so it *needed* to be released far and wide, ASAP. The fact that the announcement was *not* made publicly in the first place was a gaffe.

So yes, I agree, not everything needs to be chewed over on social media. But this one totally did, and it was foolish of them to not realize that it would be.

(And just for the record, I disagree that it is ever inexcusable to release policy statements publicly. They're policy, they affect the public, and it is always reasonable for the public to know that they're there...)

It's not unrealistic at all. None of my boards have been paid, but they've been run by adults, taking a professional interest in their position. I've seen much MUCH juicer things stay secret in all volunteer boards - even for other international clubs. It's a matter of confidentiality and understanding the purpose therein.

Yes, a press release should have been done publicly, and people could be made to know things that they needed to. But, not everyone needed to know everything because 1) We're adults and that's the way the world works, and 2) Not everyone understands every facet. Sometimes too much information is even more detrimental than a small chunk.


None of my boards have been paid, but they've been run by adults, taking a professional interest in their position.

You're missing my point -- it's not that the Board are volunteers, it's the *hundreds and hundreds* of volunteer branch Seneschals, most of them untrained to any significant degree and many holding their offices solely because *somebody* had to do it or the group gets flushed. This letter was essentially directed to them, and expecting them to not talk publicly about a threat to fire them is just plain nonsensical.

Sometimes too much information is even more detrimental than a small chunk.

Nice theory, but the history of the club says that the more secretive the Board is about something, the bigger the blunder they're probably making. There are dozens of examples of this over the decades. So saying "we're professionals; trust us" simply doesn't wash -- the distrust is deeply earned, and too often deserved. (Even now, and I will be clear -- the Board are a lot better than they once were.)

Indeed, a chunk of the problem is that the people at the top are, by and large, significantly *less* trained and *less* professional than many of the members. I know any number of folks in the SCA who have serious professional training in running organizations of all sorts, who are constantly exasperated by the unprofessional mistakes that the SCA makes.

Unfortunately, our system of government for the Corporation is only slightly better at selecting for relevant skills than our Crown Tournies are. I marvel at the fact that a system quite so dysfunctional has managed to go for over 45 years without entirely exploding...

Justin, she's right.

Your points notwithstanding, the SCA is badly run, from the top down. And that includes the lower levels that demand things they should not have.

They've been trained and taught to expect this stuff, but that doesn't make it a good habit: it's a bad habit.

Whether it can be cured is another question, entirely.

I disagree with your last line. Everybody DOES need to know everything. The SCA should only keep secrets when it is absolutely necessary, and if it ever becomes necessary the membership should be informed in as much detail as possible WHY a secret has been kept. The fact that the BoD has deviated so thoroughly from that ideal in the past is why we don't trust them.

And you base this on what knowledge, Pryder?

The #1 example would be the case some years back when the SCA had failed to release legally required financial information. After stonewalling for a while, some members took the SCA to court to force the release, and won. The SCA never did provide a satisfactory release of the data even after losing the suit, which means one of three things:

1. They were sufficiently incompetent that they didn't actually have the data.

2. They were covering somebody's ass. Disclosure of the data would have required a reveal of something like embezzlement or gross financial negligence.

3. The organization had made an undisclosed settlement of a lawsuit, and releasing the financial data would have required it to reveal that it had made such a settlement.

My point is that all three answers are unacceptable behavior, and the membership has a right to know which of those things actually happened. To specifically address #3, I believe that our position should be that we don't make undisclosed settlements, ever, under any circumstances, no matter how much the lawyers beg us to do it.

But that was only the capstone of many years of insufficient disclosure about what the SCA, Inc was doing with our money. The organization's financial disclosures were minimal for many years; we really had no idea what all the money we were sending to Milpitas was being spent on.

The situation has improved somewhat since the lawsuit I mentioned; although they didn't release the requested data, they seem to not want to be sued AGAIN. But I still find it inadequate. I admit to being a radical in this regard. I want the SCA to operate on a basis of radical organizational honesty, where ALL information is public unless there is a compelling reason for it to be otherwise. This is exactly opposite to typical corporate behavior, where all information is private unless the corporation is legally required to reveal it (or it leaks).

I'm somewhere in the middle of this argument, but it should be pointed out: goldsquare largely *led* the lawsuit you're talking about -- he knows it probably better than anyone...

Pryder - as Justin points out, I was one of the 12 plaintiffs. :-)

But I was asking you a different question. You make the rather remarkable statement that "Everybody DOES need to know everything".

That runs counter to most of what I've learned over the years about corporate governance and non-profit governance.

Now, obviously: when I was a plaintiff, I was asking for particular information, information that the SCA had promised to make public, and which (based upon recent events) it seemed appropriate to see. We won: and we did get that data, actually.

But my question of your comment still stands: what information, expertise or even pure emotion supports your rather broad and remarkable statement?

I believe that the prevailing principles of corporate governance are wrong, and that they lead to unfortunate and sometimes evil results. The corrosive environment that we now find ourselves in - one where there is a fundamental distrust of both corporations and government - largely stems from those principles and the secrecy they espouse.

There are reasons that corporations do it; secrets can convey competitive advantage. (I think the damage done by excessive secrecy outweighs the private benefit that that's a discussion for another day.) But that reason doesn't apply to us. (Nor does it apply to government in most cases.) We have no reason whatsoever to care about competition; if other organizations use our lessons to find ways to make people happier than we do, more power to them. Therefore we should be aspire to a higher ideal than corporations do, and I believe that the radically honest disclosure that I am advocating is that higher ideal.

Counterpoint: the Schragger civil settlement.

Best possible outcome for the SCA, but could not have been accomplished under your terms.

Rebuttal? Because I have more examples.

I don't know enough about the case to have an informed opinion. I can't, because the information isn't available to me. Even if I tracked down all the publicly available court documents, I would still lack a lot of necessary information.

But I can't help thinking about the situation that the Catholic Church has found itself in recently (as in the past few years). The reason they took such a beating on abuse is not merely because it happened, but because the Church swept it under the rug for many years. In other words, institutional secrecy made the situation far worse than it otherwise would have been.

I don't know whether anything similar happened in the Schragger case. But from the outside, I can't help wondering whether there was a failure on the part of the SCA to respond immediately and publicly to abuse.

I'm still in the middle of this argument, but I have to point out that the reason I can't agree with you is that your position seems quite extreme. Tibor's basically arguing that not *every* decision needs to be made completely out in the open, and he's adducing reasons to believe that things sometimes work better that way. He's likely correct -- extreme openness and extreme democracy have their own pathologies. (Eg, California's dysfunctional governance.)

Any government, at any level, requires checks and balances. The SCA has a bad habit of excessive secrecy, dating right back to the beginning (things were much, much worse in 1972 than they are today), and we need to always be watchful for that. But that's not the same thing as saying that we must necessarily swing to the absolute opposite pole; rather, it means that the membership should have effective ways of providing checks on Corporate. Extreme openness is neither necessary nor sufficient for that -- it's over-simplistic. Indeed, it's arguably a distraction from what we *should* be focused on, which is creating actually-effective checks.

By and large, I actually think Corporate is doing a decent job of appropriate openness these days: they're making a sincere and usually fairly effective effort to keep the membership in the loop. (They still make idiotic mistakes, such as the colossal fuckup around the Masters of Defense, but those tend to be more problems of process than secrecy.) That's why the current example stands out -- the naivete of "I didn't think this strongly-worded threat was going to get to social media" was kind of breath-taking. Once something *is* semi-public, it's going to become public; that's always been true, and is only moreso today. Failing to understand that and take it into account is just going to get you in trouble...

Nicely said, Justin.

I think we can all agree that we wouldn't want AJ writing press releases for us, personally. :-)

I know one of his deputies, pretty well: if he'd worked with that deputy BEFORE sending stuff out, it would likely have been much more benignly written, and less foolish on the social media front.

As I apply 20/20 hindsight, I wish that the SCA has worked more closely with the ACCEPS staff: asking them to stop taking new applications for events, and quietly winding up their existing event affiliations. Reading between the lines a little more closely than is warranted, perhaps they felt that ACCEPS would be non-responsive, if asked.

But they could have dropped this same hammer at that time, in the worst case, and with more justification.

Justin, since you and I have both worked in software security, we both know that if there is a known vulnerability in a process, you attempt to resolve it quietly and secretly, and only announce it when the hole is closed, or when the hole clearly will NOT be closed.

Pryder is just wrong on the secrecy extremism - but that is a good-hearted mistake, based mostly on a lack of experience, I think. "If secrecy is bad, more transparency is good, and arguably ultimate transparency is best".

This is a "take the whole bottle of aspirin" theory, to which I do not subscribe.

Separately: of course the SCA needs to worry about competition: membership is stagnant but aging and participation has been down for a long time. This is, in part, because of competition for people's free time and free cash. That is true of other membership hobbies as well. You seem to strongly assert as facts things which are either not true, or are just a personal opinion.

What I am saying is that organization secrets, or lack thereof, will not have any effect on whether those competing activities draw away the time and attention of our members or potential members, except perhaps to whatever extent that participation is discouraged by distrust of the organization.

Organized activity is not fungible in the way that manufactured goods are. People may be drawn away from the SCA because they find other things to be more fun, but we won't lose members because some other organization undercuts our prices by a nickel or a dollar. We don't have to worry about losing our bids for people's time because a competitor reads our bids in advance and underbids us.

And suppose that the SCA fades away because people lose interest and spend their time and money on other things? If that happens, I don't see it as a tragedy. You may disagree.

You'd said "We have no reason whatsoever to care about competition".

That is obviously not the case, and you haven't proved otherwise. In fact, you have proved my point: that the SCA does have competition, and does have to worry about other groups, as you'd said earlier.

We're probably a lot closer in agreement than this discussion makes us appear: but your unsupported absolutism is just not something I can get behind. You are making very extreme statements as if they are facts, but lack the evidence or experience to back them up.

That should be a sign to you to be open to education, further discussion, and perhaps a change of position. I can't argue with a "faith-based" position, but it isn't particularly persuasive, either.

"I didn't anticipate that a major bombshell like this which was POSTED ON MY OWN WEBSITE would be disseminated via social media, even though exactly three months ago pretty much the same damn thing happened and the upper echelon was totally caught flat-footed by that, too. I had no idea that could happen again."


Fair point...

And well said, too. ::chuckle::

Yeah, this. Also, "I am unable to participate in Social Media due to the nature of my mundane employment" explains the cluelessness a little. I'd hope the latest kerfuffle moves him to run communications past somebody who does keep up to date with the modern online era before he sends them out.

AJ works in a Prosecutor's office. It's a wonder he has the time to be in the SCA at all, and a wonder that he is willing to do both his career and the SCA.

I like him, personally, and he's smart and he cares.

I've back-stopped some of his SocSen staff on various projects, as friends: I helped them out when they needed it. It's clear to me that this note of his was not written with any outside help: it reads like the drafts of his that we then massively changed.

I know that "he's a good guy" is either a weak defense, or no defense at all. But he is. As one of those that have helped him behind the scenes, it is maddening that he didn't get that help again.

I suspected something like this, once I saw the clarification. Good to see confirmation from you, but, yeah, maddening. Hope it's a wakeup call that this blind spot is here and doesn't need to be walked into again, maybe.

In the current age, not being able to participate in social media should be considered a disqualification for a significant public post in an organization of any size. I'm sure his intentions in serving the SCA are good, but he shouldn't be holding that job.

Stone Soup, Pryder. The SCA is stone soup, made out of the best combination of volunteers available at the time. No one volunteer will have all needed skills.

For example, the CEO at my employer is bad at social media. But he has staff who are gifted at it.

Same for AJ. But when he says that he is not reachable on social media, that is exactly what he means. That doesn't mean that none of his staff are on social media.

I'm sure that if you could find a more perfect volunteer and could get them to take the job for nothing, the Board would be happy to appoint them at the end of AJ's service period.

I am familiar with both his strengths and weaknesses. He has both. Overall, I think there was no better candidate that wanted the job at that time.

"I am unable to participate in Social Media due to the nature of my mundane employment" is usually code for "I have clearance higher than Top Secret".

No. He works in an Attorney Generals office.

Similar issues, though.

  • 1
?

Log in

No account? Create an account