Bonum Certa Men Certa

Sexual harassment: Nicolas Dandrimont & Debian Account Managers collective gullibility on Jacob Appelbaum

posted by Roy Schestowitz on Mar 13, 2024

Reprinted with permission from Daniel Pocock.

I previously wrote a high level overview of how Debian falsified harassment statements against Jacob Appelbaum.

Now it is time to look at the detail. Here is an exchange between Mehdi Dogguy and Nicolas Dandrimont. Dogguy was Debian Project Leader, Dandrimont has become a member of the Debian Account Managers team.

The key thing to note here is they are simply cutting and pasting smears about harassment from the Tor Project. The smears they are cutting-and-pasting do not come from real police or a court.

The Tor Project claims they hired an independent investigator. What qualifies somebody to be an investigator?

When claims were made about Jeffrey Epstein visiting MIT, the MIT management hired the law firm Goodwin Proctor to conduct the investigation. They told everybody that Goodwin Proctor was doing this work. People could bypass MIT and give reports directly to the lawyers. At the end of this process, MIT published the full report and the names of those who worked on the investigation.

Every step taken at the Tor Project was the opposite of the process followed by MIT. Their statement does not give any link to the report itself. Their statement does not identify the name of the investigator, the name of their firm or their credentials. This comment from Sheri Steel, the Tor Project leader stands out:

The investigator worked closely with me and our attorneys

In other words, it appears that the investigator was not able to work independently. If the name of the investigator was never made public, how could volunteers go around Miss Steel and speak to the investigator directly?

The Tor Project is using an address in New Hampshire, US, a jurisdiction that is well known for its attitude to freedom and deregulation. Here is an article about the qualifications of private investigators in New Hampshire. Notice in particular that NH accepts the registration of investigators who have been dishonorably discharged from the military and other police forces. There are no checks on the financial credibility or mental health of licensed investigators. The investigator could be anybody from an ex-fireman to an undercover mall cop.

The report from Tor Project is therefore only as good as the person who wrote it and what they were paid. If the investigator was in a weak financial position, they may have felt immense pressure to write a report that tells their client what the paymaster wants to hear. That is almost always the path of least resistance.

Large professional law firms would not put their name on a report like this.

According to a detailed report in German magazine Die Zeit, the claims against Appelbaum concern incidents at his apartment in Berlin. Under German criminal law, if Miss Steele or any other person who attended the party visit a police station and sign a complaint, the police have a mandatory obligation to investigate the matter. An investigation by the police is impartial and you do not have to pay them to do it. According to German law, every crime reported to the prosecutor must be recorded in writing by the public officials. In other words, if any woman had a genuine complaint against Dr Appelbaum, the prosecutor can not refuse to open a case. The nature of German civil code (StPO) is absolutely clear, the prosecutor is obliged to listen to every woman and investigate every single complaint.

The prosecutor does not charge victims a fee for making an investigation. This raises another question, why would any victim choose to give payment to an anonymous New Hampshire mall cop when they can use an impartial German state prosecutor for free?

Due to the nature of abuse, many genuine victims have great difficulty in coming forward to report a crime. For childhood abuse victims, it takes an average of 30 years for victims to come forward. Yet once a victim has decided to speak, if they have the courage to speak to a private investigator, why would they not speak to the police?

In every case, a police report can be more thorough, more credible and they can use their powers to protect genuine victims from further abuse.

If any woman was really in danger, if Tor Project genuinely cared about protecting women in future, why would they not use the criminal procedure?

Many of us put our trust in free, open source software for a whole range of critical services from the banking industry to nuclear plants. Users of Tor Project include activists in dangerous parts of the world who may be subjected to severe punishments, even execution, if they are caught communicating on the Internet. These people are trusting Tor and other open source software with their lives. Yet if we can't trust the people who make Debian and Tor, how can we trust the software?

If you are submitting an article to a peer-reviewed academic journal, you need to identify your sources, their names and the papers they published. The Debian Account Managers do none of those things, they cut-and-paste words from a blog about an anonymous source and accepted it all as truth. Given their role in the Debian Project, it is scary how they could be so gullible to fall for something like this.

Notice how Mehdi Dogguy wrote a statement that did not include references to sexual activity, see the title of the message, it is simply "Jacob Appelbaum and harrassement". The original paragraph used the word "abuse" without any qualification. Nicolas Dandrimont strongly insists on inserting the word sexual as a prefix to both those words. Such statements are a hideous defamation and can not be used without evidence.

Subject: Re: Jacob Appelbaum and harrassement
Date: Wed, 15 Jun 2016 14:53:35 +0200
From: Nicolas Dandrimont <olasd@debian.org>
To: Mehdi Dogguy <leader@debian.org>
CC: debian-private@lists.debian.org

[snip]
* Mehdi Dogguy <leader@debian.org> [2016-06-15 13:48:53 +0200]:
> In the meantime, we believe that the most urgent thing to do is to > make sure that Debian as a community is safe for its contributors, and > able to deal with people who abuse or manipulate, regardless of who > they are, whether it happens online or at Debian events.
Agreed.
> Over time, Debian has published clear statements of what our > contributors can expect from the community: the Diversity Statement > [1], and the Code of Conduct [2], have been ratified in General > Resolutions. DebConf events have an additional Code of Conduct that > attendees are expected to uphold [3]. > > [1] https://www.debian.org/intro/diversity > [2] https://www.debian.org/code_of_conduct > [3] http://debconf.org/codeofconduct.shtml > > Note that these documents alone can only set expectations, but do not > help if somebody fails to meet them.
Apart from the DebConf code of conduct which has some provisions for actions, I do agree that we're sorely lacking a process for "escalation".
> Abuse and manipulation do happen, sometimes even unconsciously, and are hard > to detect. When a member of our community feels discomfort or worse, they > need to be heard and understood. Not everyone is a good listener, especially > with someone they do not know well. Make sure you and people around you have > at least two people you can safely talk to when something goes wrong.
I had to do a double take on this paragraph, and I still can't believe what I'm reading. Let's suppose I'm a newcomer in the project. Who should those two people be? With my outreach team hat on, and in the context of having encouraged around twenty newcomers coming to the next big Debian event, I feel very uncomfortable with that response. Should the message we are sending be that "yep, if you're talking to someone one on one, it's your fault"?
> People normally make mistakes, and they need to have a chance to > realise what happened, own up to their mistakes, and take action to > prevent them from happening in the future. Other people need to have a > chance to take action if that does not happen.
You should make very sure that your public interventions on the matter are worded more carefully. We're not talking about mere mistakes here, we're talking about sexual assault, and harassment (sexual or otherwise). Those are things that leave permanent scars on the victims, and can ruin their lives. Not really something you can dismiss with "well, it happens".
If such events happen in our community, I do hope that some of us will have the strength to make the attacker realize that what they did is wrong, help them to make amends and, if that comes to it, help them heal themselves. But, first and foremost, as a community, we need to make very sure that all the community is safe, and that we stand by each other when we need each other. If that means excluding some elements of our community to keep others safe, then we should not be afraid to do it.
> If you want to report any issues, you can contact DAM > <da-manager@debian.org> and the Anti-Harassment team [4] > <antiharassment@debian.org> > > [4] https://wiki.debian.org/AntiHarassment
What is the current status of the anti-harassment team with DebConf being very close and their attention being more than needed for that period?
Bye, -- Nicolas Dandrimont

On a side note, Nicolas Dandrimont asked me to consider his girlfriend for an Outreachy internship. I have regularly made complaints about these conflicts of interest in Debian. Anybody who talks about these conflicts of interest is accused of sexual harassment. When I complain about Dandrimont's girlfriend, I'm doing it for all the other women who missed out on this opportunity.

Notice how Dandrimont asks to be removed from the selection process but he goes on to make comments about the projects and finishes with an offer to help rank the candidates anyway. This is not what it looks like when somebody honestly recuses themself from a decision.

The selection process described by Dandrimont would be no more credible than the investigation at the Tor Project.

Subject: Recusing myself from Outreachy applicant selection decisions, internships funding
Date: Fri, 14 Oct 2016 12:37:46 +0200
From: Nicolas Dandrimont <olasd@debian.org>
To: leader@debian.org, outreach@debian.org
CC: mapreri@debian.org, pocock@debian.org

Hey all,
As of today, the person I'm involved with, Pauline Pommeret, is applying to an Outreachy internship in Debian (on the GPG cleanroom environment project - I don't see her mail on the list archive yet, so something must have gone wrong, but it should arrive soon enough).
To avoid an obvious conflict of interest, I am recusing myself for any decisions regarding applicant selections for this round.
I am of course still happy to serve as a liaison with the Outreachy program administrators, and to forward our applicants to them for general funding when selected, if the money allocated by Debian runs out.
This would especially be relevant, in my opinion, to RTC projects, as I'm not sure at all that we should fund them from Debian money directly. Karen Sandler also told me that one of the Outreachy sponsors was interested in funding interns on Reproducible Builds. All in all, we should be able to have two or three internship slots with Debian only disbursing one.
I'll stay on the outreach@d.o alias for now, but let me know if you need help ranking applicants, and I'll ask DSA to remove me so you can discuss at ease.
Cheers, -- Nicolas Dandrimont

Other Recent Techrights' Posts

Microsoft's Latest 'Novel' Approach, Trying to Prevent People Moving Away From Microsoft and From Windows
ads say a lot about their business strategy
Microsoft-sponsored "The New Stack" Publishing Microsoft Windows Articles in "Linux" Clothing
Just sayin'...
 
Microsoft Ends Support for Vista 10, So Relative Share of Vista 10 Goes Up, Vista 11 is Down
For 2 months in a row already
When Python is Basically Run by a 'Microsoft-Friendly' Mole Who Ousts People That Actually Contributed a Lot to Python for Many Years
Removing some of the best people
Syria: Microsoft Windows Down to 8% "Market Share" (It Was 99% Just 15 Years Ago)
it was even measured at less than 5% earlier this year
Links 08/12/2024: Boeing Leaks and Bluesky’s Business Model Dilemma
Links for the day
Gemini Links 08/12/2024: UK Winds and Ultraviolet Grasslands (UVG)
Links for the day
Links 08/12/2024: Conflicts, Misinformation, and Gutting of the Media
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, December 07, 2024
IRC logs for Saturday, December 07, 2024
Czech Republic: GNU/Linux Jumps Above 4%
data from the Czech Republic for 2024
IBM Engagement Surveys "Are Usually Useful for the Executives So They Know Which Things to Ignore"
This impacts Red Hat as well
Did Microsoft 'Write' (by Chatbots) This 'Article' About WINE?
The Web is drowning in garbage
Dictatorship Formalised: Python Software Foundation Violates Its Very Own Code Of Conduct (COC) or Code Of Censorship
Incoming Python Software Foundation Executive Director, Deb Nicholson, allegedly uses COCs to get ahead while violating COCs
[Meme] 'Self-Checkout' (and Banking 'Apps'): Passing All Accountability to the Customers
Stealing
Gemini Links 07/12/2024: Leasehold and NNTP
Links for the day
Fun Statistics About Techrights (Almost a Quarter Million Files)
Here are some raw numbers
PIP (Performance Improvement Plan) as an Instrumental But Largely Hidden (From the Public) Extra Layer of IBM's Workforce Reductions
The morale at IBM is really bad
Microsoft Money: From Bribing Bloggers to SLAPPing Bloggers
Microsoft money, different strategy?
Belgium: Windows Falls to Quarter of the Market, Mobile Devices Outsell or Overtake Desktops/Laptops on the Web
Microsoft has no operating system for 'smartphones'
Links 07/12/2024: CALEA Back Doors Backfiring, Fentanylware's (TikTok) U.S. Ban a Step Closer
Links for the day
statCounter: GNU/Linux Rises Sharply to All-Time High in Republic of South Korea
Notice how sharp the rise is!
It's FOSS? No, It's SPAM.
Another sellout
Another Massive Blow to the Web
This is awful news and it neatly relates to topics that we covered this morning
All the Latest Five Blog Posts at OSI's Blog Are Written by a Microsoft Operative Salaried by Microsoft
"Open Source" no longer means anything
Legacy of a Dying World Wide Web
Many people truly believe they're "stars" in social control media
Google Does Not Have a Search Engine Anymore
Google wants to "retain" users for more "screen time" and influence over their minds; it does not save you time, it's manipulating you
[Meme] Automattic: Host With Automattic, We'll Handle Our Own Complexity for You
The RHEL modus operandi (more so with systemd)
Finding Peace With Less
There seems to be a growing consensus (speaking to other editors helps confirm this) that the Web is going in a very bad direction
Links 07/12/2024: DEI Chopped by University of Michigan, French and South Korean Governments in Turmoil
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, December 06, 2024
IRC logs for Friday, December 06, 2024
Links 06/12/2024: Meal Changes and Internet Nostalgia
Links for the day
Brittany Day (linuxsecurity.com) Reposing Linux Foundation/Microsoft FUD Using LLMs, Probably Controlled by Microsoft
Plagiarised FUD by LLMs
Three Months
Next week on Tuesday our sister site turns 20.5
Links 06/12/2024: Promotion of Fake and Illegal Patent 'Court' (UPC), South Korean Strikes, and More Bailouts at Taxpayers' Expense
Links for the day
Links 06/12/2024: Alarm Raised in EU Over Meddling and Destabilisation by TikTok, Strong Criticism of 'Open'AI
Links for the day
In France, Android Skyrockets to 52%, Windows Falls to 26%
even in rich countries across Europe Windows is rapidly losing "market share"
When News Sites Become Shopping Catalogues Disguised as 'Reviews' or 'Articles'
Sometimes Fagioli uses HEY HI (AI, LLMs actually) to make 'articles' about HEY HI
[Meme] Hit and Run with SLAPP
Microsoft staff versus Techrights
[Meme] When You Go Against Corporate Front Groups and Shills of Moneyed Interests (EDRi is Microsoft-Compromised Now)
The "golden rule" is, follow the gold
The Register Exposed Many IBM Scandals, Lawsuits, and Secret Layoffs. Now IBM Pays The Register.
Hush money?
IBM Told the Media the Secret Mass Layoffs Would Carry on Till End of November, But They Still Happen This Month
"My team of 9 people had 4 regulars and 5 contractors. All contractors gone."
All the Red Flags in New Linux Foundation Report
How telling...
Gemini Links 06/12/2024: Shrinkflation and Working at Google
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, December 05, 2024
IRC logs for Thursday, December 05, 2024