The Citizen Clinic is an inclusive course where students, mentors, and staff should feel comfortable sharing their work, opinions, and perspectives. All of us commit to engaging with each other mindfully to ensure an environment that promotes shared learning and collaboration.
This Code of Conduct governs participation at the Citizen Clinic. It applies to all Clinic participants during all class meetings, as well as to all Clinic participants at after-hours working sessions or social events. The internet is real life. This Code of Conduct applies in all digital spaces connected to the Clinic (e.g., group chat channels, mailing lists, collaborative documents) as well as physical ones. Participants who violate this Code may be excluded from this and future Clinic opportunities, and may be prohibited from attending Clinic social events.
Clinic participants are expected to comply with the policies that govern all activities and behavior at UC Berkeley, in particular the Nondiscrimination Policies and Procedures, Sexual Violence and Harassment Policies and Procedures, the Student Code of Conduct, and the Computer Use Policy.
In addition, we expect all Clinic participants to abide by the following parameters:
- Be respectful to others. Do not engage in homophobic/homomisic, racist, transphobic/transmisic, ageist, ableist, sexist, or otherwise exclusionary behavior. Honor individuals’ preferences for how they prefer to be addressed.
- Use welcoming and inclusive language. Exclusionary comments or jokes, threats or violent language are not acceptable while working in the Clinic. Do not address others in an angry, intimidating, or demeaning manner. Be considerate of the ways the words you choose may impact others. Be patient and respectful of the fact that English may be a second (or third or fourth!) language for Clinic participants.
- Do not harass people. Harassment includes unwanted physical contact, sexual attention, or repeated social contact. Know that consent is explicit, conscious and continuous—not implied. If you are unsure whether your behavior towards another person is welcome, ask them. If someone tells you to stop, do so.
- Respect the privacy and safety of others. Do not take photographs of others without their permission. Note that posting (or threatening to post) personally identifying information of others without their consent (“doxing”) is a form of harassment.
- Be considerate of others’ participation. Everyone should have an opportunity to be heard. While working in teams, please keep comments succinct so as to allow maximum engagement by all members. Be conscious and respectful of the fact that your team members may have different methods of communicating, and work to enable the most collaborative environment among your team.
- Don’t be a bystander. If you see something inappropriate happening, speak up. If you don’t feel comfortable intervening but feel someone should, please feel free to ask a member of the Clinic staff to intervene.
- As an overriding general rule, please be intentional in your actions and humble in your mistakes.
Working with the Citizen Clinic will require engagement with its partner organizations. These organizations and their staff, partners, and the communities they serve are often at risk of online or physical attacks. Therefore, adherence to Clinic operational security procedures is not just a requirement for academic success, but for safeguarding the lives and livelihoods of Clinic partners, students, staff, and their friends and families.
In order to facilitate a secure, safe working environment, all Clinic participants are expected to:
- Adhere strictly to any operational security requirements set for partner communications by your team, by Clinic staff, or by the partner.
- Do not seek to undermine existing security controls. Should you feel a security measure is ineffective, bring your concerns to Clinic staff before taking measures to alter any security systems or policies.
- Respect partners’ perspectives. Even if we do not agree with a partner’s security concerns, we learn more about their security context by listening than telling. We do not know what we do not know.
- Keep track of any Clinic-owned devices assigned to you or your team. Ensure they are under the control of you or your team at all times, or are securely stored when not in use, and do not engage in any unlawful or unethical online or offline behavior with them. Do not change any device settings in ways that would reduce device security. These devices are the gateway to our partners and the Clinic’s electronic infrastructure. You are the gatekeeper.
- Report any security incidents or concerns immediately to Clinic staff. This includes, but is not limited to, the loss, theft, or compromise of Clinic-owned devices or data stored on them.
As a condition of allowing students to participate in the Clinic, including access to the Clinic’s
computers or other systems, all students agree to strictly protect any Confidential
Information they receive as a result of their work with the Clinic. While the decision about whether information is “Confidential Information” depends on the specific information itself, some examples of Confidential Information include:
- The names of partner organizations, their staff or clients, or other persons related to a Clinic project, or information likely to indicate identity
- Any information related to organizational assessments or policy findings and recommendations
- Any private communication or information regarding a specific partner, a case, research data or analysis, including any underlying facts and circumstances not already revealed to the public
- Any report or other written material, including that which the undersigned or their team has drafted, unless such document has been approved for release and properly redacted by a member of the Clinic supervising faculty or professional staff
- Identities or other personal information about partners required by applicable research protocols to remain confidential to minimize the risk to research subjects of participation in research.
The undersigned student agrees that they will not violate the confidentiality of the Clinic’s interests or those of the Clinic’s partners by revealing Confidential Information to those outside the Clinic. By signing this agreement, the student agrees not to disclose Confidential Information orally or in writing, including through electronic media or any online forum, and not to write about any aspect of a Clinic case or project in any print or online publication without the express, prior permission of the
Clinic’s supervising faculty or professional staff. The obligation of each student to maintain the confidentiality of information is on-going and continues after the student’s participation in the Clinic has ended.
Clinic faculty and professional staff are available to answer any questions or concerns about this.
Agreement, or about disclosure of any specific information. Students who are uncertain about whether certain information is Confidential Information should ask mentors, Clinic faculty or professional staff before any disclosure.
Working with partner organizations is a position of significant privilege and trust. Your work does not just represent you, but your team, Citizen Clinic, the Center for Long-Term Cybersecurity, the School of Information, and UC Berkeley at-large. Students are expected to be on-time to all partner meetings (remember: partners are not on Berkeley time), and to be attentive and respectful during all external-facing engagements.
Work product, communications, and other partner-facing materials you may produce over your time with the Clinic must adhere to a very high standard of quality. The work that is done in this course varies from team to team, but always keep in mind these three characteristics when preparing work for partners:
- Rigor: Be thorough in your research. Do not make recommendations for partners based on what you assume they need—all recommendations should have a rigorous explanation behind them.
- Attention to Detail: Spelling, grammar, design, organization—do not underestimate the importance of details. We want partners to rely on the materials we create when they are considering meaningful decisions about their security. Bad writing does not instill confidence.
- Contextualize: Think about who your audience is for any document or deliverable—whether it is an email, an organizational policy, or a report. Who is reading it? Who might read it? How technical are they? Do they read English? How well? Tailoring your work to your audience is critical to making the work meaningfully received and understood.
Please report any issues related to the Code of Conduct to faculty or staff member.
Please speak to us if you encounter an issue—whether related to a specific situation or to a more general aspect of the Citizen Clinic. You can contact the Citizen Clinic staff team as a group or individually, in person or by email.
You can also report issues to the Citizen Clinic staff anonymously — but please use an email address where you’ll be able to receive replies.
An example of how to anonymously report: Use Tor to create and log in to a new email address, use the address exclusively for the purpose of your report, and never provide information that would personally identify you—to either the email service provider or to us.
Many campus resources are also available for reporting incidents of harassment, violence, or discrimination. You can find information about those programs and contacts (including official reporting pathways) here:
- PATH to Care Center: http://survivorsupport.berkeley.edu/report
- Office for the Prevention of Harassment and Discrimination: https://ophd.berkeley.edu/home
Conflicts of Interest – Reporting
If an issue, complaint or concern involves a member of Clinic staff or mentors, that person will be removed from the issue response process and will not have access to documentation related to the issue.
Conflicts of Interest – Partner Services
Students must seriously consider their own political, religious, cultural, and social affiliations before agreeing to work with any given partner. If anything about a student’s personal beliefs may cause a conflict of interest or prevent them from providing effective support to a partner, they are obligated to communicate with Clinic staff immediately so they can be assigned to a new team.
Staff will address all complaints or concerns in a responsive and expedient manner. Each case will be processed as is contextually appropriate and in line with existing University procedures. If, at any point, a student feels a concern, complaint, or report is not being addressed appropriately, they should escalate issues to the CLTC Faculty Director or other campus resources (such as Office for the Prevention of Harassment and Discrimination).
Based on the nature of the issue, the Clinic Staff will propose a course of action to the individual who made the report, and, where not prohibited by law or university policy, work with them to determine whether that proposal is an appropriate response before acting.
An appropriate response is one which:
- Seeks to ensure the safety, dignity and security of all Clinic participants
- Respects the autonomy, experience and judgment of those who decide to report an issue
- Aims to provide a resolution that is meaningful and fair to all participants affected
- Encourages accountability, responsibility, cooperation, honesty, personal growth and respect on the part of all participants affected
- Is context-specific and aims to “make things right,” repairing specific harms to affected individuals
- Works toward greater inclusiveness in the Clinic
- Complies with UC Berkeley policies, and involves University staff as appropriate and required by those policies.
The undersigned agrees to abide by the terms of this Code of Conduct for the duration of their involvement with the Citizen Clinic. Failure to do so may result in disciplinary action outlined within the code, or as required by UC Berkeley policy.
Your Name (Printed):