If we're honest about it, Mark Zuckerberg has been icky for a long time.
In 2008, Mozilla's CTO left the project to go work at Facebook. And we felt icky about it then. So we can confidently carbon date Zuck's ick at least that far back.
Of course people are allowed to make all kinds of decisions about where they work and what they do for money. And old open source was never gonna be super jazzed to see anyone leave for a walled garden. That's just the laws of nature.
It wasn't just the leaving. It was leaving to build the most powerful surveillance tool in modern history. But again, lots of ways to make a living. Not everyone has the same definition of ick.
Ick is hella subjective
That lack of a consistent definition of ick means lots of folks out in the world making decisions that we might not. And vice versa. There's a bigass range of approaches to life and liberty and all the ways you can pursue happiness. The kind of stuff that keeps the world vibrant as we all spin our way through space.
But that vibrancy sorta falls down as a business. Or even as a non-profit. If we all show up with different ick, whose wins? How do we break ties? Do we go with whoever is having the loudest ick? Or with the most powerful person having the ick response? Collective business ick can break a lot of ways.
In the very early days of our business, we needed a way to sort through these types of nebulous quandaries. Our first tool for ick-resolution was a set of four questions. Codified in our corporate values. With every piece of work pushed through this sieve: Should it be done? Should it be done by us? Will we be proud of it? Will it have lasting impact?
And for the first few years, that was enough. When it wasn't, we'd rely on another popular tool: founders get in a room and figure it out. Coarse-grained but sufficient.
The preliminary questions were a good start but not every inbound sales inquiry fit neatly into those buckets. Nor was it even remotely feasible to vet every opportunity for co-founder ick. We needed a tool that could scale with us. And so we built one.
Plain-text ick
In 2020, we drafted our very first RSG client policy. It forced a lot of latent ick onto paper. What do we mean when we say "should it be done?" Are there industries that we won't work with at all? If so, can we articulate them? What do we mean, "should it be done by us?" Are there places where our involvement with a project conflicts with our overarching mission? Can we articulate those, too?
The resulting doc was partially informed by work we'd rejected in the past. But also a bunch of scenarios we assumed were totally off the table. One that we wrote down that felt like an absolute lay up at the time? We don't want to do management training for people involved in human-trafficking. Honestly, who would? Like even our very biggest, most corporate and stodgy competitors. If you asked them on an earnings call, "Hey, how you feeling about professional development in the human-trafficking division?" Our sincere hope is that they'd have no interest in that P&L. But fine, put it on the list cause while you're making one, it may as well be on there.
Two things we did not anticipate then that feel important to mention now. First, creating a client policy doc meant our team could hold us accountable to it. They could see, much more transparently, how ick decisions were made and we could all discuss the edge cases. Where and when and why. And once they had that information, they could also flag client policy concerns whenever new folks reached out about doing work together.
Second, it got used. A lot. Some of those cases were expected, and some surprised the shit out of us. Like the time we got a note from a leader asking to join a program with us. And then a member of our team said, "Um, I'm not positive but I'm pretty sure that org has been credibly accused of human-trafficking and that means we can't work with them."
They were right. The thing that we thought was a total freebie on the client policy bingo card did show up. In fact, if you'd given us ten bucks while writing the thing and asked us to guess which ones were likely to happen, and which ones were completely implausible, we'd probably have guessed wrong more than we guessed right.
And that is precisely why writing this shit down is helpful.
Don't count on dodging this
You might still feel like this ick won't hit your organization. You might also feel like it's very implausible that the next phone call, or knock on the door, will be a human-trafficking organization. Or an arms merchant. Or some government officers looking for undesirables. If you read this narrowly as a commentary on the business impacts of a new US administration, you might imagine that orgs outside of its jurisdiction are fine. Maybe your organization really will be.
But ick is not a locally contained outbreak, ick is a pandemic. We don't think it's particularly controversial to say that populism and demagoguery aren't exclusive to one administration or one country. There are lots of people in lots of places who like the idea of using state power to punch down. There are lots of companies who stand to profit from those initiatives. All over the world there are people lining up to write those laws, and others lining up to build the machines that will implement them.
And then there's you.
Will your org be personally asked to kneel? Will you be? We don't know — maybe not. You might be too small, or too far away from the limelight, or too insulated as an industry, to be on anyone's first list of jawboning calls.
It doesn't usually start there anyway. It usually starts with an implicit invitation to help build the machine. A juicy contract or RFP. A donation to endow a research chair in a very specific field. An opportunity for partnership, or support, or access, or referrals, that your org could eat off of for a year or four. Sometimes with very obvious clouds of ick surrounding things. But sometimes with the nicest people who, sure, smell vaguely of ick but you almost want to ignore it because they're so nice. And it's a great opportunity.
Trust us when we say that it is so much easier to work those ones through to a decision if you've already built some policy around it.
It's dangerous to go alone, take this
So look. We have two tools that we want to offer to you, apropos of nothing at all if that's easier for you, or apropos of some very specific shit this week if you prefer.
First, have a policy around who you'll work with and take money from. Here's ours. We don't claim that it's perfect, or that our values align seamlessly with yours, or that it's the only way this kind of thing can look. But what we'll say is that in the years since we wrote the first version, we've had to use it more than a dozen times. And it genuinely makes the ick much easier to navigate. And it's CC-licensed.
We know that we have lots of CEOs and founders reading who can author this themselves for their organizations. We hope that you will. But even if you don't have that authority, you can push the conversation. You can ask if one exists. If not, you can ask if one should — do we have people we won't take money from? Do we all come up with the same answer? That's a healthy and productive culture conversation in any org. Apropos of nothing, or some very specific shit if you prefer.
Second, have a compliance policy. As in, what does your org do if the government comes asking for lists, or emails, or information? Lists of employee home addresses, sorted by immigration status. Lists of customer access IPs. Emails sent from work laptops. Web searches for the following terms?
Probably your org's policy is to comply with lawful requests. It's hard to have a policy that rejects that. But that doesn't mean you can't be prepared. Does everyone know where those requests should get routed, and what to do if they're the ones to answer the phone, or the office front door? Does your org have a policy to challenge them in court before complying? Or a maximum retention period set, after which that information is expunged? Should you have those things? Apropos...well, you know.
Look, we get it. "Write a policy" is a very boring idea. As a vibe, it's giving taupe, bureaucracy, and mildew. But putting some careful thought into documents like these gives your team clarity about where you stand as an organization, and what to do when the ick — however implausible — shows up. Given the current state of, well, everything? It might be some of the most vital work you do this year.
— Melissa & Johnathan