New NDA + Core Contributor Trust Agreement

lucyeoh · September 24, 2015, 3:30pm

New NDA process will:

Make it easier to receive and sign an NDA (automated, online)
Increase transparency (NDA’d Mozillians group will be fully accurate)
Make it easier to understand and access NDA’d areas (NDA has been re-written and inclusion in Air Mozilla group will be automatic

This is great but it’s also an opportunity to move beyond the NDA and build a culture of trust. I’m proposing that we include the NDA within a “core contributor trust agreement” that everyone signs.

Questions:

Does this feel like a relevant/important topic? Why or why not?
What information should be included?
What makes people want to keep something that’s shared a secret?
What would make you want to share?
What should the tone be?
What other things (besides the NDA) should core contributors commit to?
How do you think about trusted information?
Who do you trust to have Mozilla’s best interest at heart?

nukeador · September 24, 2015, 3:50pm

Do we have the link to the presentation you shared at the Reps call?

tad · September 24, 2015, 5:34pm

This conversation has come up numerous times in the past, as a pre-warning.

In my opinion, if we were to go down this road, it would have to be a two-way agreement. ie. I will do … for mozilla Mozilla will do … for me.

The tone shouldn’t be too legal. It should be more about culture and giving people an opportunity to, in writing, clearly understand what’s expected.

CaptainCalliope · September 25, 2015, 4:57pm

Last year I identified lack of alignment between tech and legal administrative process for NDAs as a possible roadblock to participation. All relevant notes and conversation around it are in this bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1065570

cc @marcia

lucyeoh · September 25, 2015, 5:51pm

Hey Lyre! This new processes fishes all of your wishes:

Can we change the process by which Mozillians are added to the NDA group so that when someone signs and returns an NDA, a process to add them to the NDA group without additional action on their part is set in motion?

Yep! The new process is automatic and when they click “accept” on their Mozillians accounts they will automatically be added to the NDA Mozillians group.

Can we figure out how to extend this process to be inclusive of people who sign NDAs across Mozilla?

Yes sir! We are approaching all of the teams who have currently or are likely in the future to want to NDA’s Mozillians and will have them send the new NDA to all of their core contributors so we’ll have one central source of all NDA’d Mozillians across Mozilla. Yurrah!

Is there a way we can get a verified list of all Mozillians who are actively under NDA so we can bulk add anyone who is missing?

This new list will be the verified list we’ve all been waiting for. All current NDA’d Mozillians we currently know about will be grandfathered in (we’ll sign the nda’s for them).

leo · September 26, 2015, 10:21am

When we’re talking about Mozillians and core contributors are we including staff? I ask because it’ll be a whole lot easier to check whether someone has signed an NDA by just checking whether they’re in the NDA Mozillians group, rather than also having to parse their email address.

What’s the process going to be for removing people who have left the project or broken trust? How will this sync over to other services (like Air Mozilla and Discourse) where they might still be logged in with an NDA account?

lucyeoh · September 28, 2015, 7:51pm

Hey Leo!

We’re not including staff in that. All staff will be removed from the NDA’d group so it will only have contributors in it.

Every two years the NDA’s will have to be renewed so if someone hasn’t worked on a project since that time they’ll be removed from the group then. If they break trust or were added for a short-term project that is now done, the person who invited them will be responsible for removing them from the NDA’d group which will remove their Air Mozilla privileges.

Hope that answered your questions!

Lucy

mkohler · September 28, 2015, 8:05pm

I think what Leo means is that you can still have a login session that was started by a NDA mozillian even though they might have been removed from the NDA group.

tad · September 28, 2015, 8:05pm

Sounds like a technical barrier rather than process.

nukeador · September 28, 2015, 8:59pm

That shouldn’t be the case if the group in synced with the API.

tad · November 5, 2015, 10:00am

@lucyeoh When do you expect this will be ready?

I have to have NDAs on file for people working on Community Servicedesk since we handle address/phone/other personal info. Should I hold out for the new platform, or shall I just have them sign an old template?

rabimba · February 6, 2016, 7:52pm

Aren’t NDA’s for non-disclosure of information not deemed yet for public release?
In that sense how it is relevant what “Mozilla is doing for me” or “what i am doing for Mozilla”.

This atleast to me clearly is not a give and take relationship.

lucyeoh · February 8, 2016, 4:39pm

Hey Rabimba,

I think the idea here is that through the new NDA, Mozilla is expressing a trust relationship with these individuals. We want to provide contributors with the information they need to contribute effectively and to feel like a valued and trusted part of Mozilla. In turn contributors who sign an NDA pledge to not share the information that is shared with them in confidence, and to help move Mozilla’s mission forward.

Does that make sense?

lucy

lucyeoh · February 8, 2016, 5:01pm

Hey Tad,

Just met with the infra team this morning and we’re now looking at 2 weeks from now. I’m guessing week of the 22nd.

You can have them sign the old template if you wish for now but everyone will have to enter via the new system when it comes in (end of this month) so if it’s a hassle you might want to hold off until then.

We should also talk about how Community Servicedesk contributors will receive their new NDA’s since the new system requires contributors enter through one of these 4 groups: Reps, FSA, l10N, SUMO. If your contributors aren’t in any of these groups you’ll need to find a staff member to vouch for them.

I’ve outlined the new process on the wiki here:
https://wiki.mozilla.org/NDA

tad · February 8, 2016, 6:24pm

I don’t like the “find a member of staff to vouch for them” part. Of course, I can do that, and I know exactly who would do that, but I’m finding it really difficult to build volunteer teams when the bottleneck to everything is having a member of staff.

lucyeoh · February 8, 2016, 7:05pm

Hey Tad,

My guess is that most contributor members will be covered under one of these other sectors, but as discussed, let’s see what alternative plans could look like!

Lucy

plwt · February 9, 2016, 9:14am

Hi

I really like the planned structure around the granting of NDA, very well done on the hard work put in by those involved in setting this up.

One suggestion I would make (which may already have been considered) is that this should be explained to people as a “responsibility”, rather than a “benefit”. @lucyeoh comments are spot on in respect of this being an expression of a trust relationship.

Please do not let this dampen the celebration, this new process is a good thing for contributors and will hopefully better support those working with staff on projects across the wider Mozilla community.

Great result.