A smart reader just told me about some news I somehow overlooked — it seems that David Crooke, Convio’s CTO, was replaced by David Hart on the 27th of February. The inference here is that the quick and abrupt departure of David Crooke was payback for the Convio security scandal last year. Indeed, the press release was rather short itself on the details surrounding David Crooke’s exit:
Hart replaces David Crooke, Ph.D, a co-founder of Convio, who is leaving to create another entrepreneurial venture.
Oddly enough, David Crooke is still on Convio’s management page. One would think that a co-founder would receive a rather more celebratory send-off than a one-liner buried deep in the tail end of a press release but what do I know? We’ve seen other co-founder CTOs unceremoniously dumped so this isn’t anything new.
Anybody have any comments about this?
Loading ...
******** The following post is entirely my personal view and response, and is not posted on behalf of Convio ********
This rumour, like most blog postings, is wholly without fact or foundation. Allan Benamer made no effort to contact either me or Convio Inc. for comment on his allegations before posting them.
I find this kind of slander extremely offensive, and I have sent Mr Benamer a personal email offering him the opportunity to retract and apologise.
Yes, it is interesting that Crooke, a co-founder, was unceremoniously ousted from the company.
It is long held, yet obviously uncomfirmed, fact that Crooke was on the outs with both Austin and Hart, and with the GA acquisition, his services were only marginally useful. Notice, even in the Edgar listings, that his name was not in any of the listings of primary management nor *even* stockholders. That should speak volumes!
It is too bad since he is a nice guy and was a trailblazer in the industry.
******** The following post is entirely my personal view and response, and is not posted on behalf of the American Civil Liberties Union********
This is a logical conclusion to draw given the facts that Convio has published openly. Thanks for publishing your perspective even though it is clearly somewhat controversial. If you run into problems keeping this post up, I’ve seen both ACLU and EFF do great work in protecting blogger’s free speech rights.
PS Ironically, both EFF and ACLU are both Convio clients.
Please look at :
http://uncivilsociety.org/2008/03/social-enterprise-blogging-and.html
for a legal analysis of this issue between myself and Dave Crooke.
I will be posting an update to this article as well in the next 24 hours.
Hey Allan, thanks for looking a little closer into this issue at Convio. As many non profits use their services, their management issues are certainly in the public domain and of great interest. Keep up the great work.
Alan, wow man, I don’t even know where to begin. David Crooke is the chief architect behind the Convio platform. The security breach occured on the GetActive platform which was obviously not architected by David Crooke. To say that David Crooke is being ousted for a security breach on a platform he didn’t architect/implement is sensationalist grasping. I read your blog because you provide good insights. But when you go out and say something that, upon even the most basic examination, makes no sense at all, it greatly diminishes your other contributions.
Actually, Anonymous, I should direct you here.
I actually gave Convio a reasonably good grade on their handling of the notification and to David Crooke for making his remarks on Progressive Exchange.
I also should point you to my comments here.
By my count, there was an 11 month period where Convio could have cleaned GetActive’s code. That’s plenty of time to go through and redo the authentication engine there. I’m not saying it wouldn’t have been difficult and costly but I have to point out that it is NOT typical to have passwords stored in the way that GetActive stored it. I think a reasonably thorough security audit would have flagged this.
Please remember that one of the reasons that the identity thieves ended up with so many username/password combos was that they gained access to a “download decrypted passwords in bulk” feature. It’s a security hole as wide as the Lincoln Tunnel. I think any techie worth his or her salt would at least do a double take on it. At the very least, this feature should have been removed by three months after GetActive was acquired.
To be fair, I think the “download decrypted passwords in bulk” feature was requested by nonprofits and GetActive bent over backwards to accommodate them. That wasn’t smart but there you are. It’s a lesson to everyone. Nonprofits, don’t demand stupid security loopholes. CRM companies, don’t accommodate those requests.
Allan,
I’ve already said this by email, but I’ll chime in here publicly. Although I am very happy that you’ve covered, in depth, the security issues at Convio – they, and companies like them, need to be accountable for security breaches, for sure.
However, one of the things that I have always liked about the nonprofit technology community (of which Convio is a part) is that we have respect for each other in ways that is often not present in other fields/industries.
This post is, at it’s heart, disrespectful. Although I agree that you have every right to ask why David Crooke is leaving Convio, and ask whether or not that is related to the earlier security breach. And if, in asking those questions, he, or Convio wanted you to take the post down, etc., I’d be right with you. But this post, particularly the comment: “The inference here is that the quick and abrupt departure of David Crooke was payback for the Convio security scandal last year” is not asking those questions – it’s making a statement that first, does not look so much like opinion, and second, it goes beyond what I feel would be respectful.
“However, one of the things that I have always liked about the nonprofit technology community (of which Convio is a part) is that we have respect for each other in ways that is often not present in other fields/industries.”
Please don’t mistake a company, that makes it’s *business* out of making profit from nonprofits, to be in the same ballpark. To do that would be taken in by the marketing.
Underneath the covers is the same business climate that is present in every other for-profit organization I have worked for. They are in it to make money — make no mistake about it.
That being said, to take the high road and give them the respect that *should* be given to all companies, profit or non-profit, would be the best advice. However, I don’t feel the comments Allan made are in any way disrespectful; quite the contrary, I believe they are responsible, especially when related to security concerns.
I also have to disagree with Michelle here. I’m nowhere near as aggressive as other journalistic outlets nor am I as disrespectful as some of them. I did come into this space from the private sector though. As Deborah Elizabeth Finn likes to point out, I’m a somewhat late arrival to the nptech scene. I can only imagine how collegial it was when the number of organized nonprofit technologists was less than a hundred. Those of you at NTC can ask some of your colleagues about the good old days back then. As a result of my late arrival, I bring with me a different set of expectations about the function of bloggers in regards to technology. At times, I see myself more or less emulating not my non-profit peers but bloggers in the larger arena of technology. However, as much as I emulate them, I don’t adopt their tone. How can I prove this to you? Do a quick search on the words “Steve Jobs tyrant” in Google. You’ll see far harsher articles than anything I’ve written on this blog.
However, it’s clear that respect should be held even between individuals and corporations. That is why I apologized publicly to David Crooke despite the fact that he did not accept the apology originally. Couple that with the legal analysis of this issue over at uncivilsociety.org, you can see that the legal leverage was all mine to use or misuse as I saw fit. My apology was more or less an abdication of that. If that isn’t respect, I don’t know what it is.
So no, I don’t agree that I was disrespectful towards David Crooke but I would like to think that in my actions since the post you would see that I have taken the more difficult route of trying to tamp down inflamed passion both on my part and on David Crooke’s. There were many possible strategies I could have pursued in trying to seek an end but few of them would have resulted in the somewhat more amicable end that has been reached. If I were truly disrespectful, I’m pretty sure this would have escalated and at that point, I would certainly side with Michelle’s concerns.
“Please don’t mistake a company, that makes it’*business* out of making profit from nonprofits, to be in the same ballpark.”
Re-read the post. Allan wasn’t casting any aspersions on Convio, he was aiming directly at David Crooke, who is a person. Along the way he trashes Scott Ganyo, linking to a post that in no way supports the “unceremoniously dumped” smear.
Furthermore, Allan’s own statements aren’t even backed up by the Convio links he posted. Maybe the “ex-Convio” Crooke is still on Convio’s management page because he wasn’t actually “unceremoniously dumped”? Who knows, since Allan didn’t bother to check before he trashed a couple of people.
Allan’s made some pretty good posts in the past, but he’s had a tendency to lunge for the scurrilous whenever he can spot it. I wish he’d stop trying to be a non-profit version of Gawker, since he just comes off as a monkey flinging poo.
Just because other people aren’t respectful when they, for instance, call Steve Jobs a tyrant, doesn’t mean that we shouldn’t be. That’s why the high road is called the high road, after all.
And one commenter was right – Allan did not target Convio, he targeted David Crooke in particular.
Yes Convio is a for profit, and they profit from non-profit organizations. So do many companies and people (including myself, by the way.) That does mean that they are accountable to their clients, and to the sector as a whole. That doesn’t mean they are not worthy of being talked about respectfully.
And to “anon” who thought Allan’s comments were respectful – how would you feel if you were the target of those comments? That’s a good litmus test.
Again, I don’t have any intention of letting Convio, or any company, off the hook for security issues – their feet should be held to the fire for that. But you don’t have to trash individual people in the process.
Michelle, I think the problem here is that I haven’t adequately communicated my perspective. I speak as someone who is inside a nonprofit organization not someone such as yourself who is a consultant or Convio which is a large vendor. As such, my views are limited (or for some, enhanced) by my deep immersion in the practice of a nonprofit carrying out its mission.
I’m an advocate for nonprofit techies, not nonprofit consultants or vendors. As a result, I think a lot about the relationships between nonprofits and those they pay to get their IT work done. I think the relationship between nonprofits and consultants is probably more equal in terms of size. This is probably the kind of collegiality and level of respect that you see on a daily basis in your consultant practice. I have to tell you that it’s a different thing entirely when nonprofits have large vendors. They’ve got legal and marketing departments that act in concert together to try to produce profits for the vendor. It’s not always the case that this is in the best interest of the nonprofit.
In this environment, I don’t see how collegiality really holds together well. Respect doesn’t scale to large corporate entities. I try to give respect where it’s due but clearly the unequal relationship between nonprofits and vendors requires a more subtle take on respect here. For instance, take a closer look at that cease and desist letter that was written to me and tell me if David Crooke responded as a person or as someone from a vendor. Most single consultants like yourself can’t rely on a battery of corporate lawyers. And that’s where respect simply evanesces into thin air.
It’s not that I don’t give respect to people but when you’re talking about a corporate entity or someone who claims to represent a corporate entity, I’m not so sure that respect is the first thing on my mind. So no, it’s not that I reject collegiality outright; it’s that it puts people who advocate for nonprofits in a remarkably difficult position. You would have nonprofit advocates muzzle ourselves but there would be no equivalent placed on a corporate legal/marketing department.
On a more historical note, I think it would be safe to say that single-person consultancies are not exactly well represented in the NTC Science Fair. Have you not missed the corporatization of nearly all of the vendors that serve nonprofits? This is indicative of a maturing marketplace. I’ve seen the same thing happen in the Web industry. I still remember when the earliest incarnation of Adobe Flash then known as Futurewave was just a 3 person table outside of Netscape Devcon. Flash forward years later and it’s now the tip of the spear for Adobe’s software initiative.
Times have changed, Michelle. As the nonprofit marketplace matures and grows, I sense that the nptech blogosphere will change and grow with it. Collegiality will be more and more subsumed into a more general understanding of the corporate nature of our vendors and more attempts to get behind the veil will keep occurring. I hope to be a part of that and you should be too.
Alan,
You screwed up man – just own it and stop with the rationalizations
Oh Anonymous — I guess you have your own reasons to stay anonymous but it seems you have anointed yourself to be my blogger’s conscience. OK, you’ve got the job.
All I ask from you in the future is that you try to spell my name correctly. A-L-L-A-N.
touché
Convio is a NSA shill. Crooke was and still is MI5.
We got Rhoads Scholars on the management team and the company logo is the Masonic all seeing eye.
Its not even being hidden anymore.
You deserve it slave.
@nationtreasure — you have ANY proof that Convio is part of an international conspiracy built on Masonic Lodges, Rhodes scholars and MI5? I have to admit that you’ve got a wonderful imagination. Have you ever considered writing for tabloids?