6/22: Since this is still getting shared, I should note that I resigned from OTF’s Advisory Board in early June.
Four years ago, Sami Ben Gharbia wrote a piece that I had the privilege of editing, entitled “The Internet Freedom Fallacy and the Arab Digital Activism.” I was still relatively new to digital rights activism, and although my politics told me that taking money from the US government for what was pretty clearly democracy promotion was wrong, I was faced with the conflicting opinions of activist friends elsewhere in the world who agreed, but saw no other options.
That is, somewhat unfortunately, where I still stand. I do fundamentally believe that the State Department’s “Internet freedom agenda” is at heart an agenda of regime change, and have made no secret of that opinion. And yet I also sit on the advisory committee of the Open Technology Fund because I believe that, if this money exists, then we have the obligation to guide it in the right direction, rather than allowing it to be funneled to snake oil projects, groups that don’t accept criticism of their potentially risky tools, and other bad actors (you know who you are). But back to that in a moment.
Now, my intended audience for this post is probably folks who work in this scene and are also conflicted about the funding, but for the rest of you, here’s the crux of the issue: If you are opposed to surveillance, then you understand that we’re up against a multi-billion dollar industry that’s colluding with governments who want the utmost control over their populations. The amount of money spent on surveillance in the United States alone is mind-boggling. And we’re fighting with peanuts.
I believe that fighting surveillance requires a number of different approaches, and that one of those is the use of privacy-enhancing technologies. And it’s no secret that many of the privacy-enhancing technologies on which we currently rely, such as Tor and TextSecure, are funded by the US government.
Some folks have taken issue with this, going so far as to call Tor employees “government contractors.” On the one hand, this is pretty sensational talk: In much of Europe, for example, public funding of advocacy isn’t uncommon. On the other hand, there are real issues with implicitly supporting what is ultimately an imperialist agenda by taking US government funds.
Until recently, however, the alternatives to government funding have been minimal. Private foundations provide some funding, but from my vantage point, it seems they’ve mainly been supporting programming, perhaps out of the idea that tools are already well-funded. The solicitation of donations from projects’ websites hasn’t brought in much.
Because of this simple fact, I’ve reconciled my views on the matter to conclude that the funding of free and open source technology by governments is relatively benign, in that these technologies are inherently neutral and used by individuals with a range of political views, despite the goals of funders. In other words, the State Department might fund Tor because it helps Iranians strike against their government, but there’s nothing they can do to stop it from being used by anarchists, American dissidents, etc. I give a lot of credit to friends like Amr Gharbeia for informing my views on this subject.
Still, though, the question nags at me: Isn’t there a better way? In the fall of 2012, I sat at a long table in a San Francisco restaurant as the Freedom of the Press Foundation was conceived (I contributed nothing to the idea, I just happened to be there). While the original idea was to create a method for crowdfunding WikiLeaks that was less likely to be meddled with by governments, the project has expanded to become a rather large funder (through crowdsourcing) of privacy-enhancing technologies. This strikes me as the first step in an increasingly promising direction.
Yesterday, something pretty amazing happened. Journalist Julia Angwin wrote a piece about Werner Koch, the main developer behind GnuPG, the free and open source version of PGP, a program that enables email and file encryption. Koch, wrote Angwin, is “running out of money and patience with being underfunded.” Despite considerable adoption of the tools after the Snowden revelations in 2013. I spotted the article in a tweet from my friend Trevor Timm, who posted it and urged his followers to donate to Koch’s ongoing fundraising campaign.
— Trevor Timm (@trevortimm) February 5, 2015
This morning, I awoke to find that Koch’s campaign had exceeded its goal of 120,000 €. Each time I refresh the page, the number continues to rise – from 166,000 € when I started writing this piece to 168,000 € now. Facebook and payment service Stripe have each pledged 50,000 € per year. The Core Infrastructure Initiative granted Koch $60,000. On the donations page, Koch wrote today:
As the main author of GnuPG, I like to thank everyone for supporting the project, be it small or large individual donations, helping users, providing corporate sponsorship, working on the software, and for all the encouraging words.
GnuPG does not stand alone: there are many other projects, often unknown to most people, which are essential to keep the free Internet running. Many of them are run by volunteers who spend a lot of unpaid time on them. They need our support as well.
This story is heartwarming, and I hope to see more like it in the near future. But this story brings to light one of the main problems with US government funding: It preferences new and untested tools over those that have been around for some time, used by experts in the field, audited, and proven to work. For every Tor or TextSecure (both of which are audited and work demonstrably well), there are several other tools or projects that receive funding and either fail, or fail to keep people safe.
A friend who asked to remain anonymous has raised this issue with program officers at the State Department, and has been told that such projects should simply “submit a proposal.” The problem with that, of course, is that many of these developers are underfunded and/or unequipped to deal with the bureaucracy of the proposal system, let alone the budgeting required to apply for such a large sum (if I recall correctly, the Department of Democracy, Rights, and Labor only gives grants of $500,000 or more).
Although some projects, such as Radio Free Asia’s Open Tech Fund (full disclosure: I am an advisor), have sought to rectify part of this problem by providing smaller grants to smaller projects, no funder has entirely succeeded in bringing in older projects (like GnuPGP, KeePassX, Pidgin, Adium, Enigmail) which have been in need of ongoing support.
I talked to my friend Samir Nassar, a security trainer, who told me that the “lack of funding for projects like GnuPG enforces a conservatism with a developer’s time. When we approach projects to point out usability problems that don’t easily fit into the traditional bug-fixing methods, we are asking more of the developers than they have time to give. It takes time to show them what the issue is, why it is an issue, and how to fix it—time that developers rarely have because they are unpaid.”
Samir’s comments demonstrate that there are not only political considerations regarding US government funding, but practical ones as well.
It pains me to say this, but this is not an ideal world that we live in, and therefore I cannot stand as strongly against the US Internet freedom agenda as I would like, lest it result in the defunding of all of these important projects. I do, however, think that it’s our duty to ensure that these projects and tools have alternative revenue streams, so that we can cease to be dependent on a pot of money that is most often in direct contradiction to our goals.
Despite a lack of attention, many of the projects we mention in this piece accept donations. The following are a few that you can donate to:
- Instant Messaging Freedom, Inc. (supports Adium, Pidgin, Finch, Vulture, libpurple)
- KeePassX (see donate button on lower left side of page)
- Update 2/7: A reader writes in to add OTR, saying: “People see and use the clients that integrate it, but often forget that it’s a separate project that also needs love.”
- Update 2/8: @ageis suggests adding GPGTools.
Did I leave something out? Shoot me an email or let me know in the comments.