Categories
Uncategorized

There are other funding options than the USG

Four years ago, Sami Ben Gharbia wrote a piece that I had the privilege of editing, entitled “The Internet Freedom Fallacy and the Arab Digital Activism.” I was still relatively new to digital rights activism, and although my politics told me that taking money from the US government for what was pretty clearly democracy promotion was wrong, I was faced with the conflicting opinions of activist friends elsewhere in the world who agreed, but saw no other options.

That is, somewhat unfortunately, where I still stand. I do fundamentally believe that the State Department’s “Internet freedom agenda” is at heart an agenda of regime change, and have made no secret of that opinion. And yet I also sit on the advisory committee of the Open Technology Fund because I believe that, if this money exists, then we have the obligation to guide it in the right direction, rather than allowing it to be funneled to snake oil projects, groups that don’t accept criticism of their potentially risky tools, and other bad actors (you know who you are). But back to that in a moment.

Now, my intended audience for this post is probably folks who work in this scene and are also conflicted about the funding, but for the rest of you, here’s the crux of the issue: If you are opposed to surveillance, then you understand that we’re up against a multi-billion dollar industry that’s colluding with governments who want the utmost control over their populations. The amount of money spent on surveillance in the United States alone is mind-boggling. And we’re fighting with peanuts.

I believe that fighting surveillance requires a number of different approaches, and that one of those is the use of privacy-enhancing technologies. And it’s no secret that many of the privacy-enhancing technologies on which we currently rely, such as Tor and TextSecure, are funded by the US government.

Some folks have taken issue with this, going so far as to call Tor employees “government contractors.” On the one hand, this is pretty sensational talk: In much of Europe, for example, public funding of advocacy isn’t uncommon. On the other hand, there are real issues with implicitly supporting what is ultimately an imperialist agenda by taking US government funds.

Until recently, however, the alternatives to government funding have been minimal. Private foundations provide some funding, but from my vantage point, it seems they’ve mainly been supporting programming, perhaps out of the idea that tools are already well-funded. The solicitation of donations from projects’ websites hasn’t brought in much.

Because of this simple fact, I’ve reconciled my views on the matter to conclude that the funding of free and open source technology by governments is relatively benign, in that these technologies are inherently neutral and used by individuals with a range of political views, despite the goals of funders. In other words, the State Department might fund Tor because it helps Iranians strike against their government, but there’s nothing they can do to stop it from being used by anarchists, American dissidents, etc. I give a lot of credit to friends like Amr Gharbeia for informing my views on this subject.

Still, though, the question nags at me: Isn’t there a better way? In the fall of 2012, I sat at a long table in a San Francisco restaurant as the Freedom of the Press Foundation was conceived (I contributed nothing to the idea, I just happened to be there). While the original idea was to create a method for crowdfunding WikiLeaks that was less likely to be meddled with by governments, the project has expanded to become a rather large funder (through crowdsourcing) of privacy-enhancing technologies. This strikes me as the first step in an increasingly promising direction.

 

PrL-end

 

Yesterday, something pretty amazing happened. Journalist Julia Angwin wrote a piece about Werner Koch, the main developer behind GnuPG, the free and open source version of PGP, a program that enables email and file encryption. Koch, wrote Angwin, is “running out of money and patience with being underfunded.” Despite considerable adoption of the tools after the Snowden revelations in 2013. I spotted the article in a tweet from my friend Trevor Timm, who posted it and urged his followers to donate to Koch’s ongoing fundraising campaign.

This morning, I awoke to find that Koch’s campaign had exceeded its goal of 120,000 €. Each time I refresh the page, the number continues to rise – from 166,000 € when I started writing this piece to 168,000 € now. Facebook and payment service Stripe have each pledged 50,000 € per year. The Core Infrastructure Initiative granted Koch $60,000. On the donations page, Koch wrote today:

As the main author of GnuPG, I like to thank everyone for supporting the project, be it small or large individual donations, helping users, providing corporate sponsorship, working on the software, and for all the encouraging words.

GnuPG does not stand alone: there are many other projects, often unknown to most people, which are essential to keep the free Internet running. Many of them are run by volunteers who spend a lot of unpaid time on them. They need our support as well.

This story is heartwarming, and I hope to see more like it in the near future. But this story brings to light one of the main problems with US government funding: It preferences new and untested tools over those that have been around for some time, used by experts in the field, audited, and proven to work. For every Tor or TextSecure (both of which are audited and work demonstrably well), there are several other tools or projects that receive funding and either fail, or fail to keep people safe.

A friend who asked to remain anonymous has raised this issue with program officers at the State Department, and has been told that such projects should simply “submit a proposal.” The problem with that, of course, is that many of these developers are underfunded and/or unequipped to deal with the bureaucracy of the proposal system, let alone the budgeting required to apply for such a large sum (if I recall correctly, the Department of Democracy, Rights, and Labor only gives grants of $500,000 or more).

Although some projects, such as Radio Free Asia’s Open Tech Fund (full disclosure: I am an advisor), have sought to rectify part of this problem by providing smaller grants to smaller projects, no funder has entirely succeeded in bringing in older projects (like GnuPGP, KeePassX, Pidgin, Adium, Enigmail) which have been in need of ongoing support.

I talked to my friend Samir Nassar, a security trainer, who told me that the “lack of funding for projects like GnuPG enforces a conservatism with a developer’s time. When we approach projects to point out usability problems that don’t easily fit into the traditional bug-fixing methods, we are asking more of the developers than they have time to give. It takes time to show them what the issue is, why it is an issue, and how to fix it—time that developers rarely have because they are unpaid.”

Samir’s comments demonstrate that there are not only political considerations regarding US government funding, but practical ones as well.

It pains me to say this, but this is not an ideal world that we live in, and therefore I cannot stand as strongly against the US Internet freedom agenda as I would like, lest it result in the defunding of all of these important projects. I do, however, think that it’s our duty to ensure that these projects and tools have alternative revenue streams, so that we can cease to be dependent on a pot of money that is most often in direct contradiction to our goals.

 

PrL-end

 

Despite a lack of attention, many of the projects we mention in this piece accept donations. The following are a few that you can donate to:

  • Adium
  • Instant Messaging Freedom, Inc. (supports Adium, Pidgin, Finch, Vulture, libpurple)
  • KeePassX (see donate button on lower left side of page)
  • KDE
  • Update 2/7: A reader writes in to add OTR, saying: “People see and use the clients  that integrate it, but often forget that it’s a separate project that also needs love.”
  • Update 2/8: @ageis suggests adding GPGTools.

Did I leave something out? Shoot me an email or let me know in the comments.

25 replies on “There are other funding options than the USG”

One-time donations and traditional crowdfunding are great, but devs and project managers and admins have families and bills and understandably want to know where their next month’s rent is coming from. Yet it’s understandably frustrating for donors to try to manage recurring pledges in every project’s system.

There’s snowdrift.coop, who are trying to solve the funding collective-action problem for open-source software more generally, but they haven’t fully launched yet. In the meantime (or just for an easier-to-grok funding model) I’d love to see more projects using Patreon or something like it.

We’ve just recently started to build these tools, but I think they stand poised to be real game-changers in how we fund this kind of work.

Thanks Kevin,

I’m not suggesting that one-off crowdfunding campaigns will solve the problem, but user donations work – I know this, because they make up a large percentage of EFF’s donations annually. I agree with you about subscriptions – I pay monthly to use riseup’s infrastructure, more folks should think of the free tools they use in this way.

-J

Yeah, user donations do work. Even in the nonprofit world I wish organizations had better ways of getting and keeping me involved and supporting them. The current state of the art appears to be regular mass mailings, physical and electronic, which scale badly for everyone. There’s got to be a better way. (I’ve been thinking a bit about what “Mint.com for charitable giving” might look like.)

Heck, can we get the EFF on Patreon?

Dear Jilian:

Good article! Thank you for your willingness to speak honestly about these issues. As I read about your conflicted feelings about the fact that Internet freedom tech is almost completely dependent on US Gov funding — conflicted feelings that I share — I began to wonder: what about funding from other governments?

My interest in this is piqued, not because I think other governments that provided funding would necessarily be *better* than the US Gov, but because support from multiple independent governments might protect Internet freedom tech from inappropriate pressure by any one of those governments.

What do you think?

Regards,

Zooko

Hi Zooko:

Thanks! This is a tricky question for me. I think the motivations of each government in getting involved with “Internet freedom” (which I will heretofore refer to without quotes for simplicity’s sake) differ, but from my experience with the Freedom Online Coalition, it’s pretty clear that the US dictates a lot of how programs are created and funds are spent. The US has also begun funding foreign funders (Hivos is the best example of this), which I find troubling, as it obscures where the funding is coming from (my guess is those applying for Hivos funds assume their money comes from the Dutch, not the American, government).

I’m not diametrically opposed to taking funds from government, small g. I believe that if there is a state, it should fund the arts, for example. But in this particular instance, things get tricky, and I think we have to ask ourselves: What is our purpose in building these tools? What is the outcome we hope for? Are we opposed only to surveillance when conducted by “authoritarian” governments (which is the funding goal of all of the Western governments) or are we opposed to it everywhere?

I still think the “neutrality” (I got chastised for using that term, and I get it’s problematic) rule applies, though: If the technology can be used for multiple purposes, if it is open source, if it can be used against China or say, Sweden, then I have less of a problem taking government funds than if the funding were for something “less neutral” (say, programming).

Still, I’d like to see a greater variety of governments in the funding game before I can feel comfortable with what I’ve just said. As it stands, the governments funding Internet freedom (Sweden, the Netherlands, the US, primarily) are all directly part of the imperialist project, to varying degrees. Which, to speak directly to your point, doesn’t particularly protect tech from inappropriate pressure – if Sweden can’t stand up to the US on rendition, I doubt it can on backdoors.

Best,
Jillian

Thanks Kevin,

Well, you can give a recurring donation to EFF via our own website, but Patreon is pretty neat – I use it to fund a couple of freelancers. Agree that mass mailings (particularly physical!) scale badly and aren’t always effective (probably because of sheer volume), though.

Best,
Jillian

Some other “internet freedom” and/or encryption/privacy-related Free Software projects that accept donations:
* Enigmail (if you’re using GnuPG chances are you are also using Enigmail)
* NoScript (the TBB uses it for a good reason, and it’s one of my essential web browsing add-ons)
* Tox (this could become an easily-recommendable Skype substitute)
I could go on and name 30 or 40 projects (I actually maintain a list), but I think these are some software products that are readily usable and directly related to the mentioned issues.

While the tools you posted are important to security they are nothing without a secure platform on which to perform. I speak of Tails and Tor, the two most singly important tools to modern security for the average person. Both projects have accepted donations and both have received little. Its apparent the issue lies with users, who like all citizens will sell their rights for nothing.

Coincidentally, I just ran across this thread again today, after having read this survey article about the state of the art of Tor: http://eprint.iacr.org/2015/235

It was funded by a research programme of Qatar. Is Qatar, in your opinion, also part of the imperialist agenda? Honest question.

In any case, it was a great survey article. :-)

Regards,

Zooko

Leave a Reply to Zooko Cancel reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.