You may not have heard of the Open Technology Fund (OTF), but you’ve probably used tools that have gotten its financial support—Tor, Tails, and Signal have all been beneficiaries of the OTF. In Tor’s case, it still receives financial help.
The OTF supports open-source technologies like Tor and Signal that champion free expression, subvert censorship, and inhibit surveillance powers that would erode human freedoms and rights to privacy and security.
It is a worrying development, then, that the OTF’s own grantor, the U.S. Agency for Global Media (USAGM), is considering reallocating the OTF’s 15 million USD budget to a select few closed-source tools, leaving all the projects the OTF supports high and dry.
[Keep up with the latest in privacy and security. Sign up for the ExpressVPN blog newsletter.]
Since being appointed the new CEO of the USAGM, Michael Pack has abruptly fired OTF’s leadership and replaced them with his own aides. This move, along with his lobbying efforts to fund closed-sourced projects, has raised alarm over the likely reallocation of the agency’s pre-existing budget. A “Save Internet Freedom” petition has since emerged to push Congress to preserve the OTF’s budget until the end of the year.
Why open-source matters
To understand why the gutting of an organization like the OTF would be detrimental to internet freedoms and privacy, we need to understand why open-source technology is pivotal in maintaining those freedoms in the first place.
With open-source tools and apps, anyone can have access to the source code to look at and contribute to it. For (free-to-use!) tools as important as Signal, Let’s Encrypt, and Tor Browser, this ability ensures a malicious actor hasn’t injected code into them. You do not get to see the code with closed-source projects.
Even with its financial backing from the USAGM, the fact that the tools the OTF provides are free and open to scrutiny means that the most skeptical can audit the code themselves to see if there’s any tampering. This reduces the risk of vulnerable parties who rely on this technology from downloading a supposedly secure app that actually contains malware.
Their 15 million USD budget may be meagre in comparison with other USAGM-backed projects like Voice of America, but the OTF has a track record of spring-boarding many small developing projects into fully-fledged privacy tools and services that journalists, activists, and wary individuals living in countries without internet freedoms can use to protect themselves from surveillance and snooping.
Its financial dismantlement would put the internet freedoms these tools provide in mortal peril.
Closed-source tools a poor replacement
If these fears are realized, the OTF’s budget will be used to only fund closed-source tools that cannot be vetted by the public for their security.
As the petition explains:
“…these technologies are closed-source, limiting the number of people around the world who are able to access them and making the tools less secure, thus jeopardizing the safety of users and the global public’s trust in US-supported internet freedom technologies.”
As there is no way for the public to vet these government-funded security tools for malware or spyware, this puts people who are often facing oppression and rely on tools to communicate and access the internet safely in a precarious position.
Another step back for online security in the U.S.
Living during a pandemic where we’re seeing an accelerated erosion of individual privacy with contact-tracing apps and prevalent facial recognition, we are also seeing governments take advantage of this unprecedented distraction to push through privacy-degrading legislation that would gut end-to-end encryption.
This move to dismantle the OTF appears no different, although there’s been significant legal pushback since Pack’s appointment, and growing momentum behind its petition to Congress.
The rather grim fate of the Open Technology Fund still remains to be seen, but the fact remains that defunding the OTF would devastate open-source technologies that people around the world rely on to securely access the internet without worrying about whether the app they’re using has spyware or malware that could jeopardize them.
Comments
Ok, great, I agree. What do we do about it? I never saw a clear call to action.
This article seems very narrowly focused and specific to tor, signal advocacy. It might be helpful to make it longer form and cover the wider issues of Trump policy toward encryption and boosting private business friends and feckless foreign policy in general, congress having a broader agenda to kill off encryption for political reasons disconnected from reality of abuses and successes, more discussion of how encryption and open source support can support American policy and agenda, especially in areas of the world that have oppressive government. Fighting to to localized battle will lose the war.