Tools for encryption and anonymity

Germany and Europe need to step up to their responsibility

Much of the funding of projects for the technical implementation of digital freedoms is threatened by the Trump Government. It is now time for Germany and Europe to step into the breach and provide adequate and sustainable funding for the development ecosystem. A commentary.

Vereinfachte Pixabay Lizenz Gerd Altmann

The continuing erosion of the political and legal protection of civil liberties has led to a situation where freedom of information and communication and the right to privacy and anonymity become increasingly dependent on technology. Digital self-defence has many facets: anonymisation tools such as Tor, end-to-end encryption such as WireGuard or Signal, securing website access with LetsEncrypt or the tools for reproducible builds, which ensure that the software you install has actually been created from source code that someone has checked for security holes. This ecosystem of software and infrastructure has grown exponentially since the Snowden revelations.

Many of these projects have one thing in common: Their development is funded by the US government, often with money from the Open Technology Fund (OTF). Some projects like Tor also receive money from the US State Department and other US government agencies. But why would the US government fund technology development that makes life difficult for the NSA intelligence agency?

Propaganda and human rights technology

The answer lies in the remit of the higher authority of the OTF, the US government station Radio Free Asia, which in turn is part of the US Agency for Global Media. (Update: The OTF now reports directly to the USAGM.) Since the target countries of US propaganda broadcasters have increasingly relied on Internet censorship with large filter systems, there has been a convergence of interests between people who develop encryption and anonymization tools and US government agencies who want to get their view of things through the censorship firewalls. OTF-funded software is now used by around two billion people. Fears of built-in backdoors have been countered by making the software available as open source.

It was a strange alliance, which of course was and is not free of problems. Whoever gives the money determines the priorities. Which in the case of Tor, for example, meant that for a long time, the primary focus has been the circumvention of censorship firewalls. Features that provide better true anonymity like the Tor Hidden Services or Slow Anonymity Designs were less of an priority for a long time. This has started to change recently with the OTF funding for the improvement of the Onion Services and other more privacy-centered projects. The discussion about making Tor’s funding structure in particular more independent of US government interests has been around for many years, but not much progress was made. The same is true for many other projects.

After all, it’s much more convenient to obtain funding for the next two years with a grant application than to finance oneself with small donations, subject to fluctuations and requiring labor-intensive community support. In Germany, netzpolitik.org is one of many similar organisations facing very similar problems. If and when OTF is truly gutted, the chickens will have come home to roost with regard to this failure to find broader financing. The Trump administration has replaced the entire management staff of the authorities and organisations from whose budgets the financing of the tools and infrastructure used to come.

There are clear signs that the new bosses prefer to give the money to commercial closed-source projects from the vast swamp of the usual US military contractors, which are very specifically tailored to the propaganda agenda and will not be a nuisance to the NSA. Protests almost immediately ensued.

New financing approach

Even if this attack by the Trump government against the funding of important anonymisation and encryption solutions can still be fended off, the threat of OTF funds being lost should be an urgent reminder to all to take action to create a broader financial basis for such globally important initiatives. The strong dependence on the United States has become a systemic problem for the defence of human rights in the digital space. After all, Donald Trump could be elected a second time. Even if many in Europe would like to ignore the idea, a second term of office for this man will mean further financial threats to progressive projects. The United States until now has been an important donor to projects that support human rights and free communication.

European countries, and especially the richer countries like Germany, must therefore be asked how they will increase their commitment to paying for infrastructure and software projects that translate into the technical domain the values of the Human Rights Convention and the EU Charter of Fundamental Rights. These are initiatives that develop and support software that quite simply saves lives in some parts of the world and is vital to enabling communication and information transfer in many others. They need to be given preferential treatment and their project funds must be increased.

Less bureaucracy

But money alone is not enough. The usual hamster wheel of applications, stress with follow-up financing and uncertainty with regard to funding cannot continue. What is needed is a generous European system for unbureaucratic, rapid and continuous funding of non-commercial open source projects and academic research that lays the foundations for non-surveilled communication, network use without tracking and resistance to censorship. A large part of the software infrastructure of the digital sphere is now based on open source projects which, given their scope and importance, can no longer only be developed as a hobby of individual enthusiasts.

Because these things will probably take too long on the European level, Germany must set a good example here. Instead of pandering to an agency for better cyber weapons, it must provide a non-governmental institution – a foundation, for example – with funds in the order of over one hundred million Euros per year. Anyone who is now sharply inhaling should consider that this sum is roughly equivalent to a Jäger 90 fighter jet, which is now probably called the Eurofighter.

Eurofighter
German Eurofighter CC-BY-SA 3.0 Krasimir Grozev

The only task of this foundation should be the financing of open source projects. With these funds, both new and ongoing developments and the urgently needed continuous security audits of the code could finally be adequately financed. The bureaucracy for funding must be kept to a minimum, decisions will have to be made quickly while involving experts in the respective field, and the structure has to be geared towards the long-term maintenance of the ecosystem.

The Prototype Fund, for example, has already provided valuable experience of how this can be done. The sums were of course much smaller, but the selection procedure is worthy of emulation. It is important to note that this is a way of supporting small developer groups and research projects whose code actually holds the world together and protects human rights in practice around the world. Large research institutions should only be considered on a case-by-case basis, as they already pay dozens of experts for fundraising and have shown often enough that they only rarely produce software that can be used in practice. Proven once again with the aborted first attempt of the German Corona app. (The successful second attempt was done by large corporations, but under an open source model.)

Two birds with one stone

The establishment of an institution for the systematic promotion of open source projects will also prove to be an important economic factor. Open source code now forms the basis for most technologies on which the German and European economy depends. Stabilising the sector in the long term and, quite incidentally, thoroughly improving the security of the components is a good idea, not only from a human rights perspective. It will also serve as a stabilizing factor in the coming trade wars, likely to become essential for Europe especially with regard to secured access to important technologies.

The fight for human rights in particular is dependent on technical tools, in large part due to the failure of politics and the spread of undemocratic and pseudo-democratic power structures. The recent action of the Trump government is an urgent wake-up call that Germany and Europe must now finally take their share of responsibility so that these tools, which are literally vital for the survival of many, will continue to be available in the future. Not having these tools, or continuing to rely on the United States to provide them are no longer options.


There is a German version of this text.

Du möchtest mehr kritische Berichterstattung?

Unsere Arbeit bei netzpolitik.org wird fast ausschließlich durch freiwillige Spenden unserer Leserinnen und Leser finanziert. Das ermöglicht uns mit einer Redaktion von derzeit 15 Menschen viele wichtige Themen und Debatten einer digitalen Gesellschaft journalistisch zu bearbeiten. Mit Deiner Unterstützung können wir noch mehr aufklären, viel öfter investigativ recherchieren, mehr Hintergründe liefern - und noch stärker digitale Grundrechte verteidigen!

 

Unterstütze auch Du unsere Arbeit jetzt mit deiner Spende.

0 Ergänzungen

Wir freuen uns auf Deine Anmerkungen, Fragen, Korrekturen und inhaltlichen Ergänzungen zum Artikel. Unsere Regeln zur Veröffentlichung von Ergänzungen findest Du unter netzpolitik.org/kommentare. Deine E-Mail-Adresse wird nicht veröffentlicht.