By Govind Shivkumar, Director of Responsible Technology, Omidyar Network and Alex Krasodomski-Jones, Director of the Centre for the Analysis of Social Media, Demos
Omidyar Network has always believed in the promise and power of digital technology to connect people across communities and continents, empower them through knowledge, and honor their freedom to express themselves. We believe in the spirit of collaboration, accountability, and transparency that has guided Internet creators and users since its beginning. And we want to create and inhabit a digital world built upon the bedrock of openness.
We are idealists in this way, but we are not naive. We understand that powerful forces are imperiling the open-source software and open standards that the free and open Internet relies on. The field building this digital infrastructure is run largely by volunteers and is continually at risk of collapse from a lack of maintenance, resources, and diversity.
That is why Omidyar Network was proud to support the creation of “The Open Road,” a new report by our partners at Demos that vividly highlights the many dangers facing open infrastructure — and lays out a clear and achievable path to securing its sustainable future. In short, the report urges philanthropies to take concrete steps, with significant funding, to bolster open-source software and open standards, and the people who keep the infrastructure working.
The value of open-source code and the movement behind it
Everything from hospitals and banks to social media and messaging platforms run on open-source software; that is, mostly free “source code” that anyone can inspect, modify, and enhance to build their own digital applications. In complement, open standards — like HTML, a common way of coding a website — help facilitate interoperability and data exchanges between different products or services. Both of these “encourage a decentralized community of developers to collaborate on projects and jointly benefit from the resulting software”.
A secure, open technology system is immensely valuable to companies and governments. It facilitates connections between their technologies and other systems, which increases the value of their tools; it is easy to adopt and make changes; and it avoids the pitfalls of reinventing the wheel or reinvesting resources. Because of that vast flexibility, developers and engineers can innovate for the user’s needs faster and more cost-effectively, giving the public a meaningful choice of which interconnected apps, devices, technologies they want to use.
“More openness means more innovation. More transparency means more scrutiny, which means fewer overlooked security vulnerabilities. Openness favors the development of ‘good technology,’ which embeds privacy, security, and other protections in its design.”
The challenges facing open infrastructure
The ecosystem is vast and acutely vulnerable. Period catastrophes like the Heartbleed bug which was exposed in 2014, and later security flaws, such as log4shell and log4J, threatened millions of digital applications worldwide. Other weaknesses are simply the result of neglect and lack of proper investment and upkeep. When security vulnerabilities cause cracks in the infrastructure, allowing malicious actors to wreak havoc, the startled world briefly takes notice.
In a twist to the familiar metaphor “The Internet is Burning”, the flames of these crises are like burning ethanol; deadly but impossible to see. And those tasked with extinguishing the blazes are shoestring operations, underfunded, unrecognized, demoralized, and weary. It is as if the world wants only volunteer firefighters to protect our cities and towns — our very society — but demands that they work without proper equipment, pay, support, or even sleep.
This is not an argument for closed proprietary systems. They, too, are perennially vulnerable to malicious attacks. The best way forward is to preserve the democratic and collaborative values of openness while keeping its defenses robust and sustainable. We need to take care of the Internet’s open-source developers, help audit their codebases for vulnerabilities, and provide governance support to the nonprofit institutions charged with maintaining standards.
The open road ahead
We know that the open infrastructure ecosystem is fragile and needs defending, and we welcome partners who want to join us in that good work.
About a year ago, we started exploring the area of “Secure Open Technology Systems” as part of our Responsible Technology theme. We are currently working at the intersection of open-source software, open standards, and open protocols to preserve interoperability and Internet security. As a means to sustain an open and secure Internet, we are also supporting the scaling of digital public infrastructure as well as fighting against disinformation. Some of our current partners include Atlantic Council, Aspen Institute, Co-Develop, Digital Public Goods Alliance, Global Cyber Alliance, MOSIP, Open Source Technology Improvement Fund, and more. Together these leaders are informing Internet stakeholders about the challenges and opportunities facing open digital infrastructure; helping to create tools and support those maintaining open-source resources; and collectively attracting more funding and attention to secure open-source tech.
Defending the principles and the people working in the open infrastructure system, the report says, will require radical and systemic change. Whether we are working in philanthropy or tech or commerce or academia we need to unite and work together to solve this problem. Our values — democracy, inclusion, innovation, openness, interconnectedness, transparency, and accountability — are infused in every element of our social, economic, and political lives through this irreplaceable infrastructure.
Our shared goal should be sustainability. This means tackling funding shortfalls, licensing disputes, inequality, burnout, and exclusion. The report contains many excellent recommendations to save open infrastructure by supporting open-source communities. The list of ideas includes the study and implementation of open standards and governance tools, assessing existing training and documentation for developers to make the internal case for funding the open-source community, and writing policy papers and primers assessing how software bills of materials (SOBMs) and changes to government procurement could be used as a lever on the system.
The report is powerfully constructive and creative in the solutions it offers. But it concludes with a dire warning:
“If this ecosystem cannot be sustained, its death will be slow and imperceptible. Development will take place in ever more privatized spaces. Licensing will gradually become less permissive. Entry for new participants will get gradually more difficult. The ramifications of this would be enormous: a fractured web controlled by a handful of competing states and corporations under whom individual power and agency to shape the digital landscape will be a distant memory.”
This nightmare need not come true. The report’s recommendations, elaborated at length here, boil down to a series of commitments by philanthropies willing to join this worthy endeavor.
No single intervention can repair a system as large and complex as that of open digital infrastructure. But it is vital that we band together to begin the job. It starts by simply recognizing that this is critical infrastructure — not just technically, but socially — and urging policymakers, elected representatives, civil society, and private businesses of all sizes and inspiring them to mount a collective defense.