Pages

Saturday, 25 December 2021

New German Sovereign Tech Fund will fund open source digital infrastructure to avert the next log4j

XKCD cartoon of an intricate tower made of blocks, all resting on a tiny block near the bottom, whose removal would topple the building. The top is called All modern digital infrastrucutre. The tiny block is marked as A project some random person in Nebraska has been thanklessly maintaining since 2003

The famous XKCD cartoon has resulted in an open source digital infrastructure fund. Thank you Randall.

Late in the afternoon, just before a national holiday, is not the best time to get attention. Which is probably the main reason that the press did not (yet) write about what Franziska Brantner (the new Green deputy minister for the economy) wrote on Twitter:

We will tackle the Sovereign Tech Fund! Log4j has shown that sustainably secured and reliable open source solutions are the basis for the innovative strength and digital sovereignty of the German economy. We will therefore promote open source enabling technologies from 2022 onwards.

[[Log4j]] is a security vulnerability in a 21-year old Java library that is used a lot, which is easy to exploit and existed for almost a decade before being noticed. As a Free and Open Source Software (FOSS) it was used widely and produces a lot of value, despite there not being much funding for producing FOSS. In this way much of the digital economy depends on the dedication of unpayed hobbyists, as XKCD Explained explains well.

The German Sovereign Tech Fund will step into this gap. We will have to see how the government will implement it, but the name comes from a feasibility study by the Open Knowledge Foundation, which proposed a fund to support "the development, scaling and maintenance of digital and foundational technologies. The goal of the fund could be to sustainably strengthen the open source ecosystem, with a focus on security, resilience, technological diversity, and the people behind the code."

Such a fund had not explicitly made it into the coalition agreement of the new government to the lament of the FOSS community. Although it does fit to the spirit of the agreement. 

Deputy minister Franziska Brantner carbon copied Patrick Beuth, a journalist who recently wrote about log4j in the magazine Der Spiegel and mentioned the Sovereign Tech Fund as a solution. So log4j seems to have been the clincher.

This announcement adds to a period of hope for digital rights. Most of my life they have become worse, more privacy for the powerful, more vulnerability for us. Things which were protected in the analogue world (taking to each other, sending a letter) have been criminalized and subjected to surveillance. The fast creation of abusive monopolies is the official business model in Silicon valley. Social media monopolies sprouted who do not care how much damage they do to society and our democracy, while Europe was increasingly becoming a digital colony. 

However, lately with the EU privacy law, the rise of the Fediverse, the upcoming EU Digital Services Act and a good coalition agreement in Germany, it is starting to look like it is actually possible for digital right to improve.

This proposal is for a fund of 10 million Euro per year, which is a good start. Especially when similar EU proposals also manage to get funded. There is also project funding for new software tools: the Prototype Fund in Germany or the Next Generation Internet (NGI) and NGI-zero initiative in Europe. 

What I feel is still missing are stable public institutions where coders can jointly work on large tasks, such as maintaining Firefox or extending what is possible in the Fediverse. If we would compare the situation in software to science, we now have funding for projects by the National Science Foundation and agencies, but there are no equivalents yet of the National Institute of Health, research institutes or universities.

More in general we need a real solution to invest in goods and services with enormous societal and economic value that do not have much market value (research and development, security, (preventative) healthcare, weather services, justice, software, (digital) infrastructure, governance, media, ...). We are no longer in the 19th century. These kinds of cases are an increasing large part of the future economy.

Related reading

Patrick Beuth (Der Spiegel): Wie löscht man ein brennendes Internet?

XKCD Explained on the XKCD on software dependencies.

The digitization section of the coalition agreement in English.

Monday the 27th of December there is a session on the Sovereign Tech Fund at the remote Chaos Computer Congress.

Digital Services Act: Greens/EFA successes

Micro-blogging for scientists without nasties and surveillance

No comments:

Post a Comment

Comments are welcome, but comments without arguments may be deleted. Please try to remain on topic. (See also moderation page.)

I read every comment before publishing it. Spam comments are useless.

This comment box can be stretched for more space.