It’s fair to say that the interests of governments and the FOSS community are not always aligned. That’s not to say that the US government is out to crush every FOSS project or that every FOSS user is on a secret mission to destroy the government. Nonetheless, the relationship is often a strained one.
So it shouldn’t be surprising that the Open Source community gets a little restless when it learns that the government has its hands in an open-source project—particularly when we discover it’s secretly pouring money into the pockets of developers to develop features it requires. And, when the government agency in question is the CIA—well, you can understand why some feathers are rustled.
It shouldn’t be surprising to learn that the CIA is a big investor in tech development. After all, if there’s one thing we’ve learned from spy movies and TV, it’s that spies love their gadgets.
But although the movies may show us scenes of secret underground laboratories, the truth is that developing technology from scratch is expensive. Just like any large organization, the CIA usually prefers to use an off-the-shelf solution when it’s available. But what does it do when the solution it needs isn’t ready to ship? What if the team developing the project is struggling to secure the funding it needs to bring its product to the market?
If there’s a suitable commercial project in development, the answer is venture capital. The CIA has its own venture capital branch called In-Q-Tel . In-Q-Tel’s mission is to get the required technology into the hands of the CIA’s analysts and agents as soon as possible. It does that by using its money to support the R and D costs of public companies who are working on similar products.
Of course, as Silicon Valley continues to embrace open source, that means a number of open-source projects actually are funded by the CIA. Docker is one example of a high-profile open-source firm that was secretly funded by the CIA.
Given the recent FBI demands to insert back doors into iPhones to "help investigate criminals", you can understand why some privacy advocates are worried as to how much control the CIA exerts over some of these projects.
Of course, adding a back door to Docker would be quite hit-and-miss as a spying strategy. It seems more likely to me that the CIA wants to steer the project to meet its own container needs. And, it could be that the CIA is so steeped in secrecy that "covertly" funding development is merely an extension of its modus operandi.
But even if spying on end users isn’t the goal, another concern is that projects like Docker could be steered in the wrong direction. Ideally, the features added to Docker should reflect the needs and desires of the community. But when a backer like In-Q-Tel starts throwing huge stacks of money at the board to get the features it wants, there’s a real risk that genuine requests from the community will be ignored.
That said, there are cases where the community has benefited from work by the government. Tor is an example of one such project—it was originally developed by the US Navy. Now it’s an essential privacy tool. Whistleblowers and private citizens all over the world depend on it to protect them from government surveillance.
And, there are cases where a lack of funding means useful open-source tools are abandoned before they are fully developed. Often investors are cautious to spend money on a product that will be given away for free.
What’s your take on the CIA funding the development of open-source software? Do you have concerns, or do you feel it’s beneficial to the community? Let us know in the comments area below.