Transparency, Openness, and Our 2016 and 2017 Financials

by arma | December 8, 2018

 

After completing a standard audit for 2016, our 2016 federal tax filings and audit, along with our 2017 federal tax filings, are available. We publish all of our related tax documents because we believe in transparency.

The 2016 documents are alas quite late. We followed the recommendation from 2015 of getting fresh auditors (because in theory fresh auditors will look for new things), but that process turned out to be way more bumpy than anybody expected. We’re sorry about that. On the plus side, we have the 2017 tax filing document available for you now, too.

In 2017, we changed our fiscal year to be "July through June" — having our fiscal year end right in the middle of fundraising season (Dec 31)  makes it harder to plan budgets. So expect our next standard audit to cover "January 2017 through June 2018," and expect our next financial document to be for the same period (18 months). The audit document and tax filing for the six month period ending 06/30/2018 should be available in January.

Transparency for a privacy project is not a contradiction: privacy is about choice, and we choose to publish all of these aspects of our work in order to build a stronger community. From a development perspective, transparency doesn't just mean that we show you our source code (though of course we do). The second layer to transparency is publishing specifications to explain what we intended to implement in the source code. And the layer above that is publishing design documents and research papers to explain why we chose to build it that way, including analyzing the security implications and the trade-offs of alternate designs.

The reason for all these layers is to help people evaluate every level of our system: whether we chose the right design, whether we turned that design into a concrete plan that will keep people safe, and whether we correctly implemented this plan. Tor gets a huge amount of analysis and attention, from professors and university research groups down to individual programmers around the world, and this consistent peer review is one of our core strengths over the past fifteen years.

Starting partway through 2016, the board has also started publishing the minutes for each board meeting. The minutes aren't particularly exciting—and that's a good thing—but we hope they contribute a new angle to transparency.

Some observations to help you read through the 2016 and 2017 financial documents:

  • Tor's annual revenue in 2016 was stable compared to 2015, at almost $3.2 million. That's good news because it shows our stability during Shari Steele's transition to becoming our Executive Director.
  • In 2017 the revenue grew by almost $1 million. That's great, but what's even more great (check out page 41) is that most of the growth came from increased support by foundations and by corporations (Mozilla and DuckDuckGo). We've been wanting for several years now to get away from having too much of our budget centered on US government funding, and 2016 and especially 2017 represent solid progress toward this goal.
  • In terms of percentages, while 2015 saw 85% of our funding coming from US government sources, 2016 saw the fraction drop to 76%, and in 2017 we're down to 51%. The numbers and percentages over the years deserve their own blog post to make it clear how we classified everything, which I'm going to save for later so I don't delay this post further.
  • Tor's budget, even at the 2017 level, remains modest considering the number of people involved and the impact we have. And it is dwarfed by the budgets that our adversaries are spending to make the world a more dangerous and less free place.
  • Check out the comment sections on the previous posts for previous years' versions of the usual "omg government funding" and "omg transparency" discussions. You might find this comment more useful than the rest.
  • When people ask me about Tor funding, I explain that we have four categories of funders: (A) Research funding from groups like the National Science Foundation to do fundamental research on privacy and censorship, including studying how to improve Tor's performance and safety, and inventing new censorship circumvention techniques. (B) R&D funding from groups like Radio Free Asia and DARPA to actually build safer tools. Different funders might have different audiences in mind when they help us make Tor Browser safer and easier to use, but they want the same things out of Tor Browser: in all cases we make all of our work public, and also remember that anonymity loves company. (C) Deployment and teaching funding from organizations like the US State Dept and Sweden's foreign ministry to do in-country security trainings, user-oriented documentation, and otherwise help activists around the world learn how to be safer on the internet. (D) Core organizational support, primarily from individual donations (that's you!) and the Mozilla match, to cover the day-to-day operations of the non-profit, and most importantly to let us spend time on critical tasks that we can't convince a funder to care enough about.
  • More generally, I should take a brief moment to explain how funding proposals work, for those who worry that governments come to us wanting to pay us to do something bad. The way it works is that we try to find groups with funding for the general area that we want to work on, and then we go to them with a specific plan for what we'd like to do and how much it will cost, and if we're lucky they say ok. There is never any point where somebody comes to us and says "I'll pay you $X to do Y."
  • In 2016 we counted $630k in "donated services," that is, volunteers helping with translations, website hosting, and contributed patches (thank you!). In 2017 we started accounting for donated services differently, by writing about them in the attachments at the end rather than directly in Schedule D.
  • The 2017 form has a "Schedule B Contributors" list, which it is standard practice for the accountants to anonymize (in case some contributors want to stay anonymous). Here's how they match up to funder names: contributors #1-6 correspond to SIDA, NVF, Mozilla, DRL, NSF part one, and NSF part two (I'm not sure why they were split up); and contributor #7 is a grant from the Knight Foundation for the Library Freedom Project.

In closing, remember that there are many different ways to get involved with Tor, and we need your help. For examples, you can donate, volunteer, and run a Tor relay.

Comments

Please note that the comment area below has been archived.

December 08, 2018

Permalink

In terms of percentages, while 2015 saw 85% of our funding coming from US government sources, 2016 saw the fraction drop to 76%, and in 2017 we're down to 51%.

Wait until Yasha "I-can-haz-FOIA" Levine discovers this paragraph to produce another one of his repugnant "news" articles. Thankfully at this rate Yasha will be out of business in 2024.

Gosh, is he even still a thing?

While I admit that it is easy to poke fun at him for not understanding how the security field works, people like that thrive on attention and outrage. So if you do think the articles are unhelpful, the right thing to do is to stay strong and not give in to the temptation to keep bringing it up.

There's so much important and hard work to do in making stronger tools, and in helping people understand why stronger tools are needed, and at the same time there are many well-funded groups trying to undermine these goals and looking for ways to drive us apart. We need to be aware of how the attention economy works, and help everybody stay focused on these long-term goals.

December 08, 2018

Permalink

@ arma (Roger):

First, this information is long overdue, and I am not quite convinced that you have resolved the question of why exactly it took so long. But I'm glad it has finally been made public and I may have more comments once I've had a chance to study the documents.

I am one of the long time Tor users (from even before Vidalia) who has long urged Tor Project to move toward grassroots user funded support rather than relying on politically vulnerable and ethically highly questionable USIC/USG tied grant monies, and I have expressed strong support for the efforts of Shari and now Isa in achieving that transition. In fact, in the post above you cited your reply to one of my previous "rockets".

IMO you should not have neglected to mention some troubling facts about certain major TP sponsors past and present.

> B) R&D funding from groups like Radio Free Asia and DARPA to actually build safer tools. Different funders might have different audiences in mind when they help us make Tor Browser safer and easier to use, but they want the same things out of Tor Browser: in all cases we make all of our work public, and also remember that anonymity loves company.

Translation: from the POV of USIC tor-lovers, the ordinary citizen users exist to hide US spooks from counterintelligence. As one of the ordinary citizens, I beg to demur. I do not feel that the needs of human rights workers, in particular, is subordinate to the needs of the spooks, and as a human rights NGO, TP should agree with that. Which means TP needs to avoid taking funding from CIA/Pentagon tied sources.

For those who don't know: DARPA is Defense Advanced Research Projects Agency, the Pentagon applied research agency, and some of their other research grants are troubling, to say the least. In particular, as you are aware, they have supported academic research on deanonymizing authors via stylometry. Please try to consider objectively how this looks to the ordinary Tor user who is aware of the conflict of interest.

For anyone unfamiliar with DARPA I highly recommend two books (which have some overlapping content):

The Pentagon's Brain
Annie Jacobsen
Little Brown, 2015

Surveillance Valley
Yasha Levine
Public Affairs, 2018

The first book tends toward gushing; the second is more critical, and yes, the author is *that* Yasha Levine. Don't let what you've heard prevent you from reading what he has to say; every Tor user should be aware of the facts, which are disturbing.

Radio Free Asia derives directly from Radio Free Europe, which did much good during the Cold War. That sound great. The problem, and it's a whale of a problem, is that "the radios" were the very first disinformation project of the CIA, even before it formally existed as a USG agency, and CIA ran them for many years. Later they came under the purview of the US State Dpt, and generally were well regarded inside the Iron Curtain for telling the something approximating the truth more often than they peddled USG lies. That's nice but it doesn't change the fact that "the radios" have always been "an agent of empire", and thus incompatible with Tor Project rebranding as a human rights organization, because empires are never good for human rights.

For anyone who is unfamiliar with "the radios", I highly recommend two more books:

Legacy of Ashes
Tim Weiner
Anchor, 2008

The Ghosts of Langley
John Prados
New Press, 2017

The first won the National Book Award and has been made into a widely viewed US TV documentary; the second is also highly critical of the agency's horrid legacy. Prados has in fact written five previous books on CIA, so he knows what he is talking about, and he's so mad at Jose Rodriguez that he sounds just like me (but is not me).

> C) Deployment and teaching funding from organizations like the US State Dept and Sweden's foreign ministry to do in-country security trainings, user-oriented documentation, and otherwise help activists around the world learn how to be safer on the internet.

It is probably necessary to accept assistance from governments in order to travel to dangerous places and meet with endangered people, but it's terribly important not to let CIA or US State Department have you meet in Country X only with whatever group of dissidents US foreign policy is currently promoting in Country Y (adjacent to Country X). Recall that during the Soviet occupation of Afghanistan, USG regarded the mujahedeen as "useful allies", and gave them weapons and training. During the American occupation, they took a different view. The mujahedeen may have employed distasteful methods but there is no denying that it was their own d-m country which the USSR and then the USA invaded and then failed to subdue.

Further, many US State Department employees may not have warm and fuzzy feelings about a certain erratic personage, but I have often had occasion to notice that when push comes to shove, "the King's men" do the bidding of the King, regardless of their personal feelings. So if the King wants genocide... what then? Would TP still be happy to accept funding from any USG source of USG commits another genocide? (The first being the genocide against indigenous peoples in the territory the USG calls "the USA", which let us not forget is just a name, not a person enjoying human rights of its own.)

> In terms of percentages, while 2015 saw 85% of our funding coming from US government sources, 2016 saw the fraction drop to 76%, and in 2017 we're down to 51%.

That is moving in the right direction but TP needs to get the proportion any one geopolitical block of governments (e.g. most EU and Western countries will find it hard to refuse "suggestions" from NSA and the other four "Eyes") contributes to under 10%. Small grass roots contributions should really make up at least 50% of Tor funding.

I have always acknowledged that this will not be easy.

You appear to have not answered the most important "ratio" question: what is the proportion of A) B) C) D) funding? 51:47:1:1? 3:3:2:2? (Read those as homogeneous coordinates.)

> The numbers and percentages over the years deserve their own blog post to make it clear how we classified everything, which I'm going to save for later so I don't delay this post further.

Fair enough. I await your next post with a mixture of eagerness and trepidation.

Second, Tor Project simply cannot continue to ignore the vexed issue of "backdoors". The ED of TP must join other NGOs in speaking out out against calls from people such as Rod Rosenstein (the US Deputy AG, i.e. number two in the US DOJ) to legally mandate "backdoors" in anything which uses strong encryption.

The public discussion TP needs to begin having (ecause the issue is not going away) must include discussion of what TP means by the term "backdoor", and what NSA might have in mind, because if TP has not anticipated what NSA has in mind, we are in terrible trouble.

As it happens, the leadership of GCHQ has just come out with one idea for how legally mandated backdoors might work for the "Second Crypto Wars". They are talking about end-to-end encryption in messaging apps, but the point is that they insist upon a distinction between messing with the crypto algorithms and a "tiny change" [sic] which completely vitiates any security/privacy/authenticity benefits from encryption. And their arguments may help readers to understand how "Western" governments plan to subvert Tor. Please see

lawfareblog.com
Principles for a More Informed Exceptional Access Debate
Ian Levy, Crispin Robinson
29 Nov 2018

As you probably know, these two people work for GCHQ, an organization not kindly regarded by those it has cyberattacked in recent years (e.g. 2012):

> Ian Levy is the technical director of the National Cyber Security Centre, a part of GCHQ.
> Crispin Robinson is the technical director for cryptanalysis at GCHQ.

As you probably know, the entire tech world wasted no time calling out GCHQ for endangering among other things the world's financial system:

https://twitter.com/Snowden
Edward Snowden
29 Nov 2018

theregister.co.uk
GCHQ pushes for 'virtual crocodile clips' on chat apps
29 Nov 2018

> Absolute madness: the British government wants companies to poison their customers' private conversations by secretly adding the government as a third party, meaning anyone on your friend list would become "your friend plus a spy." No company-mediated identity could be trusted.

zdnet.com
GCHQ details how law enforcement could be silently injected into communications
A crocodile clip for the 21st century would see cops and spies silently added to chats and calls.
Chris Duckett
30 Nov 2018

techcrunch.com
GCHQ’s not-so-smart idea to spy on encrypted messaging apps is branded ‘absolute madness’
Zack Whittaker
30 Nov 2018

techdirt.com
GCHQ Propose A 'Going Dark' Workaround That Creates The Same User Trust Problem Encryption Backdoors Do
Tim Cushing
3 Dec 2018

(Please note: this issue is not "five years old" or even "five weeks old". I am talking about current events.)

But where is Tor in all this? Shouldn't the ED of TP also speak out against "backdoors"?

I'll answer the second question: Yes, she should speak out. She should ask two distinguished Members of the Board to post an explainer with her of what TP guesses a backdoor purpose-built to subvert Tor might look like, and how TP plans to thwart USA/UK/AU/RU/etc from having their way with the Tor network.

The reasons Isa should ask Cindy and Bruce to help write the post decrying "backdoors" is that the issue involves internet law (Cindy's specialty) as well as technical points (Bruce's specialty). A crucial point about secret orders from USG such as NSL's is that only the current ED (presently Isa) and perhaps the GC (if Tor has one) would know about the order. You (Roger) would not be told. No one else inside TP would be told, unless possibly if the order demanded a technical modification (the kind of "backdoor" NSA wants us to be talking about, because almost certainly they have in mind something entirely different and much harder for source code readers to spot.) That is why Isa also needs to be involved in the post.

Third, on previous occasions (mostly before Shari's term as ED) you sometimes said you spend much time in political discussions with LEAs and intelligence agents, seeking to dissuade them from simply declaring Tor itself illegal. Last year I believe you visited Crystal City, site of the one of Amazon's "Second HQ" but more importantly the main worksite for many of NSA's biggest contractors, including BAH. No doubt they asked you not to talk about what you discussed with them, but you should tell us anyway. That would be transparency in the good sense, am I right?

("Transparency" is used in two utterly contradictory ways in tech: in the sense of not hiding anything [which would be nice if it were only true] and in the sense of being invisible to clueless ordinary citizens [the predatory meaning].)

I have stated in the past that I am not horrified by the fact that you once worked as an NSA summer intern, because I know others of whom the same is true, but I have expressed concern about how you apparently brought someone into Tor whose previous job had been working under diplomatic cover for CIA. ("WTF?!!" spits anyone who has never heard about this regrettable episode.) I think you have some explaining to do there. Yeah, binding agreements owing to failure at the time to have a sensible job application process... blah blah blah... that's all US legal bullshit designed to cover up CIA actions. TP cannot cooperate in that kind of coverup. In my opinion.

Lastly, sometimes you know your friends by the fact that they are the only ones with the courage to tell you to your face that you fouled up. This is such an instance. The reason I keep raising these points is that you have never addressed any of them (in public).

December 09, 2018

Permalink

The easiest way is to divide the company into two: one would be a software company which has no gov funding, and the other would be a company doing all other activities which don't bother users' tinfoil hats.

January 13, 2019

Permalink

Hi.
Thanks for publishing the reports and the accompanying blogpost. I am a tech journalist (Twitter: @omydot) from Berlin and have a question of understanding:
The Stanford Research Institute's (SRI) sees itself as an independent research center (https://www.sri.com/about). This means that it is not a state research center.

According to the financial report for 2017, the money from Stanford Research Institute belongs to the category "funding from US government sources" (see https://sedvblmbog.tudasnich.de/about/findoc/2017-TorProject-Form990.pdf, page 41). I wonder what the reason is.

In the Financial Report for 2013, the SRI funds were declared as "Pass Through" money from the U.S. Department of Defense. (see https://sedvblmbog.tudasnich.de/about/findoc/2013-TorProject-FinancialStatem…, page 13).

Were the SRI funds in the 2017 Financial Report again Pass Through money from the US Department of Defends? If not, why where they declared as funding from US government sources?
Thank you very much, kind regards, Stefan Mey