[RSS] Conservancy Blog

If Software is My Copilot, Who Programmed My Software?

by Bradley M. Kuhn on February 3, 2022

Software freedom is our goal. Copyleft is a strategy to reach that goal. That tenet is oft forgotten by activists. Copyleft is even abused to advance proprietary goals. We too often see concern about the future of copyleft overshadow the necessary fundamental question: does a particular behavior or trend — and the inevitable outcomes of those behaviors and trends — increase or decrease users’ rights to copy, share, modify, and reinstall modified versions of their software? That question remains paramount as we face new challenges.

Introduced first by Microsoft’s GitHub in their Copilot product, computer-assisted software authorship by way of machine learning models presents a formidable challenge to software freedom’s future. Yet, we can, in fact, imagine a software freedom utopia that embodies this technology. Imagine that all software authors have access to the global archive of machine learning models — and they are fullly reproducible. Everyone has equal rights to fork these models, train them further with their own datasets, provided that they must release new models (and the input code) freely in the global archive. All code produced by these models is also made freely available under copyleft. All code that builds the models, all historical input sets, and all trained models are all also made available to everyone under copyleft licenses.

While activists might quibble about minor details to optimize imagined utopia, this thought experiment shows computer-assisted software authorship does not inherently negate software freedom. Rather, the rules, requirements, and policies that apply will determine whether software freedom is respected. To paraphrase Hamlet: there is nothing either good or bad, but the policy makes it so.

What’s the Worse That Could Happen?

[They are] not a good [person] who, without a protest, allows wrong to be committed … with the means which [they] help to supply.

John Stewart Mill, University of St. Andrews, 1 February 1867

Obviously, ignoring machine learning for computer-assisted software authorship will not usher in this software freedom utopia. Copyleft activists cannot stand idly by in this situation, but we must temper our attention by considering the likelihood of dystopian and problematic outcomes, and the options available to prevent them.

In response to Copilot’s announcement, pundits speculated, without evidence, a prevailing feeling of “Free Software had a good run, but I guess that’s over now”. Such predictions seem consistent with the well-documented overoptimism of artificial intelligence success. Rapid replacement of traditional software development methodologies seem unlikely. As such, we should not overestimate the likelihood that these new systems will both accelerate proprietary software development, while we simultaneously fail to prevent copylefted software from enabling that activity. The former may not come to pass, so we should not unduly fret about the latter, lest we misdirect resources. In short, AI is usually slow-moving, and produces incremental change far more often than it produces radical change. The problem is thus not imminent nor the damage irreversible. However, we must respond deliberately with all due celerity — and begin that work immediately.

Currently, there are two factors that influence the timing of our response. First, if GitHub’s Copilot becomes a non-beta product available to the programming public, that would indicate necessity of an urgent response. Microsoft and GitHub are unlikely to share their product plans, so we cannot know for sure when this will occur. However, in the seven months since the first beta was made available, we’ve consistently heard anecdotally that more and more developers (particularly, FOSS developers!) have received beta invitations. Based on these (admittedly incomplete) facts, we must assume that a move from private beta to public deployment is imminent in 2022. This indicates some urgency of the problem.

Second, we already know that some of our worst fears are definitely true. Namely, that Microsoft and GitHub used copylefted software as part of Copilot’s training set.

Copilot was trained on “billions of lines of public code … written by others”. While GitHub has refused requests to release even a list of repositories included in the training set, the use of the word “public” indicates that only software with source-available licenses (even if not FOSS licenses) were input into Copilot. Furthermore, GitHub admits that during training, the system encountered a copy of the GPL more than 700,000 times. This effectively confirms that copylefted public code appears in the training set.

When questioned, former GNOME developer and GitHub CEO0, Nat Friedman, declared publicly “(1) training ML systems on public data is fair use (2) the output belongs to the operator”. Friedman himself, as well as Microsoft and GitHub’s other executives and lawyers, have ignored Software Freedom Conservancy’s requests for clarification and/or evidence supporting these statements.

Meanwhile, GitHub continues to improve this system, trained only on publicly source-available software, and seeks to market it to new users, including those who otherwise use FOSS development tools. Users continue to report gaining access to the beta and are noticing improvements. Microsoft and GitHub’s public position is meanwhile clear: they claim to have no copyleft obligations for training the model, the model itself, and deploying the service. They also believe there are no licensing obligations for the output.

While Friedman ignored the community’s requests publicly, we inquired privately with Friedman0 and other Microsoft and GitHub representatives in June 2021, asking for solid legal references for GitHub’s public legal positions of (1) and (2) above. They provided none, and reiterated, without evidence, that they believed the model does not contain copies of the software, and output produced by Copilot can be licensed under any license. We further asked if there are no licensing concerns on either side, why did Microsoft not also train the system on their large proprietary codebases such as Office? They had no immediate answer. Microsoft and GitHub promised to get back to us, but have not.

This secrecy and non-cooperativeness is expected from a proprietary software company and its subsidiary, but leaves us only with speculative conclusions to inform a strategy for copyleft here. We can reliably guess that the companies will claim “fair use” as their primary justification for creating the model and offering the service, and will argue that both the output and the trained model are not “work[s] based on the Program” (GPLv2) nor do they “copy from or adapt all or part of the work[s] in a fashion requiring copyright permission” (GPLv3/AGPLv3). Furthermore, we can reliably conclude, given the continuing product promotion, that the companies have at least a medium-term commitment to Copilot.

In short, they have already hunkered down for a protracted disagreement. Their positions are now incumbent — using their resources and power to successfully charge copyleft activists to “prove them wrong”. But we do not have to accept their unsubstantiated arguments at face value. In fact, these areas are so substantially novel that almost every issue has no definitive answers, but we must nevertheless begin to formulate our position and our response to Microsoft and GitHub’s assault on copyleft.

Consider GitHub’s claim that “training ML systems on public data is fair use”. We have not found any case of note — at least in the USA — that truly contemplates that question. The only legal case in the USA to look near this question is Authors Guild v. Google, Inc., 804 F.3d 202 (2d Cir. 2015). The Supreme Court denied certiorari on this case; it is not legal precedent in all jurisdictions where Microsoft and GitHub operate.

Even more, that case considered a fact pattern centered around search, not authorship of new/derived works. Google had made copies of entire copyrighted books, not for the purpose of displaying them, but so users could (1) run search queries, and (2) see a “snippet” of the search hits (i.e., to see the search hit in context). The Second Circuit held Google’s copying of the books was “fair use” because searching and providing context added value exceeding what a user could obtain from their own copies, and Google’s product did not substitute the market for the books.

The analogous fact pattern for code is obvious: GitHub could offer a search tool that assists users in finding key public repositories (and specific lines of code within those repositories) that seemed to solve tasks of interest. Developers could then easily utilitize those codebases in the usual, license-compliant ways. The actual Copilot fact pattern is not this one.

Meanwhile, the Authors Guild case begins and ends the list of major cases regarding machine learning systems and “fair use”. We should simply ignore GitHub’s risible claim that the “fair use question” on machine learning is settled.

Perhaps most importantly, in the USA, “fair use” is an affirmative defense to answer copyright infringement. In concrete terms, that means — particularly in cases where the circumstances are novel — a copyright holder brings an infringement lawsuit and then the alleged infringer shows in court that their actions met the relevant factors for “fair use” sufficiently. Frankly, we refuse to do these companies’ job for them. Copyleft activists need not tell Microsoft and GitHub why this isn’t “fair use”, rather, they need to tell us why training the model with copylefted code is “fair use” and prove that the trained model itself is not a “work based on” the GPL’d software.

GitHub has meanwhile artfully avoided the question of whether the trained model is a “work based on” the input. We contend that it probably is. However, given that “fair use” is an affirmative defense to copyright infringement, they are obviously anticipating a claim that the trained model is, in fact, a “work based on” the inputs to the model. Why else would they even bring up “fair use”, rather than simply say their use is fully non-infringing? Anyway, we have no way to even explore these questions authoritatively without examining the model, fully affixed in its tangible medium. We don’t expect GitHub to produce that unless compelled by a third party.

Indeed, discussion of these questions outside of a courtroom is moot. For this novel and contentious fact pattern, only a court decision can settle the matter adequately. As a strategic matter, copyleft activists should keep their own counsel about what we anticipate in the opposition’s “fair use” and/or non-infringement defenses, and the counter-arguments that we plan.

Copilot Users Should Worry

GitHub’s position does a great disservice to Copilot users. Their claim that “the output belongs to the operator” creates a false sense of legal justification. Users have already shown that Copilot can generate a substantial amount of unique, GPL’d code, and then (rather ironically, given GitHub’s claim that they removed the text of the GPL from the training set) also suggest a license that is non-copyleft. Friedman’s statement surely does not qualify as an indemnity for Copilot users who might face GPL enforcement actions. Users almost surely must construct their own “fair use” or “not copyrightable” defenses for Copilot’s output.

The length and detail of what Copilot can generate for users seems unbounded. The glaring example above appears primia facie to be copyright infringement; we expect further such problems. Consider the sheer amount that a fully functional and successful Copilot would generate. Surely, AI researchers seek the ability for Copilot to “figure out” that you are trying to solve some specific task when programming. The better Copilot gets at handing ready-made solutions to its users, the more likely it becomes that its output may offer the user copylefted software.

Copilot leaves copyleft compliance as an exercise for the user. Users likely face growing liability that only increases as Copilot improves. Users currently have no methods besides serendipity and educated guesses to know whether Copilot’s output is copyrighted by someone else. Proprietary software companies such as Synopsys provide so-called “scanning tools” — that can search your proprietary codebase and find hidden copylefted software. However, the FOSS tools for that job are in their infancy and unlikely to develop quickly, since historically those who want those tools are companies that primarily develop proprietary software and seek to avoid copylefted software.

We recommend users who wish to avoid infringing the copyrights of others simply avoid Copilot.

On Copyleft Maximalism and Unilateral Capitulation

Draconian copyright law generally horrifies software freedom activists for good reason. Nearly all copyleft activists would prefer a true, multilateral rewriting of copyright rules that prioritized the interest of the general public and software rights. Copyleft exists primarily because of the long-standing political non-viability of a copyright law reboot. Nothing has changed in this regard; if anything, changing legislation has become an even more expensive lobbying proposition than it was at copyleft’s advent. Copyleft activists should expect, indefinitely, for proprietary software companies and media oligarchs to control copyright legislation.

Fortunately, copyleft was designed specifically for this eventuality. Activists have called copyleft the “judo move” of software freedom, since copyleft uses the powerful copyright force (invented primarily by our opposition) against itself. That realization leads to a painful, but pragmatically necessary, awkwardness.

The issues herein — from training of machine learning models, to the copyright questions about those models, to the derivation questions about their output — are novel copyright questions. As software freedom activists, we are uniquely qualified to invent an ideal copyright structure for these technologies. But, without a path to promulgate such replacement copyright rules into the incumbent system, that exercise is futile. Furthermore, systems outside of copyright — including but not limited to EULAs, business agreements and patents — have long been used to proprietarize software without the need of copyright. Reality of facts on the ground dictate that we not concede the only wedge we have to compel software freedom; that wedge is copyleft.

Meanwhile, proprietary software companies regularly exploit any unilateral concessions on weakening of copyleft that FOSS projects make, while continuing to pursue copyright maximalism for their works. Particularly in novel areas, we must assume a copyleft maximalist approach — until courts or the legislature disarm all mechanisms to control users’ rights with regard to software. That adversarial process will frustrate us, but ultimately by choosing copyright as our primary tool, we already chose the courts as our battleground for contentious issues.

We all surely have our opinions about how copyleft should operate in these novel situations. We have even expressed some such opinions herein. But, ultimately, strong copyleft licenses do not defer the “what’s covered?” question to one individual or organization. The “judo” power comes from strong copyleft reaching to all of what copyright governs. When those issues are novel — and companies flaunt that novel manipulation of copylefted works — only a court can answer definitively.

A Community-Led Response

While these companies will likely not succeed in their efforts to disarm copyleft, they have nevertheless attacked the entire copyleft infrastructure. We must mount an effective response.

Software Freedom Conservancy has spent the last six months in deep internal discussions about this novel threat to the very efficacy of copyleft. We have a few ideas — a mix of short-term, medium-term and long-term strategies to address the problem. However, we recognize that a community (rather than the traditional BDFL) approach is needed — at least for this problem. Thus, putting first things first, we realized that we should gather the best minds in the software freedom community with direct experience in copyleft theory and practice. We will convene these individuals to a committee specifically chartered by Software Freedom Conservancy to — as quickly as reasonably possible – publish a series of recommendations to the community on how we should respond to both the immediate threat to copyleft found in Copilot, and (long-term) analyze the more general threat that AI-assisted programming techniques pose to the strategy of copyleft.

While we are not actively seeking applications for this committee, we do welcome anyone whom we have not yet solicited to participate to contact us and inquire. We will surely be unable to include everyone who is interested on the committee — either due to Conflicts of Interest or due to simple logistics of creating too large a committee. However, we will carefully consider anyone who expresses bona fide interest to participate.

Finally, as much as can be done during the pandemic using FOSS tools available, we will attempt to convene public discussions as much as possible. We will contemporaneously publish the committee’s minutes publicly. If you’d like to get involved today in public discussions about this issue, please join the mailing we launched today for this topic.

0In November 2021, Nat Friedman was replaced by Thomas Dohmke as GitHub’s CEO. However, to our knowledge, Dohmke has not retracted or clarified Friedman's comments, and at the time of writing, no one from GitHub or Microsoft that we spoke to had responded to our requests for clarification.

Tags: conservancy, law, licensing

Open Letter to Biden: Cybersecurity for FOSS needs copyleft and consumers' right to repair

by Bradley M. Kuhn on February 1, 2022

Inspired by the log4j situation, The White House recently met with Big Tech on the issue of security vulnerabilities in FOSS used in the nation's infrastructure. While we are glad these issues have received attention at the highest levels of the administration, we are concerned that representation in these discussions is skewed. Hobbyists, and communities organized around public interest and consumer rights, who both use and develop a large portion of FOSS, were not represented. Additionally, the entities represented at the meeting were biased toward copyleft-unfriendly organizations. Unsurprisingly, these entities focused on Software Bill of Materials (SBOM) as a panacea for the problem of FOSS security. While SBOMs are a useful small step toward hardening the nation's software infrastructure, we believe the proper solution is to favor copylefted FOSS.

Consumers must have access to source code, the right to modify and reinstall it (or hire anyone they'd like in the free market to do so). Without these rights, businesses, individuals, and the government — all of whom rely on software as part of their critical infrastructure — cannot identify and repair security vulnerabilities. Furthermore, the widespread incorporation of non-copyleft FOSS, which companies can and do proprietarize, creates a false sense of security — as many users may not realize that “FOSS inside” (as listed on their SBOM) does not mean the software is any better than proprietary software.

Our open letter to the White House which addresses our concerns is included in full below, and is also available as a PDF:

Dear President Biden, Deputy Advisor Neuberger, Director Inglis, et al:

Firstly, we appreciate very much that your administration has taken the issue of the log4j software vulnerability so seriously, and also appreciated President Obama’s efforts to take the OpenSSL vulnerability (so-called “HeartBleed”) seriously during his administration. While we at the Software Freedom Conservancy believe deeply that Free and Open Source Software (FOSS) is a better and more reliable method to develop software, we also readily acknowledge that no method of software development is perfect. (Flaws can and do occur.) However, sound planning — which includes meaningful investment in infrastructure — will not only limit potential vulnerabilities, but is also essential to respond to them adequately when they do inevitably occur.

As you likely agree, our nation’s infrastructure and national security — both of which increasingly depend on software — demand this type of care and attention. While we are pleased that your administration has taken some basic steps to focus on this critical issue, we send this open letter to request necessary improvements to the current methodology that your administration is using to address the issue of software security vulnerabilities in FOSS. In short, your administration has taken a great first step — one which the for-profit software industry has embraced — but we have deep concerns. We expect the powerful technology industry to resist the mandatory steps necessary to ensure the security of FOSS. This is due to the basic fact that the necessary changes mean that companies and their shareholders will have to live with more modest profits if your administration demands the necessary changes to ensure cybersecurity for FOSS.

Your meeting earlier this month included some important entities, but unfortunately was biased in one specific direction. Specifically, we observed that the meeting only included representatives from companies and organizations that prefer a specific form of FOSS — the form of FOSS that allows entities to change the software into their own proprietary technology. Roughly speaking, there are two forms of FOSS: non-copylefted FOSS, which allows vendors to take the publicly available software and make trade-secret changes; and copylefted FOSS, which — by contrast — is licensed in a manner that requires full disclosure of all source code (and the necessary means to repair vulnerabilities in that software) to customers. Non-copyleft FOSS has a fatal flaw: it can easily be incorporated into a proprietary product — including with modifications that may introduce vulnerabilities. Vendors can keep all details about those changes secret from everyone — including their customers and the government. Furthermore, a company may disclose that the software is based on a particular FOSS project, which perpetuates a false sense of security. Consumers will often assume that since it’s labeled as FOSS, that the key benefits of FOSS de-facto apply — such as easily auditing the software themselves (or hire an third-party firm) to examine the software for vulnerabilities and/or repair discovered vulnerabilities. However, if that FOSS is not under a copyleft license, there are no such guarantees. Imagine what can happen when a vendor goes out of business while the customer (who could be the federal government itself) still relies on that software for essential infrastructure.

As one of the leading organizations dedicated to FOSS, we believe it is extremely important to share our expertise at this critical moment. We reiterate our sincere appreciation for your administration’s interest and promulgation of Software Bill Of Materials requirements. On the surface, this is a small step in the right direction. We fear, however, that, without meaningful and informed improvements, it merely serves as camouflage and creates a false sense of security. A simple list of software included will give only vague clues as to how to repair vulnerabilities of a vendor’s software. No existing SBOM formats actually require full disclosure of software source code — nor means for its modification — to the customers who receive, use, and rely on it. Having an SBOM for your non-copylefted, proprietary software is like having a list of parts that you know are under the hood of your car, but discovering that the manufacturer has welded the hood shut, and forced you to sign an agreement that they could sue you for millions of dollars if you attempt to open it. The car may look safe and secure from the outside, but there is no way to know if the car is safe, reliable and, maintainable.

We are pleased to note that many software companies do chose to use copyleft licenses responsibly and provide the necessary source code; they serve as model citizens for other companies. Interestingly, the early positive revolution of FOSS in the software industry occurred precisely because copylefted FOSS was originally the more common form of FOSS; companies who seek higher profits and control of their customers have campaigned to limit the amount of copylefted FOSS developed. The history behind this is politically intriguing and not unique to FOSS. We see tech companies wielding power in problematic ways in other areas, too. Specifically, they have spent the last few decades pressuring hobbyist creators and small businesses to abandon copyleft licenses. As a result, non-copylefted FOSS is much more commonplace now than ever before (and the reason why this is such a critical issue). We at the Software Freedom Conservancy urge your administration to carefully consider the larger context of software cybersecurity—particularly as it relates to FOSS. We also offer up our guidance and expertise, and hope you will make room for additional seats at the table as you continue discussions and make decisions of this magnitude.

At the White House Meeting on Software Security on January 13, 2022, Big Tech was well-represented, and even overrepresented since it primarily included companies that are considered anti-copyleft. (Indeed, some Microsoft executives in the past have even called copyleft licensing “against the American Way” and a “cancer” on the software industry.) Yet, it is common knowledge in the technology sector that key components of our nation’s software infrastructure, such as Linux and the GNU Compiler Collection, were initially written by hobbyists and activists under copyleft licenses. Hobbyists and activists, who are the founders of FOSS, deserve a seat at the table—alongside Big Tech companies and their trade associations—as you continue to discuss these important national cybersecurity issues. The Software Freedom Conservancy is proud to serve and and give a voice to these hobbyist and activities, and we are also willing to recommend other organizations, academics, and individuals if you feel we’re not an ideal fit but nevertheless do want to diversify your committees on FOSS cybersecurity.

More generally, we ask that your administration reconsider how it solicits advice on these matters from technologists, and that you not succumb to the monoculture of opinion and manufactured consent from large technology companies and their trade associations. We appreciate that in other areas, your administration has valued inclusivity and actively seeks input from experts who disagree with the status quo. We believe you are truly interested in working on meaningful solutions to this critical issue facing our nation, and thank you for your consideration of our points raised in this letter.

Bradley M. Kuhn
Policy Fellow, Software Freedom Conservancy

Tags: conservancy

Matcher Interview - Tony Sebro

by Daniel Takamori on January 3, 2022

Portrait of Tony Sebro

The second of our series of interviews with donors, we have another longtime Software Freedom Conservancy supporter (and former employee!) Tony Sebro. Tony recently served as Deputy and Interim General Counsel to the Wikimedia Foundation and is now General Counsel at Change.org. We "sat down" with him to talk a bit about us and what he's excited about right now.

Software Freedom Conservancy: “Why do you care about software freedom?”

Tony Sebro: “For one, I am inspired by people dedicating their time, creative energy, and technical talents to the public interest. I am also impressed by what they produce: FOSS communities have created some of the most important, innovative, and irreplaceable products that societies rely on.  ”

SFC: “What do you appreciate about Software Freedom Conservancy?”

TS: “I appreciate that Conservancy supports the creation of ethical technology from multiple vantage points. Conservancy supports FOSS developer communities through services, education, and mentorship. Conservancy supports end users by defending their rights. And, Conservancy advocates for groups underrepresented in technology by providing them with gateways into FOSS communities -- which, in turn, infuses these communities with fresh talent.”

SFC: “What's got you most excited from the past year of our work?”

TS: “While I am intrigued to see what happens with the lawsuit against Vizio, I am most excited by Outreachy's continued growth, as evidenced by the record number of interns admitted into the December 2021 cohort. I admit, I'm biased. :) ”

SFC: “you think we are doing a good job reaching a wider audience and do you see us at places you expect?”

TS: “I got a good chuckle out of seeing Karen and Bradley pop up in this recent NFT project.”

SFC: “What other (non-tech) organizations are you supporting this year?”

TS: “My wife and I support other charities, as well as our local church.”

SFC: “You were Software Freedom Conservancy's second employee! What are your thoughts about how the organization has changed and grown since the beginning of your involvement in the organization?”

TS: “Conservancy has grown in virtually every direction! More projects; more commentary and scholarship. Greater investment in diversity, equity, and inclusion. Conservancy has also expanded into providing resources to educate tech employees about their employment rights.”

SFC: “Until recently, you were Deputy General Counsel at Wikimedia. Did the principles of software freedom impact your work there?”

TS: “Certainly! Free knowledge isn't just freely-licensed content, it should also be freely consumed. The Wikimedia Foundation hosts Wikipedia and its other free knowledge projects on a FOSS stack. The public can inspect the code, and can trust that Wikimedia isn't hiding anything that would bias or pervert the editorial decisions of the communities who maintain the project content Wikimedia hosts.”

SFC: “As a former employee, a member of the board of directors and as an organizer of Outreachy you've participated in many facets of Software Freedom Conservancy and have such a unique perspective. What are you most proud of? What do you think the organization should do in the future?”


TS: “I enjoyed providing advice and counsel to the various member projects -- getting to understand their specific cultures and needs. Outreachy continues to have a special place in my heart. That said: my favorite part of working at Conservancy was the deep conversations about ideology and strategy that I'd have with Karen, Bradley, and Denver. The team cares deeply about the work they do, and their passion for the mission was and is infectious.”

SFC: “Congratulations on starting your role at change.org! What can we look forward to seeing you work on there?”

TS: “Change.org's mission is to empower individuals to make a difference, and more than 450 million people use the platform to amplify their voice. I am leading the Legal & Policy department, which includes the organization's legal, trust and safety, platform policy and public policy functions.”

Tags: conservancy

Outreachy's Grant Funding: Ford Foundation, ARDC and most recently CZI!

by Karen Sandler on December 30, 2021

As most readers of this blog know, Outreachy, one of Software Freedom Conservancy's flagship projects, is a diversity initiative that provides paid, remote internships. Outreachy interns work with mentors from free software communities. Outreachy creates an inclusive experience for people who are subject to discrimination or systemic bias, and impacted by underrepresentation in the technical industry of the country they are living in. In the years since 2010, we've had 840 successful graduates of the program.

Outreachy is a resource intensive program, which is described as "high touch", in that we seek to have a deep involvement with our interns rather than a quick experience like a short intro or training session. There's a lot of work at every step of the process, from the application process where we make sure that our opportunities are going to the people who really need them, to onboarding communities that we have confidence our interns will have a good experience with, to supporting the actual internships when they happen.

To do all of this, we rely on our small staff supplemented by a serious volunteer effort. In the last comnpleted internship cohort (May 2021), there were 125 volunteer mentors representing 37 free software communities. Mentors worked with over 700 applicants, and ultimately chose 71 interns (the current round has 61 interns from over 700 final applicants). Applicants and mentors are all supported by 4 Outreachy organizers. Two Outreachy organizers are volunteers and two are paid staff. Software Freedom Conservancy's staff is also a lean operation with just a few employees supporting the financial, legal and administrative needs of the program.

Funding for Outreachy's core operations is essential to running our internship program. This "core support" funding allows us to hire staff who write documentation, organize volunteers, support interns, advise mentors, and promote the program to diversity in tech organizations. Outreachy staff are continuously looking for ways to make our internship program more inclusive and welcoming.

We rely on funding from a variety of sources, including corporate sponsorships and generous donations from individuals, but this blogpost highlights the critical core support Outreachy receives through grants. Over the past few years, we have received several grants from the Ford Foundation, Amateur Radio Digital Communications, and (we're now pleased to say) the Chan Zuckerberg Initiative.

These grants are essential to Outreachy operations. We wanted to take a moment to show how the existing grantmaking has helped us, and thank our awesome grantmakers.

Ford Foundation

The first substantial grant that Outreachy received was from the Ford Foundation in 2018. Noting that we were "punching above [our] weight administratively" due to our long hours and amazing volunteers, Ford stepped up to help us stabilize the program.

Ford provided it first grant to improve our documentation, which allowed us to create our Applicant Guide and Community Guide. These guides help both potential interns, and new mentors. A new community for the December 2021 internship cohort said the reason they decided to mentor was because our documentation was so thorough.

Ford's subsequent grants have helped us shore up our processes and staffing. In November 2020, Outreachy hired its first full-time employee, Sage Sharp and was able to increase the hours of our contractor, Anna e só. Having dedicated staff is essential to providing solid support to Outreachy interns and for ensuring the program runs smoothly.

Ford has continued to support Outreachy in the years since. In addition to the financial support, Ford also invited us to several training sessions with other grantees. In particular, these trainings helped us to more effectively fundraise from others, and also provided us with media training that has been very useful over the years (Outreachy tends to spark strong reactions in how people talk about the program and engage with us).

We're so grateful to Michael Brennan at Ford! Michael has helped us coordinate with Ford and has provided insightful advice throughout the years.

Ford's funding has been transformative to Outreachy. It's hard to imagine the program being as strong is it is and in the position to grow without these grants. Ford's focus on social justice and its goals of addressing inequality matches Outeachy's goals well and has helped us to grow without compromise.


The second grantmaker to step in to support Outreachy was Amateur Radio Digital Communications (ARDC). ARDC's mission is focused on communication science and technology. Their aspirational goals include social over commercial benefit, inclusion of underrepresented groups, and empowerment of individuals. There's a natural alignment with Outreachy, especially since so many of the internships we offer are to work on software that underpins and supports the Internet and communications technologies .

We were honored to be in one of the initial rounds of grantmaking by ARDC. Along with Ford's grant, ARDC's support gave us the ability to commit to funding 10 humanitarian open source projects in the December 2020 round. Rosy Schechter and Chelsea Parrága at ARDC have been so supportive of our work on Outreachy and we have loved to watch their giving program grow.


We're pleased to announce that the Chan Zuckerberg Initiative is joining as a new grantmaker of Outreachy! We've enjoyed working with Carly Strasser to get this in place.

In conjunction with the grants we've received from Ford and ARDC, we'll use these new funds to

  • continue to provide our internships twice a year, and strive to provide even more internships
  • Increase our staffing!
  • Analyze and publish data from Outreachy historic participation
  • Focus on spreading the word about the program
  • Evaluate additional activities to better support our interns, mentors and alums
  • Work on fundraising from individuals so that we can better diversify Outreachy's funding (you can donate here!)
We'll also be able to better support projects working on open science (as we currently do for humanitarian projects).

Grants have been critical to Outreachy's success

The grants we receive have given Outreachy an independence that is essential to continuing to serve our mission well. We've been able to refuse money from problematic sources without having to be anguished about having to shrink the program. It's much easier to take the high road when you know that you won't have to cut the number of internships that are providing much needed opportunities to people who really need them. This funding allowed us to hire contractors to review applicant essays about the discrimination, systemic bias, and underrepresentation they face (we usually have around 3000 initial applicants each with essays to review in every round).

These grants, combined with corporate sponsorship and individual giving give us the breadth and stability of funding that allow us to continue our operations with confidence and plan for the future. We're so excited for all that's in store for Outreachy in the coming years!

Next page (older) » « Previous page (newer)

1 2 3 4 [5] 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62

Connect with Conservancy on Mastodon, Twitter, Facebook, and YouTube.

Main Page | Contact | Sponsors | Privacy Policy | RSS Feed

Our privacy policy was last updated 22 December 2020.