Periodic Reporting for period 4 - NGI0-PET (NGI Zero - Privacy Enhancing Technologies)
Reporting period: 2021-11-01 to 2022-10-31
NGI0 PET is an ambitious RIA within the Next Generation Internet (NGI) initiative to fund R&D of privacy and trust enhancing technologies for a more resilient, trustworthy and sustainable internet. It is aimed to support independent researchers that contribute technological building blocks for the NGI. Any technology as vital to society as the internet should be trustworthy, secure and transparent by design. Unfortunately ongoing privacy breaches and uncovered surveillance schemes prove that this is not the case.
We heavily rely on the internet to communicate, exchange goods and services and stay informed about the world while more and more sensors and devices around us go online. Because internet technology is essentially untrustworthy, we can be constantly tracked, profiled and pushed by invisible eyes, hands and algorithms. This is harmful to our democracy, our freedom as citizens, our fundamental human rights and our economic and national security.
Improving a worldwide infrastructure while it is used by millions is certainly not trivial. Nevertheless, NGI can generate technological building blocks that contributed to a more trustworthy internet. NGI0 PET funds projects to create these building blocks as open source software, hardware and open standards. This way public money directly supports public technology everyone can benefit from to protect their privacy. Free knowledge sharing is what helped the internet leap over national and legal boundaries to spread across the world. We need to do the same to make NGI a reality.
An initiative as ambitious as NGI revolves around a combination of groundbreaking projects and hard work to make everything work together. The first objective of NGI0 PET is to provide projects with an effective, agile and low-threshold funding mechanism. The second objective is to create a best-of-breed 'greenhouse' where projects are provided with knowledge and skills to advance their work. The third objective is to promote collaboration between projects. The fourth objective is to offer high-quality shared infrastructure - all with the aim to make the most out of the independent researchers at work within NGI Zero.
We heavily rely on the internet to communicate, exchange goods and services and stay informed about the world while more and more sensors and devices around us go online. Because internet technology is essentially untrustworthy, we can be constantly tracked, profiled and pushed by invisible eyes, hands and algorithms. This is harmful to our democracy, our freedom as citizens, our fundamental human rights and our economic and national security.
Improving a worldwide infrastructure while it is used by millions is certainly not trivial. Nevertheless, NGI can generate technological building blocks that contributed to a more trustworthy internet. NGI0 PET funds projects to create these building blocks as open source software, hardware and open standards. This way public money directly supports public technology everyone can benefit from to protect their privacy. Free knowledge sharing is what helped the internet leap over national and legal boundaries to spread across the world. We need to do the same to make NGI a reality.
An initiative as ambitious as NGI revolves around a combination of groundbreaking projects and hard work to make everything work together. The first objective of NGI0 PET is to provide projects with an effective, agile and low-threshold funding mechanism. The second objective is to create a best-of-breed 'greenhouse' where projects are provided with knowledge and skills to advance their work. The third objective is to promote collaboration between projects. The fourth objective is to offer high-quality shared infrastructure - all with the aim to make the most out of the independent researchers at work within NGI Zero.
The work packages that make up NGI0 PET detail the grant management and the support services offered to projects, as described in the Periodic Technical Report Part B. Here important highlights of these work packages are mentioned.
NGI0 PET organized twelve bi-monthly open call of NGI0 PET. Project plans, milestones and grant amounts were discussed and agreed upon whereafter requests for payment on delivered milestones were verified and granted. All projects have dedicated web pages detailing the work being performed. NGI0 PET had 720 incoming project proposals, originating from 38 countries. From that influx of proposals 148 projects originating from 28 countries were selected. The total amount accepted was € 5 987 935. The average amount requested per project was € 41 013, but because this budget is divided by 388 this means the average grant size amounts to € 15 433.
NGI0 PET members offered projects mentoring and diversity improvement as well as advice and support services with regards to secure software development, software packaging, internationalization and localisation, accessibility, software licensing, standardization and responsible disclosure. NGI Zero PET was initially supposed to last three years, but due to e.g. the SARS-CoV-2 pandemic the programme was prolonged with one year.
A comprehensive list of all the projects with their technical description can be found at: https://nlnet.nl/thema/NGIZeroPET.html(opens in new window)
NGI0 PET organized twelve bi-monthly open call of NGI0 PET. Project plans, milestones and grant amounts were discussed and agreed upon whereafter requests for payment on delivered milestones were verified and granted. All projects have dedicated web pages detailing the work being performed. NGI0 PET had 720 incoming project proposals, originating from 38 countries. From that influx of proposals 148 projects originating from 28 countries were selected. The total amount accepted was € 5 987 935. The average amount requested per project was € 41 013, but because this budget is divided by 388 this means the average grant size amounts to € 15 433.
NGI0 PET members offered projects mentoring and diversity improvement as well as advice and support services with regards to secure software development, software packaging, internationalization and localisation, accessibility, software licensing, standardization and responsible disclosure. NGI Zero PET was initially supposed to last three years, but due to e.g. the SARS-CoV-2 pandemic the programme was prolonged with one year.
A comprehensive list of all the projects with their technical description can be found at: https://nlnet.nl/thema/NGIZeroPET.html(opens in new window)
NGI0 PET details its expected impacts in relation to the work done so far in the Periodic Technical Report Part B. The first expected impact of NGIO PET is to significantly advance privacy and trust enhancing technologies, for example through:
- Replicant, postmarketOS, mobile-nixos and Maemo Leste - private-by-design mobile phone operating systems.
- Libre-SOC - the world’s first OpenPower ISA implementation outside of IBM to go to silicon, open source to the bedrock.
- BigBlueButton, Jitsi, Movim, Conversations and Dino - instant messaging and audio/video conferencing tools now end-to-end encryption.
These and other granted projects are developing usable, extendable privacy and trust enhancing technology that are ready to protect our communication at internet scale. Projects are well divided among the different categories of technology building blocks:
- Trustworthy hardware and manufacturing: 38 projects
- Network infrastructure incl. routing, P2P and VPN: 22 projects
- Software engineering, protocols, interoperability, cryptography, algorithms, proofs: 46 projects
- Operating Systems, firmware and virtualisation: 29 projects
- Measurement, monitoring, analysis and abuse handling: 10 projects
- Middleware + identity, including DNS, authorisation, authentication, distribution/deployment, operations, reputation systems: 24 projects
- Decentralised solutions, including blockchain/distributed ledger: 14 projects
- Data and AI: 7 projects
- Services + Applications (e.g. email, instant messaging, video chat, collaboration): 33 projects
- Vertical use cases, Search, Community: 1 project
The second expected impact is to increase the level of cooperation in the domain of privacy and trust enhancing technologies. There are many clusters of projects where such cooperation took place, for instance in the field of open hardware projects. Within NGI0 PET, researchers have been developing both transparent tools to make user-centric chips and devices, as well as the crucial components to make this verifiably trustworthy hardware.
As stated, there were many more projects where such synergy was created, around e.g. email encryption, E2EE and audio/video support in standards based instant messaging, mobile operating systems, privacy-friendly analytics, etc. Please see the overview of projects, noting that there was also synergy with projects elsewhere in NGI and in particular sister programmes NGI0 Discovery, NGI Assure, NGI Pointer and NGI Dapsi which also funded quite a few follow up efforts.
The third expected impact is for project outcomes to be accessible, secure, ready for internationalization, legally sound and conveniently available for users. NGI0 PET ensures this unique quality assurance for projects through support services detailed above and in the report. These services actively prepare outcomes of granted projects to be used on internet scale and as such, help deliver privacy and trust enhancing technology for users everywhere.
The fourth expected impact is to influence development of the internet ecosystem. Our goal is to create a fast lane for adoption of NGI0 PET output. The NGI initiative is only successful when it prove that we can actually change the internet of today and realistically transition to more resilient, trustworthy and sustainable networks while we are using them.
The fifth expected major impact is to establish standards. Several technologies have been submitted to or are part of a ongoing process of standardisation within standards setting organisations like IETF, W3C, OASIS and the XMPP Foundation. Taking part in internet and technology standardization to better protect user privacy is an important aspect of bringing the future internet one step closer.
- Replicant, postmarketOS, mobile-nixos and Maemo Leste - private-by-design mobile phone operating systems.
- Libre-SOC - the world’s first OpenPower ISA implementation outside of IBM to go to silicon, open source to the bedrock.
- BigBlueButton, Jitsi, Movim, Conversations and Dino - instant messaging and audio/video conferencing tools now end-to-end encryption.
These and other granted projects are developing usable, extendable privacy and trust enhancing technology that are ready to protect our communication at internet scale. Projects are well divided among the different categories of technology building blocks:
- Trustworthy hardware and manufacturing: 38 projects
- Network infrastructure incl. routing, P2P and VPN: 22 projects
- Software engineering, protocols, interoperability, cryptography, algorithms, proofs: 46 projects
- Operating Systems, firmware and virtualisation: 29 projects
- Measurement, monitoring, analysis and abuse handling: 10 projects
- Middleware + identity, including DNS, authorisation, authentication, distribution/deployment, operations, reputation systems: 24 projects
- Decentralised solutions, including blockchain/distributed ledger: 14 projects
- Data and AI: 7 projects
- Services + Applications (e.g. email, instant messaging, video chat, collaboration): 33 projects
- Vertical use cases, Search, Community: 1 project
The second expected impact is to increase the level of cooperation in the domain of privacy and trust enhancing technologies. There are many clusters of projects where such cooperation took place, for instance in the field of open hardware projects. Within NGI0 PET, researchers have been developing both transparent tools to make user-centric chips and devices, as well as the crucial components to make this verifiably trustworthy hardware.
As stated, there were many more projects where such synergy was created, around e.g. email encryption, E2EE and audio/video support in standards based instant messaging, mobile operating systems, privacy-friendly analytics, etc. Please see the overview of projects, noting that there was also synergy with projects elsewhere in NGI and in particular sister programmes NGI0 Discovery, NGI Assure, NGI Pointer and NGI Dapsi which also funded quite a few follow up efforts.
The third expected impact is for project outcomes to be accessible, secure, ready for internationalization, legally sound and conveniently available for users. NGI0 PET ensures this unique quality assurance for projects through support services detailed above and in the report. These services actively prepare outcomes of granted projects to be used on internet scale and as such, help deliver privacy and trust enhancing technology for users everywhere.
The fourth expected impact is to influence development of the internet ecosystem. Our goal is to create a fast lane for adoption of NGI0 PET output. The NGI initiative is only successful when it prove that we can actually change the internet of today and realistically transition to more resilient, trustworthy and sustainable networks while we are using them.
The fifth expected major impact is to establish standards. Several technologies have been submitted to or are part of a ongoing process of standardisation within standards setting organisations like IETF, W3C, OASIS and the XMPP Foundation. Taking part in internet and technology standardization to better protect user privacy is an important aspect of bringing the future internet one step closer.