The Core Infrastructure Fund supports the ‘building block’ technologies, infrastructures, and communities relied upon by digital security and circumvention tools strengthening internet freedom, digital security, and the overall health of the internet.
Setting the stage
The Core Infrastructure Fund (CIF) strives to uphold and increase capacity for individuals, organizations, and companies working to fortify the foundational components of demonstrably important technology relied upon by people in repressive countries.
Ideal applications are: open in nature, collaborative, promote a broader understanding of existing challenges and limitations, are preemptive in approach, and/or exist at the core of the internet’s ecosystem. Common applicants come from the community of developers and organizers working on open-source projects recognized as critical dependencies of one or more active platforms or tools strengthening internet freedom and digital security.
Ideal applications for this fund focus on supporting:
- Key developers or organizers so they can work full time on crucial core efforts in need of additional support;
- New developers or organizers focused on improving security standards, quality assurance, and best practices within core infrastructure projects;
- Developers, authors, or organizers drafting or promoting digital security and civil society needs within standards and protocols;
- Researchers exploring new methods of circumvention that would improve the resiliency of widely utilized tools;
- Specific outcomes, such as the necessary maintenance and upgrades to existing open source projects (database, hosting, or other tool migration; rewriting test suites; major new features);
- Efforts that make existing projects more accessible and easier to contribute to (ex. documentation, tool migration, refactoring code, testing);
- Efforts that develop new or evolve existing organizational and governance structures and sustainability models beyond work-for-hire;
- Efforts that increase the understanding and awareness of relevant actors in this space, their roles, and how they contribute to maintaining the internet’s core ecosystem;
If you feel your effort fits within the goals of this fund, but is not explicitly listed above, apply! For those looking to receive:
- Code audits or best practice assessments that identify weaknesses and improvements, see the OTF Red Team Lab;
- Computing and testing infrastructure or services needed by a project, see the OTF Engineering Lab;
- Travel, logistical, and facilitation for project members to gather face-to-face and host or participate in community events, see the OTF Community Lab.
Problems addressed by the Core Infrastructure Fund:
- Many open source software technologies critical to access and security are underfunded and under-resourced.
- Core developers consistently face a lack of resources that would allow them to improve the foundational technologies relied on for free expression online.
- While potential new forms of circumvention are frequently identified by researchers, few are fully assessed let alone made available for integration
- Lack of funding for maintenance of essential internet components leads to exploited vulnerabilities, such as happened in 2014 with the Heartbleed bug exploiting a vulnerability in the OpenSSL cryptographic protocol or the vulnerability in crypto library Libgcrypt affecting GNU Privacy Guard [GPG] and all its implementations.
For an idea of the types of efforts OTF supports through the Core Infrastructure Fund, here are a few previously supported projects:
STARTTLS Everywhere: Securing the Delivery of Email
STARTTLS Everywhere is a program that system administrators can use to quickly—and easily—secure and authenticate connections between email servers.
The DNSprivacy project seeks to further the provisioning of open and experimental DNS-over-TLS resolution services based on with the features they offer, pro...
Tor Metrics is the central mechanism The Tor Project uses to evaluate the functionality and ongoing relevance of these access and security technologies to th...
This is an effort to improve the Certbot ACME client to ensure more secure HTTPS deployment.
BIND9 QNAME minimization
ISC develops and maintains BIND, one of the most widely-used open source software applications for running a DNS resolver.
Criteria and the application process
Relevant to mission: Proposals should exhibit originality, substance, and relevance to the funds stated mission above. The work plan should adhere to the program overview and guidelines described above.
Ability to achieve objectives: Objectives should be ambitious, yet measurable and achievable within the boundaries of the proposed funding. You should not include items that require additional funding beyond the life of this grant. For complete proposals, applicants will have to provide a monthly timeline of project activities.
Applicant’s record and capacity: OTF will consider the past performance of prior recipients and the demonstrated potential of new applicants. Proposed personnel and institutional resources should be adequate and appropriate to achieve the project’s objectives.
Submitting a concept note is always the first step to getting the process started. If your concept note is accepted, you will be invited to submit a full proposal.
For a full rundown of desired project criteria and the application process, head here.
When are requests for applications made?
Core Infrastructure Fund concept notes are accepted on a rolling basis, with submission rounds closing every two months. For the next upcoming batch deadline, see the header at the top of this page. Please note that concept notes must be submitted via the OTF website no later than 23:59 (11:59PM) GMT on the deadline date listed at the top of this page in order to be considered for that round.
To stay up to date on this and other OTF funding opportunities, sign up to join the OTF-announce mailing list.
All CIF applications are reviewed by the OTF team; selected applications are also then reviewed by OTF’s independent Advisory Council review panel. CIF proposals are reviewed by specific AC members who bring with them a deep knowledge of and experience with core internet technologies.
Members of the CIF Advisory Council review panel are:
Chief Strategist, Red Hat
Anthony D. Joseph
University of California at Berkeley
Security Technologist and Author
Author, Journalist, and Activist
Director, Office of Internet Freedom, Broadcasting Board of Governors
Sr. Director of Infrastructure Security at The Linux Foundation
Daniel Kahn Gillmor
Senior Staff Technologist, ACLU
Security Engineer at Mozilla
OTF awards are performance-based contracts (see an example template here) signed directly with the applicant. Payment is issued on completion of stated objectives, activities, and deliverable per a schedule outlined in the contract. OTF reserves the right to award less or more than the funds requested as deemed in the best interest of OTF’s priorities.
Applications that request more than the award ceiling of $300,000 or less than the award floor of $5,000 may be deemed technically ineligible.
Application requirements, submission, and deadlines
Project and Budget Periods
OTF awards are generally 6 to 18 months in duration. From time to time, OTF may consider requests to extend existing contracts beyond previously agreed upon duration. Any such decision will be subject to availability of funds, satisfactory progress of the applicants, and a determination that continued funding would be in the best interest of program priorities.
Monitoring & Evaluation
Successful applicants selected by OTF are paired with an OTF program manager who oversees all project monitoring and evaluation for the duration of the awarded contract life-cycle. Monitoring and evaluation assessments are largely based on predetermined and agreed upon metrics, deliverable, and goals as laid out by the applicant in the project proposal work-plan.
As described above, because payment is dispersed at regular intervals upon completion of stated contractual goals, successful applicants can expect regular contact with their OTF project manager. Monitoring consists of compulsory monthly reports and also phone, email, or in-person discussions and consultations as needed.
Ideal applicants are proposing efforts within the scope of this fund and OTF’s mission, values, and principles. In addition, ideal applicants meet one or more of the following:
- Individuals of all ages irrespective of nationality, residency, creed, gender, or other factors, with the exception that OTF is not able to support applicants within countries that the United States has trade restrictions or export sanctions as determined by the U.S. Office of Foreign Assets Control (OFAC);
- Non-profit organization/non-government organization, including U.S.-based NGO, PIO, or foreign NGO;
- Non-profit university or research institution in any country;
- For-profit organization or business in any country;
- Consortia of multiple people or organizations with one individual or organization designated as the lead applicant;
- Have demonstrated experience administering successful projects, preferably targeting the requested program area, or similarly challenging program environments where OTF reserves the right to request additional background information on organizations;
- Ideal applicants should not duplicate or simply add to efforts supported by other USG funding programs;
- Ideal applicants must not reflect any type of support for any member, affiliate, or representative of a designated terrorist organization, whether or not elected members of government.
A Commitment to Diversity
OTF prioritizes projects coming from individuals or organizations who are new to the internet freedom community, identify as under-represented within the field, are requesting less than $300,000 for efforts with a duration less than 12 months. This allows us to empower a new pool of technology and development talent that may not have been otherwise supported.