I first encountered the idea of “social contracts” for software projects in Neal Stephenson’s seminal essay In the Beginning Was the Command Line, which endorsed the Debian project on the strength of its social contract: “As far as I know, Debian is the only Linux distribution that has its own constitution.”
The Tor Project — which maintains Tor, a popular, open, free, highly usable, and extremely effective anonymity/privacy tool — has just published its own social contract, explicitly modeled on Debian’s.
The contract is generally excellent (like one of the commenters, I balked at a bit of weasel-wording in the section on openness: “Whenever feasible, we will continue to make our source code, binaries, and claims about them open to independent verification.” Though there’s some explanatory text about this only being invoked in “extremely rare cases where open development would undermine the security of our users,” this is still too vague in my view. If it’s about keeping bugs secret until they’ve been patched, then there should be some specific language to that effect, possibly with hard limits (“no more than __ days”). I wasn’t bothered when I learned that the team that discovered Heartbleed didn’t tell us its mechanism for a few days while they created and distributed patches, because at the outset they announced that they had found something very bad, were working on it, and would make a full disclosure in a very short time, after a specific milestone (patch distribution) had been met.
One noteworthy and important element of the contract is its specific promise never to add backdoors or frontdoors. This is significant for two reasons: first, because US law enforcement and military intelligence have specifically targeted Tor, and have possibly even leaned on Tor developers to introduce backdoors. Second, because Tor’s major funder is the US government (different branches of the USG have different attitudes to privacy tools — though in some cases, the DoJ is itself very enthusiastic about Tor).
Tor’s new executive director, Shari Steele (formerly the amazing ED of the Electronic Frontier Foundation) has committed to diversifying Tor’s funding, and that’s important: ending Tor’s reliance on the US government will go a long way to reducing both the worry that it will be compromised by the USG, and the leverage that the USG could apply to make that happen.
Until those structural shifts are accomplished, this constitution goes a long way of showing what Tor is about and what it stands for.
6. We will never intentionally harm our users.
We take seriously the trust our users have placed in us. Not only will we always do our best to write good code, but it is imperative that we resist any pressure from adversaries who want to harm our users. We will never implement front doors or back doors into our projects. In our commitment to transparency, we are honest when we make errors, and we communicate with our users about our plans to improve.
The Tor Social Contract
[Alison/Tor Project]