Last March, our Board approved a new “Cyber Initiative” with a budget of $20 million over five years. The Initiative aims to build a field of policy analysis for problems relating to security and technological trustworthiness on the Internet. While government and industry are both already spending vast sums of money to deal with such problems, their focus is overwhelmingly on present needs and problems and mainly involves developing technologies to combat hackers, thieves, and enemies. Hardly anyone is thinking about the lasting consequences of today’s solutions, much less about developing overarching policy frameworks for long-term global governance and security.
The importance of having such frameworks cannot be overstated. Our lives increasingly depend on the Internet, and choices we are making today about Internet governance and security have profound implications for the future. To make those choices well, it is imperative that they be made with some sense of what lies ahead and, still more important, of where we want to go. Yet little or no thought is being given to such questions, partly because of avoidable obstacles. At present, few institutions treat questions of cybersecurity and Internet policy as a central or even important focus of their work. Individuals with proper training to address these questions are in short supply, and those who exist seldom speak to each other or share information. Nor has anyone given them reason to do so: funding for this sort of work is practically nonexistent.
The Cyber Initiative seeks to overcome these obstacles, and, in so doing, to build a “marketplace of ideas” about cyber policy—generating the kind of robust arguments and analytic frameworks needed to begin articulating sensible long-term public policy. We plan to do this by (1) supporting and/or building dependable, independent institutions capable of training, nurturing, and supporting experts with a sophisticated understanding of the problems; (2) convening experts from government, industry, academia, think tanks, and other arenas to share information and develop the trust needed to work collaboratively; and (3) attracting additional funders to help grow and develop the new field.
The announcement of the Cyber Initiative prompted a great deal of commentary about the need for, and importance of, our plan—much of it likewise emphasizing the absence of serious public policy analysis. These reactions came not just from potential grantees (whose statements may perhaps be taken with a grain of salt), but also from people working in government, industry, the media, and philanthropy. Our specific focus—creating opportunities for people coming from different sectors and disciplines to exchange information and work together, and developing multiple long-term policy options—was singled out for particular approbation. Given the modest size of the initiative, the attention it garnered came as a pleasant surprise, but it also says something about timing: public policy for cyber is a field ripe to be built.
Even so, building the field will not be easy—and not just because of the modest scale of our initiative, which is only $4 million per year for five years. As we explained to the Foundation’s Board in March, our plan has never been to build the field ourselves. Rather, we intend through our grantmaking to demonstrate what is possible, while working to attract additional funders and funding into the field. The reactions to our announcement were heartening precisely because they confirmed our sense that there is widespread interest and curiosity. The bigger problem turns out to be that the field is so underdeveloped that neither we nor other potential funders have adequate places even to begin.
An unanticipated partial solution to this last problem emerged during the summer, with the discovery that the Foundation needs to pay out more this year than originally budgeted if we want to keep the excise tax on our earnings at one percent. The Board agreed in July that we should do so. In September, I updated the Board, explaining that the Foundation needs to spend as much as $50 million before December 31 for this purpose; at the same meeting, the Board agreed to allocate $5 million of this amount for humanitarian aid in connection with the Ebola outbreak in Africa. Those funds are in the process of being disbursed.
At the time of the July meeting, the Board agreed to consider using the remaining funds in connection with the Cyber Initiative. More specifically, the Board gave permission to ask three Universities—Berkeley, MIT, and Stanford—to submit proposals for grants to establish multidisciplinary, public policy programs focused on cyber issues broadly understood.
It is worth briefly recounting the reasons behind this decision. As we discussed in July, establishing a number of strong academic centers will powerfully kickstart our Cyber effort—making a potentially transformative difference in launching a new field of public policy analysis. These grants will create critical centers of excellence that give other funders places to start building and enable us to use our limited resources more effectively. And if prior experience is any guide, we can expect other universities, think tanks, and funders to follow suit in launching their own cyber efforts.
A second, more easily answered question is, why Berkeley, MIT, and Stanford? To begin, it makes sense for us to start with major research universities. Eventually, we will need to support think tanks and other potential homes for policy development, including institutions that can attract participation from quirky and unorthodox technology types. But universities are likely to remain the foremost centers for developing long-term policy analysis, especially as our goal is to support analysts who are independent of both government and industry. Universities will also remain the key destination for training new people. Finally, and especially relevant for present purposes, major research universities are among the relatively small set of institutions capable of absorbing and making good use of $15 million grants in short order.
There were, of course, other universities to consider in addition to Berkeley, MIT, and Stanford. Based on our research, however, the three schools we selected seemed like the most promising places to start. All three have concentrations of world class faculty and graduate students working in a variety of relevant programs and centers scattered across their campuses—programs and centers that could and should be aligned to work collaboratively on cyber issues. What they have lacked are the resources and the impetus to do so, which the proposed grants will supply.
The full memo I shared with the Hewlett Foundation’s Board last month (from which this blog post is adapted) to provide them with the information they needed to approve these grants is now available on our website. It has more details about the proposal development process and the content of each school’s proposal, as well as thoughts on how we will measure success and the benefits and risks associated with making the grants.
If you’re interested in learning more about the thinking that went into making these grants, I hope you’ll take the time to read the whole thing.