The next time you drive over a bridge, imagine if its maintenance depended on the efforts of a single volunteer. Its structure, safety, and general upkeep would hinge on this one person’s availability to check the screws, examine the steel for signs of fatigue, and give the bridge a fresh coat of paint. Absurd, right? If we maintained our bridges, roads, and other physical infrastructure this way, we couldn’t really rely on them. They would fail and endanger us regularly—and who knows how long adequate repairs might take?
It sounds crazy in the context of physical infrastructure, but many people don’t know that this is how much of our critical digital infrastructure is maintained. The infrastructure we rely on every day to make sure our digital clocks are in sync or to protect our credit card information when we shop online is often maintained by a single volunteer. This means that often, just one person makes sure that the essential software code that powers so many of the products and services we use every day runs smoothly.
This is because the same free software code is used for the critical components in many different kinds of software: No one person “owns” it. This enables innovation, because everyone can build off what has come before, and makes it possible for more technology to be created at a lower cost, because no one needs to start from scratch. But this free, public code—which we refer to as open source software—needs regular upkeep and maintenance, just as physical infrastructure does, and because it doesn’t belong to any one person or party, it is no one person’s job to maintain it. Without maintenance, we see the digital equivalent of a crumbling road or a collapsing bridge. Some people call this phenomenon a “tragedy of the commons.”
How we rely on digital infrastructure—and what happens when we can’t
In 2013, a critical security flaw was discovered in an obscure website called RubyGems, which manages some of the freely available code that companies like Twitter, Hulu, and Airbnb rely on anytime they want to update their code. RubyGems enables everything from small design tweaks to managing e-commerce. The security flaw was first noticed during a normal workday, but it could not be fixed until the following weekend, for the simple reason that all the people who maintained RubyGems had full-time day jobs. The flaw was so serious that RubyGems was taken offline for days while waiting to be fixed. Companies that relied on the site to maintain their own websites had to wait days for it to come back online. Fortunately, in this example, the harm caused by the outage was minimal. But what if RubyGems were being relied upon by hospitals or electric companies—companies whose services are essential to the functioning of entire economies—or systems and infrastructure that can mean the difference between life and death?
It could happen. RubyGems is hardly unique. Thousands of critical software projects are similarly at risk of being undermaintained, and of collapsing as a result. The volunteer developers who keep these projects going are typically underpaid and overstressed.
So: Why is this, and what can we do about it? For the past two years, Nadia Eghbal, a researcher and open source expert, has been trying to answer this question by examining what makes our digital infrastructure so special and what its underlying problems are. She found that while lots of companies and organizations rely on digital infrastructure to build their products and services, few of those projects are well funded or supported. Her report, Roads and Bridges: The Unseen Labor behind Our Digital Infrastructure, illustrates a number of reasons why.
Why digital infrastructure is in crisis
Free and public code grew in direct response to the perceived failings of expensive, proprietary commercial software. As a result, the heart of the problem with digital infrastructure is also part of what makes it so rich with potential: It is not centralized. There is no one person or entity deciding what’s needed and what’s not. There is also no one overseeing how digital infrastructure is implemented. And because the community of volunteers developing this infrastructure has a complicated relationship with what might be seen as a more traditional, or official, way of doing things, few digital infrastructure projects have a clear business model or source of revenue. Even projects that have grown to be used by millions of people tend to lack a cohesive structure and plan for sustaining the technology’s long-term development.
Eghbal argues that finding a solution to these problems is not about redesigning the system. The community-driven, volunteer-based approach has brought us somewhere incredible. She asks us to embrace the decentralized nature of our digital infrastructure, suggesting several ways we can begin to solve our infrastructure problems by supporting its fundamental decentralized character, instead of trying to overhaul it.
What we can do to strengthen our digital infrastructure
We need to start by educating people who are in positions to provide support. Many of them—from start-up engineers to government officials—don’t know enough about how digital infrastructure functions and what it requires, or are under the perception that public software doesn’t need support. Next, we can encourage the development of clear standards across all open source projects. That includes consistent documentation practices, legal agreements, and standards for maintaining volunteers’ contributions—to make participation and maintenance easier.
From there, it’s crucial to expand the community of volunteers that maintains digital infrastructure. Currently, that community is a small one, not proportionate to the scale of the work we rely on it to do. And it does not represent the diversity of the Internet users who rely on its efforts. It’s also important to find ways to measure the use and economic and social value of digital infrastructure. Doing so is a challenge, but without metrics that demonstrate concrete value, it’s going to be difficult to advocate for support.
The Ford Foundation is working with Nadia Eghbal and other partners, including the Alfred P. Sloan Foundation, to implement these solutions. In the coming months we will share more, including our first digital infrastructure grants and opportunities for research and support to address this issue.