This letter was originally published in our 2020 annual report.
ISRG’s first project, Let’s Encrypt, has been wildly successful. We’re now helping to secure more than 225 million websites and the Web is making great progress towards 100% HTTPS. We’ve put in a lot of hard work and dealt with some challenges along the way, but at a high level the outlook is quite sunny. I’m incredibly proud to share some of what our organization has accomplished in 2020.
While I’m deeply appreciative of being in this position today, I don’t let it distract me, or our fantastic Board of Directors, from thinking diligently about the risks on the road ahead. A big part of our job is to look into the future, see threats and challenges, and prepare to face them as best we can. I’m sometimes asked what I view as the biggest threat to our organization and our ability to pursue our mission and my answer is simple: being taken for granted.
When digital security and privacy is your goal, ease of use has to be your focus. When we examine why real world systems aren’t secure, it usually isn’t because we don’t have the technological means to secure them. The problem is almost always that the solutions are not easy enough to use, either for implementers or consumers.
HTTPS has been around since the mid-90s but uptake was abysmally slow because SSL/TLS certificates weren’t easy to get or manage. Let’s Encrypt made getting and managing certificates easy and as a result HTTPS adoption rates shot up. Critically, the answer wasn’t to get people to think more about their certificates—we needed to make it possible for people to spend much less time thinking about certificates. Ideally we’d be invisible—server software should just get and manage certificates automatically.
Our next project after Let’s Encrypt is going live shortly: ISRG Prio Services. It’s a system for collecting digital metrics that allows organizations to collect the information they need without any entity having the ability to access any individual user’s data. Much like Let’s Encrypt, it protects people without them having to know anything about it.
Despite 2020 being a year of unprecedented, global challenges, ISRG is well positioned for the years ahead. Our current momentum is possible through new major in-kind donations, nearly 90% of our existing sponsors renewing their support for 2020, funding from the Ford Foundation and the Bill & Melinda Gates Foundation, and by welcoming new major sponsors, including AWS, Thales, and Avast.
When your strategy as a nonprofit is to get out of the way, to offer services that people don’t need to think about, you’re running a real risk that you’ll eventually be taken for granted. There is a tension between wanting your work to be invisible and the need for recognition of its value. If people aren’t aware of how valuable our services are then we may not get the support we need to continue providing them.
How are we going to mitigate this risk? The most important thing we can do is continue to communicate effectively with people who are in a position to understand our work and support it. The most important things you can do as a supporter include being an advocate for your company sponsoring us, making an individual donation, or going over this annual report with a few people that you think should know more about us.
On behalf of the hundreds of millions of people benefiting from Let’s Encrypt around the world and our team of sixteen dedicated to this work, thank you for your support.