Interview with Cindy Cohn, EFF Executive Director

by steph | December 23, 2019

Cindy Cohn Cindy Cohn, Executive Director of the Electronic Frontier Foundation (EFF) and Board Member of the Tor Project, was named one of America's Top 50 Women in Tech 2018 by Forbes.

As a tireless defender of digital rights, we wanted to get her take on the state of the internet today, recent victories and challenges ahead, and Tor’s role in taking back the internet.

How would you describe the internet today?

Disempowering. Between surveillance business models, national security surveillance, and ineffective legal and technical protections, many people feel that they have no power to protect their security and privacy.

But the good news is that we can regain control, and more people than ever are demanding a course change. Tor is a critical tool to helping us make that shift.

What do you think are some key victories that have happened in the past year to advance privacy and freedom online?

Tor and the Tor network just keeps getting stronger, more important, and easier to use. That’s amazing and a testament to the fierce, powerful and smart people who develop, support, maintain, and protect it.

I’m also heartened by the growing recognition across the world that privacy and security are linked and that technical, legal, and policy work is all needed to protect them.

I’m biased, but I think that a major step toward protecting people’s privacy as they cross the US border came in the Alasaad case EFF and the ACLU handled, where the court agreed with us that the US government needs reasonable suspicion to search the devices that people carry.

The ongoing efforts to encrypt the web and increase awareness about security tools and practices are also cause for celebration.

What challenges do you think privacy advocates and developers will face in the next year online?

I think the rise of authoritarianism around the world will continue to present challenges for privacy advocates and developers. One of the key things that would-be dictators know is that they have to prevent the people from being able to speak and learn things confidentially. This means more attacks on encryption.

I think that advocates and developers will need to continue to stand up for encryption and also ultimately will have to address the need to re-decentralize the internet. The pressures on the tech giants to make sure that no one can have a private conversation online will continue. We need to be ready and build out alternatives.

What is the internet you would like to see in the future?

We need to build a world where everyone has free (as in speech) access to read, speak, create, and control their experience, including creating their own tools and protecting their own privacy. A world where humans have the legal, policy, and cultural support and protection to do so. Where individuals have the strength and processing power to take on larger organizations, whether government or corporate, as well as to be protected from them. A world where our technology, whether as simple as an email or as complex as an AI system, is trustworthy and loyal to us.

Why do you think people should support and care about Tor?

If you care about maintaining (or creating) a society that can change — where ideas can grow and information can be learned free of control by governments or corporations — then Tor is one of the critical tools that you should support and care about.

Tor protects the canaries in the coal mines.

Even if you personally don’t need the protection that Tor offers, standing up for Tor is standing with the people who take risks to keep the rest of us informed about some of the most dangerous and important facts and issues facing the planet.

Donate to the Tor Project

 

Comments

Please note that the comment area below has been archived.

December 23, 2019

Permalink

Many thanks to Cindy Cohn for her willingness to speak out on behalf of Tor, an invaluable tool for the defenders of human rights!

As we all know, Tor is unfortunately is on the receiving end of a seemingly unending stream of "bad press" in the US mass media, not to mention official invective associated with the "Going Dark" FUD punted by the leaders of such agencies as DOJ and FBI. The interview above is a rare example of a counterattack in the public sphere, but I fear no-one outside the Tor community will read it unless TP and EFF try to make our side of the story more widely available.

I would like to urge Tor Project, EFF, and Citizen Labs to consider joining forces to pursue four projects which involve reaching out to US politicians such as Washington Senator Maria Cantwell:

First, please try to ensure that Congress is aware of the positive role played by Tor in protecting activists, dissidents, human rights researchers, and whistle-blowers around the world.

Second, please try to ensure that Congress is aware of the negative role played by the rapidly growing cyberwar-as-a-service industry, which includes such notorious malefactors as Hacking Team, Gamma Group, NSO Group, and Dark Matter. Please try to ensure that they are aware that these companies are actively hiring form NSA/TAO and Unit 8800 (Israeli equivalent of NSA/TAO) operatives, and are attacking Americans in the USA who are opposed to human rights abuses by such countries as Saudi Arabia.

Third, please try to ensure that Congress is aware of the horrific potential for harm which is presented by machine learning (mis)-informed by Big Data repositories, in connection with "the New Jim Crow" and the kind of horrifying technologically sophisticated population control system ("social credit") being created (with the help of American companies) in China.

Please make sure they know that a similar system is not only possible in the US, it is inevitable unless Congress takes a hard look at the tales they are being told by companies such as Amazon, Facebook, Google, IBM, and Microsoft, which hope to profit by making self-serving and greatly exaggerated claims that machine learning informed by Big Data repositories holding (for example) the medical files of every American citizen, or the social media posts of every American student, can "cure cancer" [sic], "eliminate mental illness" [sic], "improve educational outcomes" [sic], "eliminate traffic congestion" [sic], "eliminate human trafficking" [sic], "eliminate cyberbullying and school shootings" [sic], and "prevent terrorism" [sic]. Deep Blue might be good at solving chess problems but the social woes just mentioned are not artificial and are for more complex.

Please try to ensure that Congress is particularly wary of particularly insidious population control schemes which USG has been developing for some decades, which go far beyond China's hideous "social credit" system, which consist of the following stages:

Stage One: "collect it all" about every American, using both government and corporate systems which collect and store all the "data exhaust" emitted by everyone alive.

Stage Two: amalgamate this data in huge databanks sourced from literally hundreds of government and corporate sources, including public school agencies, medical insurers, medical providers, data brokers, real-time bidding companies, brokers who collect (from their telecom partners) and sell real-time geolocation telecom data, credit agencies, police agencies, and a host of federal agencies such as NSA, FBI, and even CIA.

Stage Three: construct elaborate supercomputer models of the populations of entire major US cities, in which every resident is individually represented, together with their relationships with family, friends, employers, schools and local government agencies, plus their personal financial, educational, medical, housing, travel, and communications histories (to give an idea of the level of detail, these systems aim to know not only when and where parents drop off their children at school but route they drive, even the path they take when they walk the dog). The models also incorporate various alternative government actions, everything from PSAs to new administrative rules or new laws, or even actions targeting particular persons such as prominent political dissidents.

Stage Four: trial various alternative actions by the government in runs of the computer models, and choose the one which best meets some governmental objective (such as maximizing tax revenues, or minimizing political dissent).

Please suggest that Congress contact scientists employed by the US National Labs which have played a leading role, together with public/private partners such as the Santa Fe Institute, in developing these population control systems, in great secrecy. Please see in particular an tragically overlooked story published by Wired which offers a strong hint at what these systems are capable of doing to each and every citizen:

https://www.wired.com/story/scientists-know-how-youll-respond-to-nuclea…
Scientists Know How You’ll Respond to Nuclear War—and They Have a Plan
Using data from smartphones, satellites, remote sensors, and census surveys, modelers can create synthetic populations—and watch what they do in a disaster.
13 Feb 2018

This story only discusses the potential benefits of such computer models, but EFF should immediately appreciate the enormous potential dangers, particularly in the hands of someone like President Trump (or President Putin or President Xi.) Please note that the story suggests that some of the people who have been doing this kind of modeling for entities such as LANL are finally willing to speak out in public, at least about the potential benefits. But they should be called before Congress to testify about the all too plausible malicious uses of these vastly powerful systems for behavioral prediction and social control.

Fourth, please urge Congress to encourage the growth of a privacy industry.

Why are medical providers still relying upon unencrypted fax machines to share personal medical files, rather than using tools such as OnionShare which are no harder to use (and less expensive) than fax machines?

Same question for law offices, government officials, political parties, and most journalists, regarding other extremely sensitive personally identifiable information.

Why are such useful accessories as Faraday bags (for smart phones) so hard to obtain? Why are such horridly unsafe products as Amazon Ring and similar "home security systems" [sic] which rely upon insecure WiFi or even worse "cloud hosting" (shudder) the only game in town?

More generally, why are consumer devices designed using the sensible principle "do one simple thing and do it very well" (thank you, UNIX) impossible to find? A good example would be clocks which lack cameras/mics or any physical capability to transmit signals, but which receive over the air federal time signals--- such devices are invaluable in case of blackout and very useful for anyone using a Tor client running on a device with an imperfect system clock, but are virtually unobtainable in "big box" consumer electronics stores. Faraday bags are another item which would surely sell well if they were only readily available.

(I suspect that the answer to all my "why" questions is that Big Tech is well aware that they can make far more profit by spying on everyone than by helping anyone to make surveillance capitalism less easy or less profitable. Indeed, Amazon itself is already enjoys a virtual monopoly as retailer of consumer electronic items, and openly aims to become a monopoly on groceries and other household essentials as well. Congress talks but does nothing, because Amazon lobbyists come calling with huge campaign contributions. But maybe, just maybe, if EFF and Tor Project come calling to, some in Congress maybe willing to hear from those who are willing to speak up for the voiceless majority of citizens who are economically excluded from having a say in the American legal and political systems.)

Home security systems should not use WiFi and certainly should not be cloud based, because of the danger that cameras will be turned against the home owner, or used to harass entirely innocent passersby. The industry trend towards making everything IoT capable, equipped with hidden cameras/mics or WiFi radios, or cloud hosted is utterly insane from the viewpoint of cloud security.

Far from opposing strongly encrypted private messaging, Congress should seek to ensure that safe and reliable strongly encrypted communications are readily available to every American.

I know I am asking a great deal from three overworked and under-resourced groups, but I believe that all of these projects are extremely urgent and very much in vital interests of all North Americans (and all citizens of every other nation). One lonely voice is not enough, however well-informed, to counter the self-serving lobbying of vastly wealthy corporations such as Amazon, Facebook, Google, IBM, and Microsoft.

One simple task which I believe would be very helpful in countering the endless bad press targeting Tor with unfair accusations of responsibility for everything from human trafficking to incidents of swatting: the essays published in this blog during this and previous year-end fund-raising campaigns can do invaluable service in journalists and education decision makers about the positive role played by Tor in so many things connected with human rights, civil liberties, and social justice movements which aim to combat such threats as economic inequality, the dehousing crisis, militarized policing, nuclear weapons, failing states, criminal cartels and warlordism, famine, civil wars, mass migrations, and climate change. Accordingly, I ask TP to collect them and feature them prominently in the home page, decvnxytmk.oedi.net

@ readers: please join me in support Tor Project, Tails Project, and EFF!

> Amazon itself is already enjoys a virtual monopoly as retailer of consumer electronic items, and openly aims to become a monopoly on groceries and other household essentials as well.

Amazon also has a near monopoly on office supplies. And Bloomberg News, which was founded by a rival candidate, who unlike Bernie Sanders is a billionaire (I refer to Mike Bloomberg), is reporting that the Sanders and Warren campaign are buying paper or something like that from Amazon, a company which those candidates (and many many other Americans) are criticizing for everything from outrageous privacy violations to seeking to monopolize all retail sales to consumers worldwide:

thehill.com
Gop 2020 Democrats target Amazon while spending big money on it: report
Rebecca Klar
24 Dec 2019

> Two of the top candidates vying for the 2020 Democratic presidential nomination, Sens. Bernie Sanders (I-Vt.) and Elizabeth Warren (D-Mass.), have been among the largest spenders on Amazon while also being the most vocal critics of the tech giant.

The insinuation that Sanders and Warren are being hypocritical in buying from Amazon while criticizing the near-monopoly of Amazon seems just a bit unfair. If you need to buy office supplies, and you need to save money, and in effect only Amazon sells the supplies you need, what choice do you have but to buy from Amazon.

Truly, this absurdity is a perfect illustration of why Amazon is very obviously in blatant violation of existing anti-trust laws. Alas, the last time DOJ attempted a major anti-trust action, targeting Microsoft, they were defeated in court by the vastly superior legal resources of Microsoft. The well-funded Big Tech lobby will no doubt easily suppress any serious attempt in the US Congress to press DOJ to hit Amazon with a credible anti-trust action (as DOJ is required to do by laws which Congress has not repealed).

>> Home security systems should not use WiFi and certainly should not be cloud based, because of the danger that cameras will be turned against the home owner, or used to harass entirely innocent passersby. The industry trend towards making everything IoT capable, equipped with hidden cameras/mics or WiFi radios, or cloud hosted is utterly insane from the viewpoint of cloud security.

Adopting Tor or supporting human rights or justice reform which appear to be inconsistent, to say the least, with joining the in-home/sidewalk surveillance dragnet being created by companies like Amazon and Nextdoor (both based in California). Gizmodo has been doing a fine job of exposing the enormous potential for abuse presented in particular by Amazon Ring and Amazon Neighbors:

gizmodo.com
Cops Are Giving Amazon's Ring Your Real-Time 911 Caller Data
Dell Cameron
1 Aug 2019

> Amazon-owned home security company Ring is pursuing contracts with police departments that would grant it direct access to real-time emergency dispatch data, Gizmodo has learned. The California-based company is seeking police departments’ permission to tap into the computer-aided dispatch (CAD) feeds used to automate and improve decisions made by emergency dispatch personnel and cut down on police response times. Ring has requested access to the data streams so it can curate “crime news” posts for its “neighborhood watch” app, Neighbors.

gizmodo.com
Ring’s Hidden Data Let Us Map Amazon's Sprawling Home Surveillance Network
Dell Cameron and Dhruv Mehrotra
9 Dec 2019

> As reporters raced this summer to bring new details of Ring’s law enforcement contracts to light, the home security company, acquired last year by Amazon for a whopping $1 billion, strove to underscore the privacy it had pledged to provide users. Even as its creeping objective of ensuring an ever-expanding network of home security devices eventually becomes indispensable to daily police work, Ring promised its customers would always have a choice in “what information, if any, they share with law enforcement.” While it quietly toiled to minimize what police officials could reveal about Ring’s police partnerships to the public, it vigorously reinforced its obligation to the privacy of its customers—and to the users of its crime-alert app, Neighbors.

gizmodo.com
Stranger Breaks Into Ring Camera, Terrorizes 8-Year-Old In Latest Creepy Ring Hack
Alyse Stanley
13 Dec 2019

> A hacker broke into one Mississippi family’s Ring security camera and used its speaker function to scare their 8-year-old daughter, local CNN affiliate WMC reported this week. This incident marks the latest in a recent series of reported Ring hacks wherein strangers terrorize users through their devices, and demonstrates reason number 1,467 why you might want to forego a Ring camera.

gizmodo.com
Ring's Security Woes Cause Some Tech Review Sites to Rethink Glowing Endorsements
Dell Cameron
24 Dec 2019

> At least two tech review sites are discussing whether to rescind their positive recommendations of Ring’s home surveillance cameras, a leading digital-rights organization announced this week. In the wake of reporting by Gizmodo and other outlets this year concerning Ring’s troubled security and privacy practices, Fight for the Future has launched a campaign calling on tech review sites, such as Consumer Reports and PC Magazine, to suspend recommending Ring products. “Tech reviews and guides play an important role in people deciding which devices to buy,” said Evan Greer, deputy director of Fight for the Future.

One of the most troubling points about Amazon Ring is that almost overnight, it seems, almost everyone living in a major US city has been involuntarily included in Amazon's for-profit surveillance network. (See the graphics in the story dated 9 Dec 2019.) The fact that Amazon is already such a powerful force in American society makes its increasingly horrifying in-home and sidewalk surveillance dragnet even more troubling.

The cited Gizomodo stories are very troubling. But I fear that the so far undisclosed full truth about Amazon is planning to do to us is far worse. Amazon clearly has the ability to determine the identities of at least some of its ordinary citizens who express reservations about its most troubling products, and also has the LEA "hand" and the lobbying/legal power to, very possibly, feel that it can get away with specifically targeting Amazon boycotters with Gamergate style retribution. Given all the things which have been coming to light, just in the past two years, about abuses by amoral mega-corporations such as Amazon, Facebook, Google, IBM, and Microsoft, I doubt that it would be in the public interest to dismiss such concerns out of hand.

The 21st Century seems to promise a level of not unjustified global paranoia which probably has not been seen since the 13th Century. Some of the stories which survive about entire towns being wiped out virtually overnight, and about the sickening excesses of the elite, seem to presage the kind of horrific human experience which we can expect in our the Age of Extinction.

I'd also like to thank ACLU's Jay Stanley, who was a privacy advocate long before that became more or less mainstream, in fact for a time I thought he was just about the only privacy advocate in America other than myself--- apart from Mike Perry and the rest of the Tor team, of course!

December 23, 2019

Permalink

I have the perfect real-world metaphor for legally mandated "backdoors" in Tor and other privacy-protecting software:

Imagine a physical door lock, widely sold to American homeowners, and particularly marketed to American landlords at "low low rates" made possible by secret financial assistance (to the lockmaker) from FBI and other LEAs, which has a covert feature of great convenience to entities such as intelligence agents and cops (and landlords) who wish to enjoy convenient covert access at any time to any home or apartment: if you insert any key (not necessarily the unique key which the homeowner or tenant possesses and mistakenly believes is the only one which will open the door) and wiggle it just right, the entire lock cylinder comes right out. Boom! Free access to someone else's home or apartment, no warrant or legitimate key possession required.

Now imagine that such "locks"--- the scare quotes are appropriate because any "lock" which has a built-in "defeat mechanism" is worse than no lock at all, because it offers ordinary citizens a very false sense of security in their own home--- are not only widely available but are actually required by law. Does the legal mandate for convenient LEA/landlord make you feel safer? Really? Did you forget about the friendly neighborhood drug dealer a few houses down? Want him to have easy access to your home too?

If it sounds like I am describing an actual physical door "lock" above, that is because I am.

I doubt that, in this context, I need to offer any explanation of the analogy between physical front door "locks" and a "backdoored" Tor. But see also this highly relevant story:

theguardian.com
Popular chat app ToTok is actually a spying tool of UAE government – report
Government reportedly uses ToTok to track conversations, locations and other data of those who install the app
Associated Press
23 Dec 2019

> A chat app that quickly became popular in the United Arab Emirates for communicating with friends and family is actually a spying tool used by the government to track its users, according to a New York Times report. The government uses ToTok to track conversations, locations, images and other data of those who install the app on their phones, the Times reported, citing US officials familiar with a classified intelligence assessment and the newspaper’s own investigation.

Just to be clear: I trust TP's assurances that Tor has not been "backdoored", because if we cannot trust Tor, we cannot trust anyone. But I am concerned that Tor consistently fails to address a possibility which is far more likely that NSA attempting to insert backdoors directly into the Tor code itself, namely: NSA and other adversaries may well attempt to covertly mandate weaknesses in pseudorandom number generators, NTP, OSCP lookups, gedit, or other code which is used by Tor and/or Tails but which is not developed by Tor Project or Tails Project coders, but by "upstream" providers. I note that while the "millions of eyes" which some claim (ludicrously) are constantly fixed upon all open source software may be able to detect some obvious "backdoors" inserted into code, very few are likely to spot subtle cryptographic flaws in a pseudorandom number generator.

I hope that if the day comes that TP receives a legal order from USG requiring that TP knowingly accept backdoors--- including subtle flaws in "upstream" provided pseudorandom number generators incorporated into Tor--- that Tor will immediately violate any gag orders, contact the press, move outside the US, and continue to offer unbackdoored Tor.

Please, never forget the principle that a misleading assurance of false security is always even more dangerous than a knowing lack of security.

December 24, 2019

Permalink

>> medical insurers, medical providers

Like USG, HMG (the government of the UK) collects the medical records of all Britons, and has for some years been planning to quietly sell these. There was a huge public outcry after their initial plans were revealed (thank goodness for journalism!), but now they are trying again:

Revealed: NHS England bosses meet with tech and pharmaceutical giants to discuss price list of millions of Brits' medical data
Nine 'commercial models' to access central database mulled at hush-hush meeting
Paul Kunert, UK editor
12 Dec 2019

> Exclusive Talks to package millions of British medical records into a vast, commercially valuable database that may then be sold on are already underway between NHS England bosses and global giants, documents exclusively obtained by The Register show. Last month, a cache of leaked files emerged into public view, detailing post-Brexit trade negotiations between Britain and the United States in which access to the UK's national health service was said to be on the table. Now, hush-hush files and presentation slides seen this week by The Register reveal discussions are already in progress over the future use of patients' personal records and related information, said to be valued at roughly £10bn a year.

Americans wondering who is supposed to pay for the gigantic Drump tax cuts will no doubt get the point. It is surely not a coincidence that a major "consumer on-line privacy bill" called COPRA which has been placed before the US Senate (but has no chance of advancing in this session), which EFF cautiously endorsed, appears to entirely overlook such enormous state-sponsored databreaches of one of the most sensitive categories of personal information concerning residents of the USA:

eff.org
Sen. Cantwell Leads With New Consumer Data Privacy Bill
Adam Schwartz
3 Dec 2019

> There is a lot to like about U.S. Sen. Cantwell’s new Consumer Online Privacy Rights Act (COPRA). It is an important step towards the comprehensive consumer data privacy legislation that we need to protect us from corporations that place their profits ahead of our privacy. The bill, introduced on November 26, is co-sponsored by Sens. Schatz, Klobuchar, and Markey. It fleshes out the framework for comprehensive federal privacy legislation announced a week earlier by Sens. Cantwell, Feinstein, Brown, and Murray, who are, respectively, the ranking members of the Senate committees on Commerce, Judiciary, Banking, and Health, Education, Labor and Pensions. This post will address COPRA’s various provisions in four groupings: EFF’s key priorities, the bill’s consumer rights, its business duties, and its scope of coverage.

Some Americans may believe that their medical records are strongly protected by the HIPAA law, but that law has been burdened with several enormous loopholes which Sen. Cantwell (who some regard as "the senator from Microsoft"--- Microsoft Azure holds and trawls a vast number of medical records of residents of Washington state) has carefully ignored for many years. Possibly the two most dangerous loopholes are exceptions for "researchers" (an undefined term) and a second undefined term which allows trawling psychotherapy case notes (summaries of what a patient told a psychologist or psychiatrist in each session) simply by calling them something other than "psychotherapy case notes".

By the way, another source of data in Stage Two is US Census data. Charming.

>> brokers who collect (from their telecom partners) and sell real-time geolocation telecom data,
nytimes.com
How to Track President Trump
Stuart A. Thompson and Charlie Warzel
20 Dec 2019

> If you own a mobile phone, its every move is logged and tracked by dozens of companies. No one is beyond the reach of this constant digital surveillance. Not even the president of the United States. The Times Privacy Project obtained a dataset with more than 50 billion location pings from the phones of more than 12 million people in this country. It was a random sample from 2016 and 2017, but it took only minutes — with assistance from publicly available information — for us to deanonymize location data and track the whereabouts of President Trump.

The accompanying graphics showing actual tracks of USG officials is quite impressive.

If the Times hides behind a paywall, you can get the gist from

theregister.co.uk
Tracking President Trump

> The scale of the cellphone-location data market was on show this week when the New York Times obtained a three-year-old database of 50 billion phone location pings for more than 12 million Americans. The journalists analyzing the data found one phone that appeared to belong to a Secret Service agent on President Trump's team, and showed the course of the agent's progress during a trip to the commander-in-chief's Mar-a-Lago resort, then to a golf course where Trump was playing golf with the Japanese prime minister. The NYT team were able to track other phones into Congress, the Pentagon, and many other sensitive areas. By following where the phones spent the night, they could also get a good idea of a target's home address and when they were out.

A brilliant example of data journalism, exposing both the ease of "re-identification" and the ease with which nongovernmental entities (such as the Trump re-election campaign) can acquire vast geolocation databases.

December 26, 2019

Permalink

> national security surveillance, and ineffective legal and technical protections

The buzzword, "national security," is all too often simply a euphemism for the whims of plutocrats. To workers in law enforcement, think of who you're actually protecting and serving when someone gives you orders.

Second, laws are just promises that people in power make to people they rule over. Promises are easily broken. They aren't cryptography. They aren't math. They aren't physics. They're just words -- rhetoric occasionally called on to justify top-down action or inaction. And despite the trappings of legislative assemblies, the powerful people who write and amend laws are not always elected.

Double standards in practice, secret courts, rubber stamps, mission creep, unthinking paper-pushing cogs in a machine...

> would-be dictators know that they have to prevent the people from being able to speak and learn things confidentially.

Those types of leaders, appointed or elected, never think they will be targeted by regime systems they establish and institutionalize against other people. And if those systems were in place when they ascended to leadership, they dilute or bury every attempt to undo or reform their status quo until the status quo threatens them personally, and sometimes not even then.

> advocates and developers... ultimately will have to address the need to re-decentralize the internet. We need to be ready and build out alternatives.

Distributed, trustless protocols on the lowest layers possible. centralized < decentralized (federated) < distributed. I sometimes hear about small groups that try to tackle the work, but many fade away. Tim Berners-Lee is one of the people advocating for working on it. Much of the attention today is on blockchains however.

Paul Baran's RAND-published September 1962 justification for distributed communications networks: https://friend.camp/@darius/102259810212340922

> We need to build a world where everyone has free (as in speech) access

We need access to be virtually free "as in beer" too. Internet is practically expected and required for many national government services. Taxes, banking, shopping, and monthly bills pester customers to "go paperless". Teachers throughout grade school assign and collect homework on school websites. If society's institutions depend on everyone having internet, it needs to be a public utility like electricity, water, sewage, heating gas, trash removal, and so on. However, reclassifying it as a utility could regrettably pressure it to centralize as public utilities are, as if it isn't almost centralized by private mergers already.

> A world where our technology, whether as simple as an email or as complex as an AI system, is trustworthy and loyal to us.

Email can't really be fixed. It was flawed from the beginning because developers never thought of privacy. But protocols "as simple as" email submitted for approval as standards in the future have the chance to implement trustless, distributed privacy from the ground up.

Talking about AI systems "trustworthy and loyal to us", have a look at https://github.com/home-assistant/home-assistant