10 Years of Building a Better Internet

Christine Runnegar, ISRG Board Chair
Oct 30, 2023

I joined the Board of Internet Security Research Group (ISRG) in 2018 and became Board Chair last year, 2022. In those five years I've been honored to witness and be a part of ISRG providing a trusted, reliable and sustainable home for public-benefit digital infrastructure projects. As ISRG celebrates the 10th anniversary of its founding, I wanted to reflect on our impact.

ISRG has significantly enhanced the security and privacy of the Internet for users all over the world, through its Let's Encrypt certificate authority. Today, we almost take for granted that websites will use HTTPS to protect our interactions, and browsers have adapted to that reality by switching from notifying users when a website uses HTTPS to when it doesn't. Ten years ago, less than one third of websites were using HTTPS, even websites that handled personal data.

Let's Encrypt was a game-changer for Internet security for three simple reasons: websites could obtain SSL/TLS certificates without charge, using an automated process, and from a trusted source supported by the community as a provider of public-benefit Internet infrastructure for anyone in the world. Its great success can also be attributed to ISRG's ability to rapidly scale up its services, so that today Let's Encrypt provides certificates to more than 300 million websites.

Further, ISRG is all about community and ensuring that open-source Internet security software is used, maintained and secure. ISRG has shown that public-interest (or public-benefit) organizations provide societal value well above and beyond their individual achievements. Let's Encrypt has inspired other Internet security open-source efforts like Sigstore, an open-source initiative to provide trusted authenticity of open-source software. It has inspired commercial operators to offer the same services to the public, free and automated certificates, and has helped ensure overall trust in the digital certificate ecosystem.

ISRG's impact on the Internet does not stop there.

Through Prossimo, ISRG is on the leading edge of efforts to reduce security vulnerabilities in critical Internet infrastructure caused by memory-unsafe code, by working with the open-source community to develop new software using memory-safe programming languages. One notable example is the work on Rustls, a memory-safe implementation of the TLS protocol. TLS is widely used all over the Internet to encrypt communications, including websites, email, messaging and video conferencing so an exploited vulnerability due to lack of memory safety could cause wide-scale harm.

Divvi Up emerged from the work that ISRG and partners undertook to collect and analyze aggregate COVID-19 exposure notification app metrics. Through Divvi Up, ISRG will provide a more secure and privacy-respecting way for online services to collect user metrics that will hopefully help put an end to pervasive online tracking.

I'm grateful to be the Board Chair of this critical nonprofit as we celebrate the milestone of our 10th anniversary. Given all ISRG has accomplished in just this first decade, I look forward to seeing the many years ahead of their continued work to make the Internet more secure for everyone across the globe.

ISRG is a 501(c)(3) nonprofit organization that is 100% supported through the generosity of those who share our vision for ubiquitous, open Internet security. If you'd like to support our work, please consider getting involved, donating, or encouraging your company to become a sponsor.