What do you do at Mozilla?
I like to say there are two main parts of my job: knowing everything Mozilla is doing, and offering guidance around legal risk for all of it, under all laws, everywhere in the world. Simple as that! The first part is actually the most challenging, because we’re working on so many different things, and we move very quickly. I meet regularly with our product managers and engineering leads to hear what they’re up to and what problems or concerns they have.
That’s where the second part comes in, and a lot of it has to do with my own ability to spot potential issues. I can’t know all the world’s laws, but I can have a good sense of the kinds of things that are regulated and that trigger legal compliance requirements. If there’s something that might be a risk, then I can either help guide a team around that, or I can do some research and consult with experts—including here within Mozilla—to figure out what we need to know.
With such a broad scope, how do you prioritize?
In part, it’s triage. What’s the likelihood that something we’re doing is going to upset someone, or some government, and what are the consequences of that? Our decision on Firefox Send is a good example. We learned that the product was being abused to send malware and reveal the identities of people in India who were working for freedom, and something like that—where the likelihood and consequences of harm are both high—obviously goes straight to the top of the list. Very quickly, our Legal and Security teams came together to immediately pause Send and evaluate what could be done to stop the abuse. Ultimately, we decided to decommission the service.
Usually, our decisions are less about compliance with actual laws and more about our own internal policies, which tend to align with whatever the highest legal standard is globally. First and foremost, we never want to risk progress toward the Mozilla mission of keeping the internet open and accessible to everyone. Laws tend to set the floor; they’re generally just trying to make sure companies don’t do active harm. But we want to go beyond that and be an example for the industry—to show it’s entirely possible to succeed in tech and build extraordinary products without vacuuming up people’s data and squeezing it for every last bit of money.
Tell us more about how you collaborate with other teams.
At other companies, the relationship between Legal and Product or Engineering can be pretty adversarial—Legal is seen as an obstacle to overcome rather than a partner. But here, our relationships with other teams are incredibly strong. In part, that’s because we tend to get involved early on, and we always try to understand not only the question we’re being asked but why we’re being asked it—so that if we do have to recommend against something, we can suggest another solution that will still help our colleagues meet their goal.
And it helps that our Engineering and Product folks do a big part of our job for us. At most companies, the Legal team gets questions like, “Hey, we have all this data. Can we use it in this way or that way?” Here, it’s often, “We have all this data. Can we delete it? Or anonymize it?” People really want to meet our internal standards, which again, are often more strict than the actual law.
I think another big reason we work together well is that we know each other as people. My colleagues in engineering know that I do magic. I know about their hobbies, their kids, their life outside work. In a bigger company, or where those interactions are more rare, I think it’s easy to be skeptical of what Legal is telling you. But knowing each other really helps us give each other the benefit of the doubt and trust that we’re all trying to do the right thing.
What’s challenging about your job?
Learning everything that’s going on is my favorite part of the job, but it can definitely be a challenge to keep track of it all—especially on a small-but-mighty team, and when some of our products are so deeply technical. When I was doing litigation, I still needed to have the facility to know where to go for research, but I often had more time to dig into questions. In-house, it’s more on me to have enough background that I can already know the best solution or have it at my fingertips. Plus there’s always something new to learn. For example—when I joined Mozilla a few years ago, I had a background in intellectual property law that applied reasonably well to a lot of what we were working on at the time. But then we developed some paid products, and it became part of my job to look out for issues in payments law, which is very complex and regulated.
That said, there are some great, authoritative resources online, and we have a stable of outside counsel whose expertise we trust in specific areas. I also do a lot of continuing legal education to help me get background on new topics. And there’s lots of institutional knowledge within Mozilla, not only within my team but also on the Product and Engineering teams. They may not know the nitty gritty details of the laws, but they know a ton about privacy and security in general and can help me figure out where to go.
Of course, they’re also a great resource for technical expertise. More often than not, I don’t have to get extremely detailed there; laws generally govern the “what” rather than the “how.” And I did learn a little code in college—I was a double-major in political science and music science and technology—so I can read it when need be. But really, I know just enough to be dangerous. So if I’m working on something highly technical, like our enhanced tracking protections that block cookies and fingerprinting, I do rely very heavily on our wonderful engineers, who can not only do these things but explain them in terms I understand.
Tell us more about doing magic. How did you get involved in that?
Like most people my age who are into magic, it was something I found early on. These days, that’s changed—we have all these high-profile people like David Blaine and Derren Brown, and shows like America’s Got Talent and Penn & Teller: Fool Us, and that’s created a group of magic fans who are much more diverse, in age and in general. Historically, though, it was mostly people who got magic kits as gifts when they were kids—as most young boys do, and more young girls should—and that was the case with me. Then I saw a magician in a restaurant, and I was fascinated; I asked my parents to take me back three times in a week. That magician did a Paul Harris trick called Immaculate Connection, where you link two cards together—and he wouldn’t tell me how to do it, but he did tell me where the local magic shop was.
So I got a book with that trick, which turned out to be very difficult, but I stuck with it and loved it. To this day, much as I enjoy performing, it’s the difficulty and manual dexterity I’m really drawn to. In fact, I’m usually working a little harder on stage than most pros would advise! But I’ve been at it for long enough now that even if a trick goes wrong, I can usually fix it.
I practice a lot, too; anyone who worked near me back when we were in the office has probably seen me take out a deck and drill techniques at my desk while I read some documents or join a video meeting. And I perform as much as I can—I do corporate events and private parties, and before the pandemic I ran a show called the SF Magic Hour, where different magicians would go up every month to work on new material in front of an audience. I’ve had several large crews of Mozillians come out when I performed at those; it’s always nice to have a cheering section.
What are you looking forward to right now, with magic and at Mozilla?
With magic, what I really like doing is coming up with new tricks—or new methods for existing tricks. I’m working on my third book right now, which should be out later this year or early next, and I’m looking forward to seeing my ideas in print so other magicians can build off of them. I’m also excited about things getting safe enough to go back to live performance soon. I did get to do some different, fun, activities during the pandemic; I had time to develop a new trick and perform on Penn & Teller’s Fool Us, and I did some Zoom shows. But while I am happy to share magic that way, and I know people enjoy it—it’s still so painful to finish a trick to dead silence because everyone is muted!
Seeing people in person is part of what I’m looking forward to work-wise, too. I’m very extroverted; I gain energy from being around people. So I’m excited to see my coworkers again, and to meet all of the new Mozillians who have joined over the last year or so. Beyond that, we’re growing in several cool areas, both in terms of new products and in expanding how our VPN works and where it’s available. Mozilla never stands still, and that’s what I really love. There’s always something coming across my desk for which I get to say, “I don’t know, but I’ll find out.”
Interested in working with Michael and the rest of the Mozilla team? Check out our open roles.