U.S. net neutrality is in the hands of the D.C. Circuit (again)

Today a United States appellate court in Washington, D.C. [heard] oral arguments over a lawsuit challenging the Federal Communications Commission’s (FCC) recent net neutrality order. We filed a joint amicus brief with CCIA supporting the order. The Internet needs a foundation of clear rules and authority to protect users and innovators from harmful blocking and throttling practices. If, on the other hand, the order is struck down, the U.S. Internet community will be back at square one, with little opportunity to engage with the evolving practices we are seeing today.

Twice before, this court (though with some different judges) has struck down FCC action on net neutrality; but both times, the principal reason was the source of authority supporting the action. In the current order under review, the FCC took the path supported by Mozilla, other organizations in civil society and the tech industry, and 4 million Americans, using its so-called “Title II” statutory powers to support the rules it adopted.

We engaged extensively in the FCC proceeding in support of Title II authority and of meaningful protections for the open Internet, including strong rules against blocking and discrimination of content, for both fixed and mobile Internet access services. We filed a written petition to the FCC, along with initial comments and reply comments. We followed that up by mobilizing our community, organizing global teach-ins on net neutrality. We also joined a major day of action and co-authored a letter to the President. And we’ve gone beyond the U.S. in our support of net neutrality, engaging in the European Union, Peru, and India.

The core argument in our amicus brief reflects our consistent support for net neutrality. Upholding the FCC’s order would preserve the status quo, reinforcing assumptions long held by end users and validating the policy balance and history associated with the concept of communications services. Striking the order, on the other hand, would unbalance the historical level playing field and undermine the pro-innovation and pro-competition framework that the open Internet provides, and which has led to tremendous socioeconomic benefits in the short time of its existence.

We hope the Court will uphold the Open Internet order as a foundation of protections for users, competition, and innovation, and we look forward to working with the FCC to address new opportunities and challenges for the Web as they arise.

UK IP Bill is a threat to privacy, security, and trust online

The British Government has proposed legislation that would expand the surveillance capabilities of law enforcement and intelligence agencies. The draft omnibus Investigatory Powers Bill purports to modernise and update surveillance law to create a regime that is “fit for the digital age.” But as written, the law would undermine the technological and legal design framework that protects the continued vitality of the Open Internet. It represents a serious threat to open source software, online commerce, and user privacy, security, and trust.

The draft IP bill proposes a broad and dangerous set of surveillance mandates and authorities that threaten privacy and security online. Keeping Internet users safe does not have to cost them their privacy, nor the integrity of communications infrastructure.

As a registered UK company, and as a global community whose mission is to promote openness, innovation, and opportunity on the Web, we shared our concerns with the UK government by submitting commentary to the Science & Technology Committee of the House of Commons on November 27.

Our submission identified 5 serious, non-exhaustive concerns we wish to highlight in the bill:

  • Weakening security: Requirements to undermine encryption that pose a severe threat to trust online and to the effectiveness of the Internet as an engine for our economy and society;
  • Tampering with devices: Bulk equipment interference authorities that could be used to violate the integrity of our products and harm our relationship with our users;
  • Secrecy: Limitations on disclosure that impact our open philosophy and in practice are unworkable for an open source company;
  • Legalising mass surveillance: Bulk interception capabilities that would compromise the privacy of communications; and
  • Data retention: data retention mandates that create unnecessary risk for businesses and users.

Find Mozilla’s full submission to the Science & Technology Committee here.

So what’s the alternative?

Government collection and retention of user data impact trust and openness online. This makes it critical to have a clear and public understanding of the means and limits of surveillance activities – a set of surveillance rules of the road.

The following three principles, derived from the Mozilla Manifesto, attempt to identify those means and limits. They offer a “Mozilla way of thinking” about the complex landscape of government surveillance and law enforcement access. We do not propose a comprehensive list of good or bad government practices, but rather describe the kinds of activities in this space that would protect the underpinnings and integrity of the Web.

  • User Security: Mozilla Manifesto Principle #4 states “Individuals’ security and privacy on the Internet are fundamental and must not be treated as optional.” Governments should act to bolster user security, not to weaken it. Strong and reliable encryption is a key tool in improving user security. Security and privacy go hand-in-hand; you cannot have one without the other.
  • Minimal Impact: Mozilla Manifesto Principle #2 states that the Internet is a global public resource. Government surveillance decisions should take into account global implications for trust and security online by focusing activities on those with minimal impact.
  • Transparency and Accountability: Mozilla Manifesto Principle #8 calls for transparent community-based accountability as the basis for user trust. Because surveillance activities generally are (and inherently must be, to some degree) conducted in secret, independent oversight bodies must be effectively empowered and must communicate with and on behalf of the public to ensure democratic accountability.

Next Steps

Comprehensive reform of this bill will be necessary in order to protect online commerce and the security and privacy of users. Mozilla will continue to follow the process closely, including submitting additional evidence to the Committees in charge of scrutinising the bill.

Currently, the Joint Committee on Human Rights is accepting submissions from stakeholders until 7 December. The main committee to analyse the bill – the Joint Committee on the Investigatory Powers Bill – has also recently announced that it will receive written evidence until 21 December. The committee will then report its findings by 11 February 2016.

As a global community of developers and engineers, Mozilla prides itself on providing secure and open products and services to our users. In our view, the draft Investigatory Powers bill is a missed opportunity to set a strong global standard in reforming surveillance powers, and a harmful step backward for the interests of Internet users and the Internet economy.

At this critical time, it is important that the UK government set a strong standard anchored in the values of privacy and security. We strongly advise the committees to carefully weigh the intended objectives with the consequences for the continued success of UK businesses and the security of users.

Now is the time to contact your representatives in the Committees and make your voice heard. You can learn more and take action through a campaign platform launched by a civil society coalition of UK and international organisations, dontspyonus.co.uk.

Creating opportunities for Open Innovation through Patents

In April, I wrote about the challenges the patent system presents to open source software development. I believed then that Mozilla needed to do more by leveraging our mission and position as an innovator. Today, I’m excited to announce the Mozilla Open Software Patent Initiative and Mozilla Open Software Patent License (“MOSPL”). This is our proposal for a first step towards improving the impact of patents on open source software development.

The MOSPL was born from a need to find practical solutions to the challenges to creating openness in the software space. Since its beginning, Mozilla has been bringing together software companies to encourage development and adoption of new, open, and royalty-free technological standards (such as the Opus audio codec and the next generation Daala video codec). We found that, without related patents of our own, it was extremely difficult to persuade companies (particularly large ones) to openly license their patents or adopt standards based on our developed technology. We ran into this problem repeatedly, especially in spaces that are more commonly patented. Obtaining a patent not only gave us leverage in these discussions, it also presented another benefit for open innovation by helping ensure that this work would not be overlooked by the patent office’s prior art searches (which typically might not include open source projects). Over time, this may even reduce the number of abstract, vague, and overbroad patents and the problems that arise from them.

However, once we obtained patents and licensed them openly for our standards work, we ran into another problem: because patents are a right to exclude, owning a patent means that others, from large companies to hackers, cannot use the technology embodied in the patent without a license from the owner. This is not a small problem for Mozilla – the whole point of creating open technology is to encourage use. How would we encourage open use of the ideas embodied within the patents that were outside of the standard? We realized that what we needed was a way to balance the benefit we received from patents with the negative effects of the right to exclude that they created.

As we struggled with this dilemma, we realized we weren’t alone. From Tesla, to Google, to individual developers, many patents are owned for purposes that aren’t at odds with innovation, such as preventing trolls from halting future development and preventing other aggressive incumbents abusing their patent portfolios to stifle competition. However, these owners also realized the broad right to exclude creates challenges for others whom they wanted to encourage to adopt or innovate upon their work. This led to many interesting solutions, from patent pledges, to statements of intent, and implied licenses.

The MOSPL v1 is Mozilla’s proposal to address this challenging issue. It grants everyone the right to use the innovations embodied in our patents in exchange for a guarantee that they won’t offensively accuse others’ software of infringing their own patents and that they will license their own patents out under royalty-free terms to all open source software projects. It represents our effort to address the harm caused by patents when applied to open source software. We are actively seeking feedback on it, so please help us by giving us your thoughts in the governance group.

We’d love to see more companies approach licensing their patents to maximize openness in a way that makes sense for them. If you’ve made the decision as a company or individual to consider open licensing for your patents, we’ve created an Open Patent Licensing Guide to help you understand some of the parameters we encountered through the process. We look forward to seeing more innovation in the open patent licensing space and are excited that even large companies are taking steps to help open innovation thrive, recognizing the importance that openness plays in creating the next generation of technology.

Vulnerability disclosure should come next for Congress on cybersecurity

This week, the U.S. Senate passed the Cybersecurity Information Sharing Act (CISA), a bill intended to promote the sharing of cybersecurity threat information. Mozilla joined the major tech companies and civil society groups in opposing this bill with concerns that it would undermine user trust, privacy, and security. Unnecessary and harmful sharing of private user information could be a real consequence of this bill.

But CISA is not law yet; CISA must be reconciled with the two cybersecurity bills that the U.S. House passed earlier this year, and both chambers will then need to pass the reconciled version. Unfortunately, it’s hard to see how any marginal improvements during these negotiations will be enough to fix its flaws.

If CISA follows this path and becomes U.S. law, it might be tempting for Members of Congress to feel like that they can “check the box” of cybersecurity and move on to the next hot topic. However, CISA and its counterparts will do little to stop exploits like the Target hack, the OPM breach, or the Heartbleed vulnerability.

If Congress wants to make meaningful progress toward improved cybersecurity, it should move now to ensuring that the government is disclosing critical vulnerabilities in computer networks and systems. Responsible disclosure of vulnerabilities would build on any information sharing legislation in a way that could gain widespread support.

CISA is far from the only mechanism for the private sector to share cybersecurity threat information with the government, and by itself is unlikely to result in meaningful improvements in cybersecurity. But information sharing through CISA will likely lead the government to acquire knowledge of critical vulnerabilities in computer networks and systems, and the government’s expeditious disclosure of those vulnerabilities with the relevant vendor(s), in contrast, would be highly valuable. Information sharing was never supposed to be a one-way street. Yet, there is currently no presumption in law that the U.S. government should disclose vulnerabilities. This makes CISA’s provisions requiring information shared with the Department of Homeland Security to be automatically shared with the NSA, DOD, and others in the intelligence community even more concerning.

While the Obama Administration has claimed that it discloses the vast majority of vulnerabilities, we know from recent FOIA documentation that the government currently lets the NSA lead the disclosure determination process, a discussion dominated by the intelligence community with inadequate participation from critical federal agencies like the Departments of Homeland Security or Commerce, and lacks accountability and transparency.

Indeed, the President’s own Review Group on Intelligence and Communications Technologies, which had security clearances and access to classified documents, found that there needed to be a significantly more robust and accountable process around vulnerability disclosure (see Recommendation #30). Implicit in this recommendation is the idea that the presumption should be that all vulnerabilities should be disclosed to the relevant vendor(s) so that they can be patched, and then in due course disclosed to the public. However, there may be times when delay in disclosure may prove so valuable to an ongoing intelligence operation, for example, that such a delay is merited.

Delays in disclosure should be few and far between, and the determination to delay disclosure must involve all of the relevant stakeholders in the government and be guided by a more detailed set of criteria than those Michael Daniel, the White House Cybersecurity Coordinator, laid out last year in a blog post about the Heartbleed vulnerability (although those are a good start).

Members of Congress should not think that their work on cybersecurity is done. With the passage of these information sharing bills, now more than ever, Congress should turns its attention to government vulnerability disclosure in order to meaningfully improve cybersecurity.

Net neutrality amendments and final vote in the EU

UPDATE:

Today, a bitter-sweet victory for net neutrality in Europe: the European Parliament voted on the Telecoms Single Market Regulation (TSM), which will bring some protections for the open internet in Europe. Regrettably, the European Parliament voted against amendments that would have brought clarity and strength to the proposed rules.

As voted, the proposal generally bans discrimination, but falls short in a few areas, including tightening the definition of “specialised services,” disallowing the discrimination of different types of traffic (see more in our analysis below).

The rules will enter into force as soon as the legislation is published in the Official Diary (which could be as early as November, though not yet confirmed).

But it’s not over yet. BEREC, the association of telecoms regulators in Europe, will devise guidelines during a 9 month consultation period that could clarify the interpretation of the rules. We hope that BEREC finishes what the EU institutions started and enacts real net neutrality in the European Union.

ORIGINAL POST:

We’re days away from the vote for adoption of the Telecoms Single Market (TSM), a proposed EU Regulation that would enshrine net neutrality across the continent. The TSM contains rules which would specify the equal treatment of traffic and ban blocking, throttling, and the establishment of fast lanes, although a handful of key amendments are still needed to bring clarity and strength to the proposed rules. There’s still time to take action – find out more about possible amendments and contact members of the European Parliament through a campaign platform launched by European civil society at: https://savetheinternet.eu/.

Net neutrality is central to the Mozilla mission and to the openness of the Internet. As a global community of technologists, thinkers, and makers, we want to build an Internet that is open and enables creativity and collaboration. This is why we have taken a strong stance in favour of real net neutrality around the world. Net neutrality preserves the disruptive and collaborative nature of the Internet, and benefits competition, innovation, and creativity online.

The TSM was proposed in September 2013, and originally contained a number of semi-related issues, from consumer rights, spectrum management, and roaming, to net neutrality. Over the course of negotiations, the text was cut down to contain a reform of roaming charges and net neutrality rules. Since March, the TSM has been in the final stages of negotiation called the “trialogue,” where the three EU institutions (European Parliament, Commission, and the Council) agree on a common approach. The Parliament will get the final say in the Plenary vote in Strasbourg next Tuesday (27 October).

The current text of the TSM would bring a much needed improvement in the EU for protections against blocking, throttling, and prioritisation of online traffic. Still, there are areas where the text needs to be clarified and strengthened, and we hope these changes can be made over the next few days. Here are two we believe to be of critical importance:

Prohibiting the discrimination of different types of traffic. The current text allows ISPs opportunities to prioritize or throttle some “types of traffic” without violating net neutrality. Such type-based discrimination permits ISPs to slow down or speed up entire types of traffic, resulting in severe harm to net neutrality. For example, an application considered to be “chat” type might include video capabilities, or might be text-only; throttling the latter might have no impact, yet might cripple user experience for the former. Furthermore, the technical characteristics of a “type” of application today may not be the same in the future, as the technologies evolve and add new functionality, so even treatment for a “type” that seems reasonable today may not be tomorrow. Other loopholes are possible as well. Network operators may discriminate against encrypted traffic if unable to determine the “type,” or may create unique “types” of traffic for certain preferred classes, even if there are no inherent distinctions – artificially separating their own preferred or partner traffic from their competitors in order to work around the rules. An amendment that reinforces equal treatment across data types would help close these loopholes.

Tightening the definition of “specialised services” to prevent discrimination. Specialised services – or “services other than Internet access services” – represent a complex and unresolved set of market practices, including very few current ones and many speculative future possibilities. While there is certainly potential for real value in these services, the criteria defining these services should be refined to prohibit discrimination that harms open Internet access services.

The European Parliament will have an opportunity to vote on amendments before considering the final text, so there’s still time to let them know about these valuable improvements. The final outcome of this process will set a strong standard for the open Internet in the European Union and beyond. It’s therefore more important than ever to ensure that the rules are clear, comprehensive and enforceable. Take action today – find out more about the amendments and contact members of the European Parliament at: https://savetheinternet.eu/.

Raegan MacDonald, Senior Policy Manager, EU Principal
Jochai Ben-Avie, Senior Global Policy Manager
Chris Riley, Head of Public Policy

Data retention in Deutschland

Tomorrow (Friday) the German legislature (the Bundestag) is set to vote on a mandatory data retention law that would require telecommunications and internet service providers to store the location data, SMS and call metadata, and IP addresses of everyone in Germany. Ordinarily, we can look to Germany to be a leader on privacy, which is why it’s so disappointing to see the German government advance legislation that places all users at risk.

While this legislation isn’t as bad as other data retention proposals we’ve seen (e.g., in France, the US, and Canada), to highlight the many dangers of mandatory data retention as a practice and express our opposition to this legislation, we sent a letter, signed by Denelle Dixon-Thayer, Mozilla’s Chief Business and Legal Officer, to every member of the Bundestag. You can read the letter here in English and here in German.

The Mozilla community has also been speaking out against this legislation. Working with local German partners Digitale Gesellschaft and netzpolitik.org we created a petition enabling German-speaking Mozillians to call on the Bundestag to reject this legislation. So far thousands of users have taken action! While it’s always inspiring to see users mobilizing to protect the open Web, this is particularly exciting for us as it is Mozilla’s first advocacy campaign in a language other than English, as well as the first outside of the United States. The Mozilla Policy Team was also in Berlin last week to speak to German lawmakers about this bill.

While it’s likely that this data retention law will pass the Bundestag, we’re confident that it will be struck down by German courts. Indeed, this wouldn’t be the first time that the German courts put a stop to data retention practices. In 2010, the German Federal Constitutional Court struck down Germany’s last data retention law, and in April of last year, the Court of Justice of the EU, the highest court in Europe, issued a sweeping condemnation of mandatory data retention and invalidated the Data Retention Directive (which required every EU country to enact a data retention mandate). This makes it all the more disappointing that the German government is pushing ahead with trying to bring data retention back from the dead, even as other countries across Europe have been repealing their old data retention laws.

We’ll continue to monitor the situation in Germany and to continue to oppose mandatory data retention laws elsewhere in the world. To take action on the law before the Bundestag, click here!

4 Days in NYC for the Open Web Fellows

The inaugural cohort of the Ford-Mozilla Open Web Fellows met in New York last week for only the second time face to face.  Working remotely from Lima, Washington DC, Boston and London, the 6 fellows meet weekly with Melissa Romaine from Mozilla’s San Francisco office, and with me from my home office in Victoria, British Columbia. This was an In Real Life™ meeting we were all looking forward to, if for nothing else than the important reminder that we aren’t squares on a video conference call – we are talented and complicated humans.

Mozilla NYC

The six fellows are placed within Internet Freedom organizations, working on a mixture of team and individual projects.

      • Paola Villarreal, American Civil Liberties Union, Massachusetts.
        Paola is working on Data for Justice, a data-driven advocacy tool that visualizes information critical for eliminating injustice in communities.
      • Tim Sammut, Amnesty International. Tim’s projects are:
        Secure Communications Framework: An approachable framework for human rights researchers that helps them understand how to communicate with contacts around the world safely in the context of varying threats and information sensitivity.
        Community Incident Response: Help human rights organizations in Amnesty’s worldwide network access technical assistance during active digital attacks.
      • Andrea Del Rio, Association for Progressive Communications
        Andrea is creating the web version of the Feminist Principles of The Internet, which aims to inspire people not only to imagine a Feminist Internet but actually build one that is fair, inclusive, empowering and safe for everyone.
      • Drew Wilson, Free Press
        Drew is embedded in Free Press’ Internet2016 campaign and is building tools that internet rights advocates can use to bootstrap their own activism projects.
      • Gem Barrett, Open Technology Institute
        Gem is a member of the MLab team at OTI, helping to build the largest collection of open Internet performance data on the planet.
      • Tennyson Holloway, Public Knowledge
        Tennyson is working on projects that inspire and educate future web advocates. “What can i do for the internet.org” is a website that represents a vision of a story based platform that educates, inspires, and assists users to join the open web movement. His other projects involve creating web games that explain tech policy Washington issues, such as copyright and patent trolls.

The Weather Report

Being the first cohort, the 2015 fellows have their fair share of challenges and opportunities.  The challenge: we’re living a plan that is being executed for the first time.  Almost everything needs to be answered by “I don’t know. Let me get back to you”.  On the plus side, this cohort will likely play the largest role in shaping the program and will have the highest degree of input on where we need to make adjustments.  This day was about navigating that tension and also identifying where we are starting to win.

IMG_7114

A random sample of substantive issues we discussed:

-How do we design a fellowship program that serves both established and emerging careers?

-What’s the right balance of individual projects and independent research within a fellowship year?

-How do we identify our mentors? Can these people be found for us, or is it in fact something we need to find time to do? (spoiler alert – that’s on us)

Some key takeaways for the Mozilla program team:

-The Mozilla network is a key asset. We need to present the “menu” of potential contacts and access to people that we can provide

-We need to find a way to bring the work of the fellows to Mozilla audiences

-We can assist fellows in finding mentors – those individuals that fellows can go to for advice and that have their best interests at heart

We ended the day with a Q & A with Mozilla’s Executive Director, Mark Surman.  Mark shared with the fellows his vision for leadership development at Mozilla, which he’s previously blogged about here.   He left with two invitations for the cohort – be demanding, and make sure Mozilla is doing all it can to advance your goals.  But also, be generous – give to each other and the program.

Mapping Collaboration

The 2015 cohort is impressive.  They’ve advised governments, settled refugees, built movements and shipped products.  One thing we needed to accomplish together was an identification of the believable ways that the cohort could collaborate together – from running workshops with one another to building a shared project, we spent time mapping this landscape and committing to some next steps. We were joined by Mozilla’s Internet Policy manager Jochai Ben-Avie,who will be working with the cohort during their fellowship year.

IMG_7113

Some things we committed to producing together

-5 Lightning Talks we’ll give within the cohort about skills we want to share or an issue we are passionate about

-A Mozilla Wiki page about the fellowship cohort – You can now refer to this page to stay up to date on the 2015 cohort.

-Collaborating with the larger Mozilla Advocacy team to help develop advocacy campaigns

-Net Posi, a podcast about activism started by the cohort – listen to the first episode below and subscribe here.

We headed to midtown for a meeting with Jenny Toomey, Lori McGlinchey and Michael Brennan from Ford’s Internet Rights program.  We were also joined by Joshua Cinelli, who manages Ford’s strategic communications. It was a great chance for us all to learn more about why Internet Rights has been a strategic focus for Ford, and how they see field building and talent development fitting into their strategy.  As Lori McGlinchey, the Internet Rights Program officer expressed – “we need civil society orgs to see technologists not as the cherry on top of a cake they already are having trouble paying for – technologists need to be thought of as essential to these teams”.  It was also a chance for Ford to internalize the diversity and talent of our cohort and the projects we’ve undertaken.  This was the first time that the fellows and Ford staff had met, and we all left with a heightened understanding of not only our role within the Internet Freedom ecosystem, but the opportunities for us to make an impact.

IMG_7140

From there we headed to Civic Hall for our closing event.  We hosted 30 activists and technologists for social change in a conversation designed to learn more about the projects of our cohort. We also met with several organizations hoping to place fellows within their organizations in 2016, and were fortunate to be able to dedicate some 1-1 time to these allies in the field.  We split into small groups where fellows lead discussions around their projects.

We finished the evening by braving the rainy ripple effects of Hurricane Joaquin to have a final meal together.  Exhausted but productive, the trains, planes and automobiles took us out of New York to reflect on, internalize, and act on what we’d learned.

A HUGE thank you to Misty Avila who joined us from Aspiration Technology to facilitate our days together.  We couldn’t have accomplished so much without her talent and spirit!

 

CalECPA nears the finish line, to potential global benefits

Earlier this year, we wrote about CalECPA (official name: SB 178), a bill in the state of California that would improve privacy protections for Internet users by requiring due process to ask for online communications data and metadata. This bill has been passed by the California legislature, and is now on its way to the Governor to be signed into law.

In some circumstances, we’d declare victory at this point. But other electronic privacy bills have advanced very far in the California political processes before, only to fail. So it’s not over yet. Fortunately, the scale of support for the legislation in this version is greater than it has ever been, both inside and outside government. We’re hopeful it can succeed this time.

It is important that it passes. California privacy law needs to catch up with other countries and other U.S. states (including Texas, Maine, and Utah). Federal law in the U.S. needs to follow suit. In too many areas, the United States is still applying privacy law written decades ago, long before smartphones were introduced, even before the ubiquity of personal computing devices at any scale. Old law doesn’t always equate to bad law. We rely on a fundamental document, the Constitution, that measures its age in the centuries, after all. In this case however, old privacy laws aren’t protecting Internet users adequately. Today’s old privacy laws weren’t written in a way that adapts well to evolving technology. CalECPA improves on this significantly.

Mozilla Manifesto principle #4 reads, “Individuals’ security and privacy on the Internet are fundamental and must not be treated as optional.” To us, this begins with our technologies. Our privacy principles emphasize limited data, transparency, and meaningful user control, informing and guiding how we engineer all of our products and services.

Legal safeguards, such as the changes proposed in CalECPA, are essential as a complement to good technical practices. Governments want access to the data that businesses collect, store, and use. But when there are no or insufficient protections on what information they can ask for, transparency, accountability, user control, and privacy all suffer.

We saw significant progress on surveillance reform earlier this year through the passage of USA FREEDOM – but we have a very, very long way to go. Adopting CalECPA into law would not only have tangible benefits for Internet users, with impact felt far beyond the state of California. It would also help sustain momentum and contribute to future victories on surveillance reform.

Host the Heroes of Tomorrow

Last year Ford Foundation and Mozilla came together to launch the Open Web Fellows Program, an international leadership initiative that brings together the best emerging technology talent and civil society organizations to advance and protect the open Web. This came at a critical point for the evolution and health of the Web, which Mark Surman, Executive Director of Mozilla Foundation, and Darren Walker, President of Ford Foundation wrote about here:

            “The Internet remains a contested space. Far too often, we see its core ethos – a                            medium where anyone can make anything and share it with anyone – undermined by                  forces that wish to make it less free and open. In a world in which the future health of                  the Internet is vital to democratic discourse and a free flow of ideas, we need a band of              dedicated individuals standing ready to protect it.”

As part of the NetGain initiative, the program provides an ecosystem for the next generation of open Web advocates to make an early impact while growing into the capable leaders we need as threats to digital freedom proliferate.

Looking towards 2016, we’ve opened the call for applications for host organizations (closing Sept. 12, 2015 Extended to Oct. 9, 2015).

Year Two will include 8-9 host organizations and Open Web Fellows who will work together to keep the Internet a global public resource by focusing on salient issues like privacy, access, and online rights.

Specifically, the goals of the Open Web Fellows program are:

  • Produce better technical understanding among civil society and government policy-making bodies
  • Increase public awareness and understanding of Internet policy issues
  • Provide talented individuals with the opportunities to create a healthier, more trustworthy Web
  • Provide civil society organizations with the capacity and capabilities to expand their work into new horizons
  • Contribute to building a community of public interest technologists

Host organizations are involved in the recruitment and selection process of the candidates. Other responsibilities include:

  • Collaboration: Host organizations will work with Mozilla to provide a learning environment through mentorship, networking, and conferences.
  • Fellowship Projects: Host organizations and their selected fellows will identify projects that build on the skills of the fellows. Host organizations and fellows will ensure that these projects do not entail any lobbying activities.

In turn, Mozilla will provide:

  • Thought Leadership: Mozilla will provide support and training throughout the fellowship, as the new leaders learn more about Internet policy and advocacy.
  • Program Management: Mozilla will manage the host organization and fellow selection processes, coordinate Mozilla-organized events for fellows, and disburse grant funding.
  • Mentorship: Mozilla staff will collaborate with fellows to transfer vital skills in open source, project management and professional development.

Each year, fellows spend 10 months embedded at leading advocacy organizations to lend their expertise to the field. They receive a stipend of $60,000, plus a number of supplemental benefits to help with relocation, housing, childcare, and equipment acquisition. We will also cover the cost of certain Mozilla-organized trips, but ask the host organizations to cover trips they deem required. Mozilla strives to make this a global program, and as such provides visa assistance where necessary.

To better understand the type of organizations with which the Open Web Fellows Program is looking to partner, please see our “Spotlight” series on our 2015 host organizations:

American Civil Liberties Union, Massachusetts
Amnesty International
Free Press
New America’s Open Technology Institute
Public Knowledge
[Note: Association for Progressive Communications is also a 2015 host organization, but were recruited at a later date.]

Apply now to become a 2016 Ford-Mozilla Open Web Fellows host organization.


FAQ:

Q: How should host organizations be”advancing the open Web”?
A: “Open Web” needn’t be specifically about net neutrality and access; open practices, research, privacy, surveillance, and promoting the web as a public resource all fit within the focus of the program.

Q: How technical are the fellows?
A: It depends on the needs of the host organization. Generally, they are quite technical (full-stack engineers), and some have specialities. To get a sense of they types of people this program attracts, meet our 2015 cohort of Open Web Fellows.

Q: How involved are host organizations in the selection process?
A: First pass is done by a core Mozilla team. The host organizations will then be given a list of about 100 candidates (depending on how many apply) from which they first choose who Mozilla should interview, and later who they want to interview. The final decision is made in negotiation with Mozilla and the host organization. Read more about the 2015 Fellows selection process.

Q: What if we don’t have a physical office space?
A: Fellows are generally encouraged to work in the office space of the host organization to better understand the culture of civil society organizations and the public sector. If an organization doesn’t have a physical space, arrangements for remote working can be made. However, this requires more oversight and involvement from the host organization.

Q: What sorts of projects do fellows work on?
A: Host organizations and fellows “ship” a tangible outcome over the course of the project. Initial projects range from content productions, campaign sites, mobile apps, mashups of open data sets, and tooling for activist organizations.

Apply now to become a 2016 Ford-Mozilla Open Web Fellows host organization.

Experts develop cybersecurity recommendations

Today, we’re excited to publish the output of our “Cybersecurity Delphi 1.0” research process, tapping into a panel of 32 cybersecurity experts from diverse and mutually reinforcing backgrounds.

Mozilla Cybersecurity Delphi 1.0

Securing our communications and our data is hard. Every month seems to bring new stories of mistakes and attacks resulting in our personal information being made available – bit by bit harming trust online, and making ordinary Internet users feel fear. Yet, cybersecurity public policy often seems stuck in yesterday’s solution space, focused exclusively on well known terrain, around issues such as information sharing, encryption, and critical infrastructure protection. These “elephants” of cybersecurity policy are significant issues – but too much focus on them eclipses other solutions that would allow us to secure the Internet for the future.

So, working with Camille François & DHM Research we’ve spent the past year engaging the panel of cybersecurity experts through a tailored research process to try to extract public policy ideas and see what consensus can be found around them. We weren’t aiming for full consensus (an impossible task within the security community!). Our goal was to foment ideation and exchange, to develop a user-focused and holistic cybersecurity policy agenda.

Mozilla Cybersecurity Delphi Process

Our experts collectively generated 36 distinct policy suggestions for government action in cybersecurity. We then asked them to identify and rank their top choices of policy options by both feasibility and desirability. The result validated the importance of the “cyberelephants.” Privacy-respecting information sharing policies, effective critical infrastructure protection, and widespread availability and understanding of secure encryption programs are all important goals to pursue: they ranked high on desirability, but were generally viewed as hard to achieve.

More important are the ideas that emerged that aren’t on the radar screens of policymakers today. First and foremost was a proposal that stood out above the others as both highly desirable and highly feasible: increased funding to maintain the security of free and open source software. Although not high on many security policy agendas, the issue deserves attention. After all, 2014’s major security incidents around Poodle, Heartbleed, and Shellshock all centered on vulnerabilities in open source software. Moreover, open source software libraries are built into countless noncommercial and commercial products.

Many other good proposals and priorities surfaced through the process, including: developing and deploying alternative authentication mechanisms other than passwords; improving the integrity of public key infrastructure; and making secure communications tools easier to use. Another unexpected policy priority area highlighted by all segments of our expert panel as highly feasible and desirable was norm development, including norms concerning governments’ and corporations’ behavior in cyberspace, guided by human rights and communicated with maximum clarity in national and international contexts.

This report is not meant to be a comprehensive analysis of all cybersecurity public policy issues. Rather, it’s meant as a first, significant step towards a broader, collaborative policy conversation around the real security problems facing Internet users today.

At Mozilla, we will build on the ideas that emerged from this process, and hope to work with policymakers and others to develop a holistic, effective, user-centric cybersecurity public policy agenda going forward.

This research was made possible by a generous grant from the John D. and Catherine T. MacArthur Foundation.

Mozilla Cybersecurity Delphi 1.0

Chris Riley
Jochai Ben-Avie
Camille François