Mozilla stands up for public participation and openness in Trans-Pacific Partnership

The Trans-Pacific Partnership (TPP), like many modern trade deals, encompasses complex aspects of Internet policy, yet the voice of the Internet community is excluded from the nearly decade long negotiations. As a result, the balance shifts away from users and the public interest. It is our belief that effective global Internet policy and governance decisions can’t be made without openness and that the TPP’s processes fail in this regard.

The lack of open processes and public discussion is a primary concern for us because:

  • Global Internet policy issues, including copyright and free expression, are complex and impact the core of openness online in ways that can’t be solved in isolation;
  • Openness is core to both the Internet (including Internet governance) and Mozilla’s mission and values; and
  • When Internet policy decisions and processes lack openness, lack of participation means that user interests are often undervalued and underserved.

We have seen this same thing happen in the past. In January 2012, PIPA/SOPA attempted to create intellectual property policy without public input. At the end of the same year, the World Conference on International Telecommunications (WCIT) attempted to build Internet governance processes without a public role. In both cases, public pressure prevailed and defeated these threats to openness and public benefit. Our concern is that when these same threats come cloaked within trade deals, they may not be visible as threats until the damage has already been done.

In the final draft of the TPP, we see copyright losing ground with the balance tipping away from users and the public interest and towards businesses built on IP maximization. Provisions are strong where the rights of some major institutions and traditional business models are at stake, such as implementing software patent frameworks, expanding copyright terms (with retroactive effect), and establishing minimum damages for copyright infringement. Yet, the provisions that have been added to support the rights of the public are softer, including those related to public domain and limitations and exceptions to copyright.

End of January 2016, the Electronic Frontier Foundation (EFF) organized a strategy meeting on creating reform of trade negotiation processes — a two day summit held in Brussels. Over 30 diverse organizations – including Mozilla – came together to collectively discuss strategy and tactics on how to improve transparency in the negotiation processes for current and future trade deals. The result was a declaration being released today, which Mozilla has signed.

While we recognize there may be compelling reasons for sensitivity in some of the negotiations of the TPP and other trade agreements, our view is that these processes are not appropriate to resolve global Internet policy challenges. The future of Internet policy and governance issues must be determined through open and transparent processes that allow all voices to be heard and all rights to be fairly weighed. We look forward to working alongside other stakeholders to collectively forge needed reform of trade deals like the TPP.

Announcing the 2016 Open Web Fellows Program Host Organizations

Last year was a big year for the open Web: net neutrality became a mainstream phrase in the United States, data retention and surveillance were hotly contested at government levels in the European Union, and India’s government suspended operations of Free Basic’s zero-rating practices despite Mark Zuckerberg’s insistence that he was working in the interest of the poor. Much of this was done in collaboration with organizations that share the mission to protect the open Web as a global public resource. It’s partnerships and knowledge sharing initiatives that support these movements.

Once such initiative is the Ford-Mozilla Open Web Fellows program, an international leadership program that brings together technology talent and civil society organizations to advance and protect the open Web. The Fellows embedded at these organizations will work on salient issues like privacy, access, and online rights. And this Fellowship program offers unique opportunities to learn, innovate, and gain credentials in a supportive environment while working to protect the open Web.

We are proud to announce our second cohort of host organizations, who are looking for 8 talented individuals to advise, build, and learn during their 10-month fellowships.

Apply now to become a Ford-Mozilla Open Web Fellow!
Deadline for applications: 11:59pm PST March 20, 2016

Centre for Intellectual Property and Information Technology Law (CIPIT)
CIPIT is an evidence-based research and trainingcenter based at Strathmore Law School in Nairobi, Kenya. Working with communities in extreme stances of censorship, their mission is to study and share knowledge on the development of cyberspace, and conduct research from a multidisciplinary approach. In 2016 CIPIT will be focusing on Internet Freedom in Eastern Africa, intellectual property in African development, and network measurements in election monitoring.

CIPIT is looking for an inquisitive, focused Fellow with tech expertise who can consult on a policy-oriented research process. This Fellow could help shape the next generation of Internet laws in Africa, and see the real-life needs of the tools and code they generate. For example, the Fellow could develop user-focused tools that help real-life events – like the Ugandan election. Learn more here.

Citizen Lab
Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs, University of Toronto that focuses on advanced research and development at the intersection of ICTs, human rights, and global security. They provide impartial,evidence-based, peer-reviewed research on information controls to help advocacy and policy engagement on an open and secure Internet, and help secure civil society organizations from targeted attacks.

Citizen Lab is looking for a Fellow who is motivated to apply their technical skills to questions concerning technology and human rights, and brings excellent communications and technical skills. The Fellow could develop new tools to measure Internet filtering and network interference, investigate malware attacks or the privacy and security of apps and social media, and empower citizens by developing platform for corporate and public transparency. Learn more here.

ColorOfChange is a leading civil rights organization that works to strengthen the voice of Black America and create positive change around political and social issues that affect the Black community. ColorOfChange supports net neutrality and the reclassification of broadband as a public utility, and works to give their members a voice — hugely consequential, as Black and brown Americans are least able to afford the paybooths and obstacles that come with a closed Internet.

ColorOfChange is looking for a Fellow who is passionate about ensuring the US national conversation around net neutrality includes arguments in favor of net neutrality from a civil rights perspective. This Fellow would have the opportunity to pioneer tools for rapid-response campaigning that could be replicated and used by millions, find a compelling approach for users to engage with data that is integrated in the presentation itself, leverage mobile (and wearables??) for activism. Learn more here.

Data & Society
Data & Society is a research institute that is committed to identifying issues at the intersection of technology and society. They focus on social, cultural, and ethical issues arising from data-centric technological development. In 2016, they will focus on identifying major emergent issues stemming from new data-driven technologies, develop tools to help people better understand issues, and build a diverse network of researchers and practitioners.

Data & Society is looking for a Fellow who is deeply versed in technical conversations, and understands that new massive technologies are creating disruption. This Fellow would work with people from other fields to raise the technical capacity of others in the network, and engage technical communities core to Data & Society’s mission. Learn more here.

Derechos Digitales
Derechos Digitales is an organization that promotes human rights in digital environments. Their work focuses on the nuanced realities of Latin American countries, and bring these perspectives to discussions around issues like cybersecurity and corporate transparency. They work to shape policy-making on issues such as mass surveillance, digital threats to activists, and legislative work on Internet governance. In 2016 they will focus on privacy, freedom of expression and access to knowledge.

Derechos Digitales is looking for a Fellow with tech expertise who is passionate about working at the intersection of human rights and tech policy in the global south. The Fellow could provide technical advise on the tools and resources needed in these contexts, and develop tech policy documents that can bridge the human rights and tech communities. Derechos Digitales is looking for a Spanish-speaking Fellow who would be comfortable supporting capacity building sessions with local civil society organizations. Learn more here.

European Digital Rights (EDRi)
EDRi is an association of 33 civil rights organizations from across Europe, and works to promote, protect and uphold civil and human rights in the digital environment in the European Union. Their four key priorities for 2016 are data protection and privacy, mass surveillance, copyright reform and net neutrality. EDRi supports Europe’s data protection reform and campaigned against EU state surveillance proposals. The current onslaught of “counter-terrorism” proposals after recent attacks sees European governments adopting new laws with little consideration of effectiveness, proportionality, or whether privacy is being sacrificed.

EDRi is looking for a Fellow who is passionate about raising awareness about EU digital rights, and can use their technical expertise to help educate the general public, tech-policy community, and policy-makers. For example, the Fellow could explain existing data collection practices and newly gained online rights to users via an app or other tool, depending on the Fellow’s talents and preferences. The Fellow could provide technical assistance to help policy-makers and regulators understand the tools used by online companies for tracking and monitoring. Learn more here.

Freedom of the Press Foundation
Freedom of the Press Foundation is a non-profit organization that supports and defends journalism dedicated to transparency and accountability. They believe one of the most critical press freedom issues of the 21st Century is digital security, and work to ensure journalists can use technology to do their jobs safely and without the constant fear of surveillance.

Freedom of the Press Foundation is looking for a Fellow with strong technical abilities and is interested in helping journalists work safely and communicate securely.  The Fellow would apply their skills to build and support tools like SecureDrop with Freedom of the Press Foundation’s talented staff of technologists and engineers that help journalists communicate securely with sources and whistleblowers. Learn more here.

Privacy International
Privacy International focuses on privacy issues around the world. They advocate for strong privacy protection laws, investigate government surveillance, conduct research to enact policy change, and raise awareness amongst the public about technologies that place privacy at risk. In 2016 Privacy International is working partnering with organizations in the global south to identify privacy challenges, and more work on data exploitation.

Privacy International is looking for a Fellow who’s eager to learn and find new challenges. The Fellow would use their strong technical skills to translate technology to policy-makers, and help others around the world do the same. The Fellow would work with Privacy International’s Tech Team to analyze surveillance documentation and data, identify and analyze new technologies, and help develop briefings and educational programming with a technical understanding. Learn more here.

Apply now to become a Ford-Mozilla Open Web Fellow!
Deadline for applications: 11:59pm PST March 20, 2016

Introducing Lean Data Practices

At Mozilla, we believe that users trust products more when companies build in transparency and user control. Earned trust can drive a virtuous cycle of adoption, while conversely, mistrust created by even just a few companies can drive a negative cycle that can damage a whole ecosystem.

Today on International Data Privacy Day, we are happy to announce a new initiative aimed at assisting companies and projects of all sizes to earn trust by staying lean and being smart about collecting and using data.

We call these Lean Data Practices.


Lean Data Practices in action

Lean Data Practices are not principles, nor are they a way to address legal compliance— rather, they are a framework to help companies think about the decisions they make about data. They do not prescribe a particular outcome and can help even the smallest companies to begin building user trust by fostering transparency and user control.

We have designed Lean Data Practices to be simple and direct:

  1. stay lean by focusing on data you need,
  2. build in security appropriate to the data you have and
  3. engage your users to help them understand how you use their data.

We have even created a toolkit to make it easy to implement them.

We use these practices as a starting point for our own decisions about data at Mozilla. We believe that as more companies and projects use Lean Data Practices, the better they will become at earning trust and, ultimately, the more trusted we will all become as an industry.

Please check them out and help us spread the word!

Addressing the Chilling Effect of Patent Damages

Last year, we unveiled the Mozilla Open Software Patent License as part of our Initiative to help limit the negative impacts that patents have on open source software. While those were an important first step for us, we continue to do more. This past Wednesday, Mozilla joined several other tech and software companies in filing an amicus brief with the Supreme Court of the United States in the Halo and Stryker cases.

In the brief, we urge the Court to limit the availability of treble damages. Treble damages are significant because they greatly increase the amount of money owed if a defendant is found to “willfully infringe” a patent. As a result, many open source projects and technology companies will refuse to look into or engage in discussions about patents, in order to avoid even a remote possibility of willful infringement. This makes it very hard to address the chilling effects that patents can have on open source software development, open innovation, and collaborative efforts.

We hope that our brief will help the Court see how this legal standard has affected technology companies and persuade the Court to limit treble damages.

Prioritizing privacy: Good for business

This was originally posted at in advance of Data Privacy Day.

Data Privacy Day – which arrives in just a week – is a day designed to raise awareness and promote best practices for privacy and data protection. It is a day that looks to the future and recognizes that we can and should do better as an industry. It reminds us that we need to focus on the importance of having the trust of our users.

We seek to build trust so we can collectively create the Web our users want – the Web we all want.

That Web is based on relationships, the same way that the offline world is. When I log in to a social media account, schedule a grocery delivery online or browse the news, I’m relying on those services to respect my data. While companies are innovating their products and services, they need to be innovating on user trust as well, which means designing to address privacy concerns – and making smart choices (early!) about how to manage data.

recent survey by Pew highlights the thought that each user puts into their choices – and the contextual considerations in various scenarios. They concluded that many participants were annoyed and uncertain by how their information was used, and they are choosing not to interact with those services that they don’t trust. This is a clear call to businesses to foster more trust with their users, which starts by making sure that there are people empowered within your company to ask the right questions: what do your users expect? What data do you need to collect? How can you communicate about that data collection? How should you protect their data? Is holding on to data a risk, or should you delete it?

It’s crucial that users are a part of this process – consumers’ data is needed to offer cool, new experiences and a user needs to trust you in order to choose to give you their data. Pro-user innovation can’t happen in a vacuum – the system as it stands today isn’t doing a good job of aligning user interests with business incentives. Good user decisions can be good business decisions, but only if we create thoughtful user-centric products in a way that closes the feedback loop so that positive user experiences are rewarded with better business outcomes.

Not prioritizing privacy in product decisions will impact the bottom line. From the many data breaches over the last few years to increasing evidence of eroding trust in online services, data practices are proving to be the dark horse in the online economy. When a company loses user trust, whether on privacy or anything else, it loses customers and the potential for growth.

Privacy means different things to different people but what’s clear is that people make decisions about the products and services that they use based on how those companies choose to treat their users. Over this time, the Internet ecosystem has evolved, as has its relationship with users – and some aspects of this evolution threaten the trust that lies at the heart of that relationship. Treating a user as a target – whether for an ad, purchase, or service – undermines the trust and relationship that a business may have with a consumer.

The solution is not to abandon the massive value that robust data can bring to users, but rather, to collect and use data leanly, productively and transparently. At Mozilla, we have created a strong set of internal data practices to ensure that data decisions align with our privacy principles. As an industry, we need to keep users at the center of the product vision rather than viewing them as targets of the product – it’s the only way to stay true to consumers and deliver the best, most trusted experiences possible.

Want to hear more about how businesses can build relationships with their users by focusing on trust and privacy? We’re holding events in Washington, D.C., and San Francisco with some of our partners to talk about it. Please join us!

U.S. net neutrality is in the hands of the D.C. Circuit (again)

Today a United States appellate court in Washington, D.C. [heard] oral arguments over a lawsuit challenging the Federal Communications Commission’s (FCC) recent net neutrality order. We filed a joint amicus brief with CCIA supporting the order. The Internet needs a foundation of clear rules and authority to protect users and innovators from harmful blocking and throttling practices. If, on the other hand, the order is struck down, the U.S. Internet community will be back at square one, with little opportunity to engage with the evolving practices we are seeing today.

Twice before, this court (though with some different judges) has struck down FCC action on net neutrality; but both times, the principal reason was the source of authority supporting the action. In the current order under review, the FCC took the path supported by Mozilla, other organizations in civil society and the tech industry, and 4 million Americans, using its so-called “Title II” statutory powers to support the rules it adopted.

We engaged extensively in the FCC proceeding in support of Title II authority and of meaningful protections for the open Internet, including strong rules against blocking and discrimination of content, for both fixed and mobile Internet access services. We filed a written petition to the FCC, along with initial comments and reply comments. We followed that up by mobilizing our community, organizing global teach-ins on net neutrality. We also joined a major day of action and co-authored a letter to the President. And we’ve gone beyond the U.S. in our support of net neutrality, engaging in the European Union, Peru, and India.

The core argument in our amicus brief reflects our consistent support for net neutrality. Upholding the FCC’s order would preserve the status quo, reinforcing assumptions long held by end users and validating the policy balance and history associated with the concept of communications services. Striking the order, on the other hand, would unbalance the historical level playing field and undermine the pro-innovation and pro-competition framework that the open Internet provides, and which has led to tremendous socioeconomic benefits in the short time of its existence.

We hope the Court will uphold the Open Internet order as a foundation of protections for users, competition, and innovation, and we look forward to working with the FCC to address new opportunities and challenges for the Web as they arise.

UK IP Bill is a threat to privacy, security, and trust online

The British Government has proposed legislation that would expand the surveillance capabilities of law enforcement and intelligence agencies. The draft omnibus Investigatory Powers Bill purports to modernise and update surveillance law to create a regime that is “fit for the digital age.” But as written, the law would undermine the technological and legal design framework that protects the continued vitality of the Open Internet. It represents a serious threat to open source software, online commerce, and user privacy, security, and trust.

The draft IP bill proposes a broad and dangerous set of surveillance mandates and authorities that threaten privacy and security online. Keeping Internet users safe does not have to cost them their privacy, nor the integrity of communications infrastructure.

As a registered UK company, and as a global community whose mission is to promote openness, innovation, and opportunity on the Web, we shared our concerns with the UK government by submitting commentary to the Science & Technology Committee of the House of Commons on November 27.

Our submission identified 5 serious, non-exhaustive concerns we wish to highlight in the bill:

  • Weakening security: Requirements to undermine encryption that pose a severe threat to trust online and to the effectiveness of the Internet as an engine for our economy and society;
  • Tampering with devices: Bulk equipment interference authorities that could be used to violate the integrity of our products and harm our relationship with our users;
  • Secrecy: Limitations on disclosure that impact our open philosophy and in practice are unworkable for an open source company;
  • Legalising mass surveillance: Bulk interception capabilities that would compromise the privacy of communications; and
  • Data retention: data retention mandates that create unnecessary risk for businesses and users.

Find Mozilla’s full submission to the Science & Technology Committee here.

So what’s the alternative?

Government collection and retention of user data impact trust and openness online. This makes it critical to have a clear and public understanding of the means and limits of surveillance activities – a set of surveillance rules of the road.

The following three principles, derived from the Mozilla Manifesto, attempt to identify those means and limits. They offer a “Mozilla way of thinking” about the complex landscape of government surveillance and law enforcement access. We do not propose a comprehensive list of good or bad government practices, but rather describe the kinds of activities in this space that would protect the underpinnings and integrity of the Web.

  • User Security: Mozilla Manifesto Principle #4 states “Individuals’ security and privacy on the Internet are fundamental and must not be treated as optional.” Governments should act to bolster user security, not to weaken it. Strong and reliable encryption is a key tool in improving user security. Security and privacy go hand-in-hand; you cannot have one without the other.
  • Minimal Impact: Mozilla Manifesto Principle #2 states that the Internet is a global public resource. Government surveillance decisions should take into account global implications for trust and security online by focusing activities on those with minimal impact.
  • Transparency and Accountability: Mozilla Manifesto Principle #8 calls for transparent community-based accountability as the basis for user trust. Because surveillance activities generally are (and inherently must be, to some degree) conducted in secret, independent oversight bodies must be effectively empowered and must communicate with and on behalf of the public to ensure democratic accountability.

Next Steps

Comprehensive reform of this bill will be necessary in order to protect online commerce and the security and privacy of users. Mozilla will continue to follow the process closely, including submitting additional evidence to the Committees in charge of scrutinising the bill.

Currently, the Joint Committee on Human Rights is accepting submissions from stakeholders until 7 December. The main committee to analyse the bill – the Joint Committee on the Investigatory Powers Bill – has also recently announced that it will receive written evidence until 21 December. The committee will then report its findings by 11 February 2016.

As a global community of developers and engineers, Mozilla prides itself on providing secure and open products and services to our users. In our view, the draft Investigatory Powers bill is a missed opportunity to set a strong global standard in reforming surveillance powers, and a harmful step backward for the interests of Internet users and the Internet economy.

At this critical time, it is important that the UK government set a strong standard anchored in the values of privacy and security. We strongly advise the committees to carefully weigh the intended objectives with the consequences for the continued success of UK businesses and the security of users.

Now is the time to contact your representatives in the Committees and make your voice heard. You can learn more and take action through a campaign platform launched by a civil society coalition of UK and international organisations,

Creating opportunities for Open Innovation through Patents

In April, I wrote about the challenges the patent system presents to open source software development. I believed then that Mozilla needed to do more by leveraging our mission and position as an innovator. Today, I’m excited to announce the Mozilla Open Software Patent Initiative and Mozilla Open Software Patent License (“MOSPL”). This is our proposal for a first step towards improving the impact of patents on open source software development.

The MOSPL was born from a need to find practical solutions to the challenges to creating openness in the software space. Since its beginning, Mozilla has been bringing together software companies to encourage development and adoption of new, open, and royalty-free technological standards (such as the Opus audio codec and the next generation Daala video codec). We found that, without related patents of our own, it was extremely difficult to persuade companies (particularly large ones) to openly license their patents or adopt standards based on our developed technology. We ran into this problem repeatedly, especially in spaces that are more commonly patented. Obtaining a patent not only gave us leverage in these discussions, it also presented another benefit for open innovation by helping ensure that this work would not be overlooked by the patent office’s prior art searches (which typically might not include open source projects). Over time, this may even reduce the number of abstract, vague, and overbroad patents and the problems that arise from them.

However, once we obtained patents and licensed them openly for our standards work, we ran into another problem: because patents are a right to exclude, owning a patent means that others, from large companies to hackers, cannot use the technology embodied in the patent without a license from the owner. This is not a small problem for Mozilla – the whole point of creating open technology is to encourage use. How would we encourage open use of the ideas embodied within the patents that were outside of the standard? We realized that what we needed was a way to balance the benefit we received from patents with the negative effects of the right to exclude that they created.

As we struggled with this dilemma, we realized we weren’t alone. From Tesla, to Google, to individual developers, many patents are owned for purposes that aren’t at odds with innovation, such as preventing trolls from halting future development and preventing other aggressive incumbents abusing their patent portfolios to stifle competition. However, these owners also realized the broad right to exclude creates challenges for others whom they wanted to encourage to adopt or innovate upon their work. This led to many interesting solutions, from patent pledges, to statements of intent, and implied licenses.

The MOSPL v1 is Mozilla’s proposal to address this challenging issue. It grants everyone the right to use the innovations embodied in our patents in exchange for a guarantee that they won’t offensively accuse others’ software of infringing their own patents and that they will license their own patents out under royalty-free terms to all open source software projects. It represents our effort to address the harm caused by patents when applied to open source software. We are actively seeking feedback on it, so please help us by giving us your thoughts in the governance group.

We’d love to see more companies approach licensing their patents to maximize openness in a way that makes sense for them. If you’ve made the decision as a company or individual to consider open licensing for your patents, we’ve created an Open Patent Licensing Guide to help you understand some of the parameters we encountered through the process. We look forward to seeing more innovation in the open patent licensing space and are excited that even large companies are taking steps to help open innovation thrive, recognizing the importance that openness plays in creating the next generation of technology.

Vulnerability disclosure should come next for Congress on cybersecurity

This week, the U.S. Senate passed the Cybersecurity Information Sharing Act (CISA), a bill intended to promote the sharing of cybersecurity threat information. Mozilla joined the major tech companies and civil society groups in opposing this bill with concerns that it would undermine user trust, privacy, and security. Unnecessary and harmful sharing of private user information could be a real consequence of this bill.

But CISA is not law yet; CISA must be reconciled with the two cybersecurity bills that the U.S. House passed earlier this year, and both chambers will then need to pass the reconciled version. Unfortunately, it’s hard to see how any marginal improvements during these negotiations will be enough to fix its flaws.

If CISA follows this path and becomes U.S. law, it might be tempting for Members of Congress to feel like that they can “check the box” of cybersecurity and move on to the next hot topic. However, CISA and its counterparts will do little to stop exploits like the Target hack, the OPM breach, or the Heartbleed vulnerability.

If Congress wants to make meaningful progress toward improved cybersecurity, it should move now to ensuring that the government is disclosing critical vulnerabilities in computer networks and systems. Responsible disclosure of vulnerabilities would build on any information sharing legislation in a way that could gain widespread support.

CISA is far from the only mechanism for the private sector to share cybersecurity threat information with the government, and by itself is unlikely to result in meaningful improvements in cybersecurity. But information sharing through CISA will likely lead the government to acquire knowledge of critical vulnerabilities in computer networks and systems, and the government’s expeditious disclosure of those vulnerabilities with the relevant vendor(s), in contrast, would be highly valuable. Information sharing was never supposed to be a one-way street. Yet, there is currently no presumption in law that the U.S. government should disclose vulnerabilities. This makes CISA’s provisions requiring information shared with the Department of Homeland Security to be automatically shared with the NSA, DOD, and others in the intelligence community even more concerning.

While the Obama Administration has claimed that it discloses the vast majority of vulnerabilities, we know from recent FOIA documentation that the government currently lets the NSA lead the disclosure determination process, a discussion dominated by the intelligence community with inadequate participation from critical federal agencies like the Departments of Homeland Security or Commerce, and lacks accountability and transparency.

Indeed, the President’s own Review Group on Intelligence and Communications Technologies, which had security clearances and access to classified documents, found that there needed to be a significantly more robust and accountable process around vulnerability disclosure (see Recommendation #30). Implicit in this recommendation is the idea that the presumption should be that all vulnerabilities should be disclosed to the relevant vendor(s) so that they can be patched, and then in due course disclosed to the public. However, there may be times when delay in disclosure may prove so valuable to an ongoing intelligence operation, for example, that such a delay is merited.

Delays in disclosure should be few and far between, and the determination to delay disclosure must involve all of the relevant stakeholders in the government and be guided by a more detailed set of criteria than those Michael Daniel, the White House Cybersecurity Coordinator, laid out last year in a blog post about the Heartbleed vulnerability (although those are a good start).

Members of Congress should not think that their work on cybersecurity is done. With the passage of these information sharing bills, now more than ever, Congress should turns its attention to government vulnerability disclosure in order to meaningfully improve cybersecurity.

Net neutrality amendments and final vote in the EU


Today, a bitter-sweet victory for net neutrality in Europe: the European Parliament voted on the Telecoms Single Market Regulation (TSM), which will bring some protections for the open internet in Europe. Regrettably, the European Parliament voted against amendments that would have brought clarity and strength to the proposed rules.

As voted, the proposal generally bans discrimination, but falls short in a few areas, including tightening the definition of “specialised services,” disallowing the discrimination of different types of traffic (see more in our analysis below).

The rules will enter into force as soon as the legislation is published in the Official Diary (which could be as early as November, though not yet confirmed).

But it’s not over yet. BEREC, the association of telecoms regulators in Europe, will devise guidelines during a 9 month consultation period that could clarify the interpretation of the rules. We hope that BEREC finishes what the EU institutions started and enacts real net neutrality in the European Union.


We’re days away from the vote for adoption of the Telecoms Single Market (TSM), a proposed EU Regulation that would enshrine net neutrality across the continent. The TSM contains rules which would specify the equal treatment of traffic and ban blocking, throttling, and the establishment of fast lanes, although a handful of key amendments are still needed to bring clarity and strength to the proposed rules. There’s still time to take action – find out more about possible amendments and contact members of the European Parliament through a campaign platform launched by European civil society at:

Net neutrality is central to the Mozilla mission and to the openness of the Internet. As a global community of technologists, thinkers, and makers, we want to build an Internet that is open and enables creativity and collaboration. This is why we have taken a strong stance in favour of real net neutrality around the world. Net neutrality preserves the disruptive and collaborative nature of the Internet, and benefits competition, innovation, and creativity online.

The TSM was proposed in September 2013, and originally contained a number of semi-related issues, from consumer rights, spectrum management, and roaming, to net neutrality. Over the course of negotiations, the text was cut down to contain a reform of roaming charges and net neutrality rules. Since March, the TSM has been in the final stages of negotiation called the “trialogue,” where the three EU institutions (European Parliament, Commission, and the Council) agree on a common approach. The Parliament will get the final say in the Plenary vote in Strasbourg next Tuesday (27 October).

The current text of the TSM would bring a much needed improvement in the EU for protections against blocking, throttling, and prioritisation of online traffic. Still, there are areas where the text needs to be clarified and strengthened, and we hope these changes can be made over the next few days. Here are two we believe to be of critical importance:

Prohibiting the discrimination of different types of traffic. The current text allows ISPs opportunities to prioritize or throttle some “types of traffic” without violating net neutrality. Such type-based discrimination permits ISPs to slow down or speed up entire types of traffic, resulting in severe harm to net neutrality. For example, an application considered to be “chat” type might include video capabilities, or might be text-only; throttling the latter might have no impact, yet might cripple user experience for the former. Furthermore, the technical characteristics of a “type” of application today may not be the same in the future, as the technologies evolve and add new functionality, so even treatment for a “type” that seems reasonable today may not be tomorrow. Other loopholes are possible as well. Network operators may discriminate against encrypted traffic if unable to determine the “type,” or may create unique “types” of traffic for certain preferred classes, even if there are no inherent distinctions – artificially separating their own preferred or partner traffic from their competitors in order to work around the rules. An amendment that reinforces equal treatment across data types would help close these loopholes.

Tightening the definition of “specialised services” to prevent discrimination. Specialised services – or “services other than Internet access services” – represent a complex and unresolved set of market practices, including very few current ones and many speculative future possibilities. While there is certainly potential for real value in these services, the criteria defining these services should be refined to prohibit discrimination that harms open Internet access services.

The European Parliament will have an opportunity to vote on amendments before considering the final text, so there’s still time to let them know about these valuable improvements. The final outcome of this process will set a strong standard for the open Internet in the European Union and beyond. It’s therefore more important than ever to ensure that the rules are clear, comprehensive and enforceable. Take action today – find out more about the amendments and contact members of the European Parliament at:

Raegan MacDonald, Senior Policy Manager, EU Principal
Jochai Ben-Avie, Senior Global Policy Manager
Chris Riley, Head of Public Policy