Creating opportunities for Open Innovation through Patents

Denelle Dixon-Thayer


In April, I wrote about the challenges the patent system presents to open source software development. I believed then that Mozilla needed to do more by leveraging our mission and position as an innovator. Today, I’m excited to announce the Mozilla Open Software Patent Initiative and Mozilla Open Software Patent License (“MOSPL”). This is our proposal for a first step towards improving the impact of patents on open source software development.

The MOSPL was born from a need to find practical solutions to the challenges to creating openness in the software space. Since its beginning, Mozilla has been bringing together software companies to encourage development and adoption of new, open, and royalty-free technological standards (such as the Opus audio codec and the next generation Daala video codec). We found that, without related patents of our own, it was extremely difficult to persuade companies (particularly large ones) to openly license their patents or adopt standards based on our developed technology. We ran into this problem repeatedly, especially in spaces that are more commonly patented. Obtaining a patent not only gave us leverage in these discussions, it also presented another benefit for open innovation by helping ensure that this work would not be overlooked by the patent office’s prior art searches (which typically might not include open source projects). Over time, this may even reduce the number of abstract, vague, and overbroad patents and the problems that arise from them.

However, once we obtained patents and licensed them openly for our standards work, we ran into another problem: because patents are a right to exclude, owning a patent means that others, from large companies to hackers, cannot use the technology embodied in the patent without a license from the owner. This is not a small problem for Mozilla – the whole point of creating open technology is to encourage use. How would we encourage open use of the ideas embodied within the patents that were outside of the standard? We realized that what we needed was a way to balance the benefit we received from patents with the negative effects of the right to exclude that they created.

As we struggled with this dilemma, we realized we weren’t alone. From Tesla, to Google, to individual developers, many patents are owned for purposes that aren’t at odds with innovation, such as preventing trolls from halting future development and preventing other aggressive incumbents abusing their patent portfolios to stifle competition. However, these owners also realized the broad right to exclude creates challenges for others whom they wanted to encourage to adopt or innovate upon their work. This led to many interesting solutions, from patent pledges, to statements of intent, and implied licenses.

The MOSPL v1 is Mozilla’s proposal to address this challenging issue. It grants everyone the right to use the innovations embodied in our patents in exchange for a guarantee that they won’t offensively accuse others’ software of infringing their own patents and that they will license their own patents out under royalty-free terms to all open source software projects. It represents our effort to address the harm caused by patents when applied to open source software. We are actively seeking feedback on it, so please help us by giving us your thoughts in the governance group.

We’d love to see more companies approach licensing their patents to maximize openness in a way that makes sense for them. If you’ve made the decision as a company or individual to consider open licensing for your patents, we’ve created an Open Patent Licensing Guide to help you understand some of the parameters we encountered through the process. We look forward to seeing more innovation in the open patent licensing space and are excited that even large companies are taking steps to help open innovation thrive, recognizing the importance that openness plays in creating the next generation of technology.

Vulnerability disclosure should come next for Congress on cybersecurity

Jochai Ben-Avie

This week, the U.S. Senate passed the Cybersecurity Information Sharing Act (CISA), a bill intended to promote the sharing of cybersecurity threat information. Mozilla joined the major tech companies and civil society groups in opposing this bill with concerns that it would undermine user trust, privacy, and security. Unnecessary and harmful sharing of private user information could be a real consequence of this bill.

But CISA is not law yet; CISA must be reconciled with the two cybersecurity bills that the U.S. House passed earlier this year, and both chambers will then need to pass the reconciled version. Unfortunately, it’s hard to see how any marginal improvements during these negotiations will be enough to fix its flaws.

If CISA follows this path and becomes U.S. law, it might be tempting for Members of Congress to feel like that they can “check the box” of cybersecurity and move on to the next hot topic. However, CISA and its counterparts will do little to stop exploits like the Target hack, the OPM breach, or the Heartbleed vulnerability.

If Congress wants to make meaningful progress toward improved cybersecurity, it should move now to ensuring that the government is disclosing critical vulnerabilities in computer networks and systems. Responsible disclosure of vulnerabilities would build on any information sharing legislation in a way that could gain widespread support.

CISA is far from the only mechanism for the private sector to share cybersecurity threat information with the government, and by itself is unlikely to result in meaningful improvements in cybersecurity. But information sharing through CISA will likely lead the government to acquire knowledge of critical vulnerabilities in computer networks and systems, and the government’s expeditious disclosure of those vulnerabilities with the relevant vendor(s), in contrast, would be highly valuable. Information sharing was never supposed to be a one-way street. Yet, there is currently no presumption in law that the U.S. government should disclose vulnerabilities. This makes CISA’s provisions requiring information shared with the Department of Homeland Security to be automatically shared with the NSA, DOD, and others in the intelligence community even more concerning.

While the Obama Administration has claimed that it discloses the vast majority of vulnerabilities, we know from recent FOIA documentation that the government currently lets the NSA lead the disclosure determination process, a discussion dominated by the intelligence community with inadequate participation from critical federal agencies like the Departments of Homeland Security or Commerce, and lacks accountability and transparency.

Indeed, the President’s own Review Group on Intelligence and Communications Technologies, which had security clearances and access to classified documents, found that there needed to be a significantly more robust and accountable process around vulnerability disclosure (see Recommendation #30). Implicit in this recommendation is the idea that the presumption should be that all vulnerabilities should be disclosed to the relevant vendor(s) so that they can be patched, and then in due course disclosed to the public. However, there may be times when delay in disclosure may prove so valuable to an ongoing intelligence operation, for example, that such a delay is merited.

Delays in disclosure should be few and far between, and the determination to delay disclosure must involve all of the relevant stakeholders in the government and be guided by a more detailed set of criteria than those Michael Daniel, the White House Cybersecurity Coordinator, laid out last year in a blog post about the Heartbleed vulnerability (although those are a good start).

Members of Congress should not think that their work on cybersecurity is done. With the passage of these information sharing bills, now more than ever, Congress should turns its attention to government vulnerability disclosure in order to meaningfully improve cybersecurity.

Net neutrality amendments and final vote in the EU

Chris Riley



Today, a bitter-sweet victory for net neutrality in Europe: the European Parliament voted on the Telecoms Single Market Regulation (TSM), which will bring some protections for the open internet in Europe. Regrettably, the European Parliament voted against amendments that would have brought clarity and strength to the proposed rules.

As voted, the proposal generally bans discrimination, but falls short in a few areas, including tightening the definition of “specialised services,” disallowing the discrimination of different types of traffic (see more in our analysis below).

The rules will enter into force as soon as the legislation is published in the Official Diary (which could be as early as November, though not yet confirmed).

But it’s not over yet. BEREC, the association of telecoms regulators in Europe, will devise guidelines during a 9 month consultation period that could clarify the interpretation of the rules. We hope that BEREC finishes what the EU institutions started and enacts real net neutrality in the European Union.


We’re days away from the vote for adoption of the Telecoms Single Market (TSM), a proposed EU Regulation that would enshrine net neutrality across the continent. The TSM contains rules which would specify the equal treatment of traffic and ban blocking, throttling, and the establishment of fast lanes, although a handful of key amendments are still needed to bring clarity and strength to the proposed rules. There’s still time to take action – find out more about possible amendments and contact members of the European Parliament through a campaign platform launched by European civil society at:

Net neutrality is central to the Mozilla mission and to the openness of the Internet. As a global community of technologists, thinkers, and makers, we want to build an Internet that is open and enables creativity and collaboration. This is why we have taken a strong stance in favour of real net neutrality around the world. Net neutrality preserves the disruptive and collaborative nature of the Internet, and benefits competition, innovation, and creativity online.

The TSM was proposed in September 2013, and originally contained a number of semi-related issues, from consumer rights, spectrum management, and roaming, to net neutrality. Over the course of negotiations, the text was cut down to contain a reform of roaming charges and net neutrality rules. Since March, the TSM has been in the final stages of negotiation called the “trialogue,” where the three EU institutions (European Parliament, Commission, and the Council) agree on a common approach. The Parliament will get the final say in the Plenary vote in Strasbourg next Tuesday (27 October).

The current text of the TSM would bring a much needed improvement in the EU for protections against blocking, throttling, and prioritisation of online traffic. Still, there are areas where the text needs to be clarified and strengthened, and we hope these changes can be made over the next few days. Here are two we believe to be of critical importance:

Prohibiting the discrimination of different types of traffic. The current text allows ISPs opportunities to prioritize or throttle some “types of traffic” without violating net neutrality. Such type-based discrimination permits ISPs to slow down or speed up entire types of traffic, resulting in severe harm to net neutrality. For example, an application considered to be “chat” type might include video capabilities, or might be text-only; throttling the latter might have no impact, yet might cripple user experience for the former. Furthermore, the technical characteristics of a “type” of application today may not be the same in the future, as the technologies evolve and add new functionality, so even treatment for a “type” that seems reasonable today may not be tomorrow. Other loopholes are possible as well. Network operators may discriminate against encrypted traffic if unable to determine the “type,” or may create unique “types” of traffic for certain preferred classes, even if there are no inherent distinctions – artificially separating their own preferred or partner traffic from their competitors in order to work around the rules. An amendment that reinforces equal treatment across data types would help close these loopholes.

Tightening the definition of “specialised services” to prevent discrimination. Specialised services – or “services other than Internet access services” – represent a complex and unresolved set of market practices, including very few current ones and many speculative future possibilities. While there is certainly potential for real value in these services, the criteria defining these services should be refined to prohibit discrimination that harms open Internet access services.

The European Parliament will have an opportunity to vote on amendments before considering the final text, so there’s still time to let them know about these valuable improvements. The final outcome of this process will set a strong standard for the open Internet in the European Union and beyond. It’s therefore more important than ever to ensure that the rules are clear, comprehensive and enforceable. Take action today – find out more about the amendments and contact members of the European Parliament at:

Raegan MacDonald, Senior Policy Manager, EU Principal
Jochai Ben-Avie, Senior Global Policy Manager
Chris Riley, Head of Public Policy

Data retention in Deutschland

Jochai Ben-Avie

Tomorrow (Friday) the German legislature (the Bundestag) is set to vote on a mandatory data retention law that would require telecommunications and internet service providers to store the location data, SMS and call metadata, and IP addresses of everyone in Germany. Ordinarily, we can look to Germany to be a leader on privacy, which is why it’s so disappointing to see the German government advance legislation that places all users at risk.

While this legislation isn’t as bad as other data retention proposals we’ve seen (e.g., in France, the US, and Canada), to highlight the many dangers of mandatory data retention as a practice and express our opposition to this legislation, we sent a letter, signed by Denelle Dixon-Thayer, Mozilla’s Chief Business and Legal Officer, to every member of the Bundestag. You can read the letter here in English and here in German.

The Mozilla community has also been speaking out against this legislation. Working with local German partners Digitale Gesellschaft and we created a petition enabling German-speaking Mozillians to call on the Bundestag to reject this legislation. So far thousands of users have taken action! While it’s always inspiring to see users mobilizing to protect the open Web, this is particularly exciting for us as it is Mozilla’s first advocacy campaign in a language other than English, as well as the first outside of the United States. The Mozilla Policy Team was also in Berlin last week to speak to German lawmakers about this bill.

While it’s likely that this data retention law will pass the Bundestag, we’re confident that it will be struck down by German courts. Indeed, this wouldn’t be the first time that the German courts put a stop to data retention practices. In 2010, the German Federal Constitutional Court struck down Germany’s last data retention law, and in April of last year, the Court of Justice of the EU, the highest court in Europe, issued a sweeping condemnation of mandatory data retention and invalidated the Data Retention Directive (which required every EU country to enact a data retention mandate). This makes it all the more disappointing that the German government is pushing ahead with trying to bring data retention back from the dead, even as other countries across Europe have been repealing their old data retention laws.

We’ll continue to monitor the situation in Germany and to continue to oppose mandatory data retention laws elsewhere in the world. To take action on the law before the Bundestag, click here!

4 Days in NYC for the Open Web Fellows

Brett Gaylor

The inaugural cohort of the Ford-Mozilla Open Web Fellows met in New York last week for only the second time face to face.  Working remotely from Lima, Washington DC, Boston and London, the 6 fellows meet weekly with Melissa Romaine from Mozilla’s San Francisco office, and with me from my home office in Victoria, British Columbia. This was an In Real Life™ meeting we were all looking forward to, if for nothing else than the important reminder that we aren’t squares on a video conference call – we are talented and complicated humans.

Mozilla NYC

The six fellows are placed within Internet Freedom organizations, working on a mixture of team and individual projects.

      • Paola Villarreal, American Civil Liberties Union, Massachusetts.
        Paola is working on Data for Justice, a data-driven advocacy tool that visualizes information critical for eliminating injustice in communities.
      • Tim Sammut, Amnesty International. Tim’s projects are:
        Secure Communications Framework: An approachable framework for human rights researchers that helps them understand how to communicate with contacts around the world safely in the context of varying threats and information sensitivity.
        Community Incident Response: Help human rights organizations in Amnesty’s worldwide network access technical assistance during active digital attacks.
      • Andrea Del Rio, Association for Progressive Communications
        Andrea is creating the web version of the Feminist Principles of The Internet, which aims to inspire people not only to imagine a Feminist Internet but actually build one that is fair, inclusive, empowering and safe for everyone.
      • Drew Wilson, Free Press
        Drew is embedded in Free Press’ Internet2016 campaign and is building tools that internet rights advocates can use to bootstrap their own activism projects.
      • Gem Barrett, Open Technology Institute
        Gem is a member of the MLab team at OTI, helping to build the largest collection of open Internet performance data on the planet.
      • Tennyson Holloway, Public Knowledge
        Tennyson is working on projects that inspire and educate future web advocates. “What can i do for the” is a website that represents a vision of a story based platform that educates, inspires, and assists users to join the open web movement. His other projects involve creating web games that explain tech policy Washington issues, such as copyright and patent trolls.

The Weather Report

Being the first cohort, the 2015 fellows have their fair share of challenges and opportunities.  The challenge: we’re living a plan that is being executed for the first time.  Almost everything needs to be answered by “I don’t know. Let me get back to you”.  On the plus side, this cohort will likely play the largest role in shaping the program and will have the highest degree of input on where we need to make adjustments.  This day was about navigating that tension and also identifying where we are starting to win.


A random sample of substantive issues we discussed:

-How do we design a fellowship program that serves both established and emerging careers?

-What’s the right balance of individual projects and independent research within a fellowship year?

-How do we identify our mentors? Can these people be found for us, or is it in fact something we need to find time to do? (spoiler alert – that’s on us)

Some key takeaways for the Mozilla program team:

-The Mozilla network is a key asset. We need to present the “menu” of potential contacts and access to people that we can provide

-We need to find a way to bring the work of the fellows to Mozilla audiences

-We can assist fellows in finding mentors – those individuals that fellows can go to for advice and that have their best interests at heart

We ended the day with a Q & A with Mozilla’s Executive Director, Mark Surman.  Mark shared with the fellows his vision for leadership development at Mozilla, which he’s previously blogged about here.   He left with two invitations for the cohort – be demanding, and make sure Mozilla is doing all it can to advance your goals.  But also, be generous – give to each other and the program.

Mapping Collaboration

The 2015 cohort is impressive.  They’ve advised governments, settled refugees, built movements and shipped products.  One thing we needed to accomplish together was an identification of the believable ways that the cohort could collaborate together – from running workshops with one another to building a shared project, we spent time mapping this landscape and committing to some next steps. We were joined by Mozilla’s Internet Policy manager Jochai Ben-Avie,who will be working with the cohort during their fellowship year.


Some things we committed to producing together

-5 Lightning Talks we’ll give within the cohort about skills we want to share or an issue we are passionate about

-A Mozilla Wiki page about the fellowship cohort – You can now refer to this page to stay up to date on the 2015 cohort.

-Collaborating with the larger Mozilla Advocacy team to help develop advocacy campaigns

-Net Posi, a podcast about activism started by the cohort – listen to the first episode below and subscribe here.

We headed to midtown for a meeting with Jenny Toomey, Lori McGlinchey and Michael Brennan from Ford’s Internet Rights program.  We were also joined by Joshua Cinelli, who manages Ford’s strategic communications. It was a great chance for us all to learn more about why Internet Rights has been a strategic focus for Ford, and how they see field building and talent development fitting into their strategy.  As Lori McGlinchey, the Internet Rights Program officer expressed – “we need civil society orgs to see technologists not as the cherry on top of a cake they already are having trouble paying for – technologists need to be thought of as essential to these teams”.  It was also a chance for Ford to internalize the diversity and talent of our cohort and the projects we’ve undertaken.  This was the first time that the fellows and Ford staff had met, and we all left with a heightened understanding of not only our role within the Internet Freedom ecosystem, but the opportunities for us to make an impact.


From there we headed to Civic Hall for our closing event.  We hosted 30 activists and technologists for social change in a conversation designed to learn more about the projects of our cohort. We also met with several organizations hoping to place fellows within their organizations in 2016, and were fortunate to be able to dedicate some 1-1 time to these allies in the field.  We split into small groups where fellows lead discussions around their projects.

We finished the evening by braving the rainy ripple effects of Hurricane Joaquin to have a final meal together.  Exhausted but productive, the trains, planes and automobiles took us out of New York to reflect on, internalize, and act on what we’d learned.

A HUGE thank you to Misty Avila who joined us from Aspiration Technology to facilitate our days together.  We couldn’t have accomplished so much without her talent and spirit!


CalECPA nears the finish line, to potential global benefits

Chris Riley

Earlier this year, we wrote about CalECPA (official name: SB 178), a bill in the state of California that would improve privacy protections for Internet users by requiring due process to ask for online communications data and metadata. This bill has been passed by the California legislature, and is now on its way to the Governor to be signed into law.

In some circumstances, we’d declare victory at this point. But other electronic privacy bills have advanced very far in the California political processes before, only to fail. So it’s not over yet. Fortunately, the scale of support for the legislation in this version is greater than it has ever been, both inside and outside government. We’re hopeful it can succeed this time.

It is important that it passes. California privacy law needs to catch up with other countries and other U.S. states (including Texas, Maine, and Utah). Federal law in the U.S. needs to follow suit. In too many areas, the United States is still applying privacy law written decades ago, long before smartphones were introduced, even before the ubiquity of personal computing devices at any scale. Old law doesn’t always equate to bad law. We rely on a fundamental document, the Constitution, that measures its age in the centuries, after all. In this case however, old privacy laws aren’t protecting Internet users adequately. Today’s old privacy laws weren’t written in a way that adapts well to evolving technology. CalECPA improves on this significantly.

Mozilla Manifesto principle #4 reads, “Individuals’ security and privacy on the Internet are fundamental and must not be treated as optional.” To us, this begins with our technologies. Our privacy principles emphasize limited data, transparency, and meaningful user control, informing and guiding how we engineer all of our products and services.

Legal safeguards, such as the changes proposed in CalECPA, are essential as a complement to good technical practices. Governments want access to the data that businesses collect, store, and use. But when there are no or insufficient protections on what information they can ask for, transparency, accountability, user control, and privacy all suffer.

We saw significant progress on surveillance reform earlier this year through the passage of USA FREEDOM – but we have a very, very long way to go. Adopting CalECPA into law would not only have tangible benefits for Internet users, with impact felt far beyond the state of California. It would also help sustain momentum and contribute to future victories on surveillance reform.

Host the Heroes of Tomorrow


Last year Ford Foundation and Mozilla came together to launch the Open Web Fellows Program, an international leadership initiative that brings together the best emerging technology talent and civil society organizations to advance and protect the open Web. This came at a critical point for the evolution and health of the Web, which Mark Surman, Executive Director of Mozilla Foundation, and Darren Walker, President of Ford Foundation wrote about here:

            “The Internet remains a contested space. Far too often, we see its core ethos – a                            medium where anyone can make anything and share it with anyone – undermined by                  forces that wish to make it less free and open. In a world in which the future health of                  the Internet is vital to democratic discourse and a free flow of ideas, we need a band of              dedicated individuals standing ready to protect it.”

As part of the NetGain initiative, the program provides an ecosystem for the next generation of open Web advocates to make an early impact while growing into the capable leaders we need as threats to digital freedom proliferate.

Looking towards 2016, we’ve opened the call for applications for host organizations (closing Sept. 12, 2015 Extended to Oct. 9, 2015).

Year Two will include 8-9 host organizations and Open Web Fellows who will work together to keep the Internet a global public resource by focusing on salient issues like privacy, access, and online rights.

Specifically, the goals of the Open Web Fellows program are:

  • Produce better technical understanding among civil society and government policy-making bodies
  • Increase public awareness and understanding of Internet policy issues
  • Provide talented individuals with the opportunities to create a healthier, more trustworthy Web
  • Provide civil society organizations with the capacity and capabilities to expand their work into new horizons
  • Contribute to building a community of public interest technologists

Host organizations are involved in the recruitment and selection process of the candidates. Other responsibilities include:

  • Collaboration: Host organizations will work with Mozilla to provide a learning environment through mentorship, networking, and conferences.
  • Fellowship Projects: Host organizations and their selected fellows will identify projects that build on the skills of the fellows. Host organizations and fellows will ensure that these projects do not entail any lobbying activities.

In turn, Mozilla will provide:

  • Thought Leadership: Mozilla will provide support and training throughout the fellowship, as the new leaders learn more about Internet policy and advocacy.
  • Program Management: Mozilla will manage the host organization and fellow selection processes, coordinate Mozilla-organized events for fellows, and disburse grant funding.
  • Mentorship: Mozilla staff will collaborate with fellows to transfer vital skills in open source, project management and professional development.

Each year, fellows spend 10 months embedded at leading advocacy organizations to lend their expertise to the field. They receive a stipend of $60,000, plus a number of supplemental benefits to help with relocation, housing, childcare, and equipment acquisition. We will also cover the cost of certain Mozilla-organized trips, but ask the host organizations to cover trips they deem required. Mozilla strives to make this a global program, and as such provides visa assistance where necessary.

To better understand the type of organizations with which the Open Web Fellows Program is looking to partner, please see our “Spotlight” series on our 2015 host organizations:

American Civil Liberties Union, Massachusetts
Amnesty International
Free Press
New America’s Open Technology Institute
Public Knowledge
[Note: Association for Progressive Communications is also a 2015 host organization, but were recruited at a later date.]

Apply now to become a 2016 Ford-Mozilla Open Web Fellows host organization.


Q: How should host organizations be”advancing the open Web”?
A: “Open Web” needn’t be specifically about net neutrality and access; open practices, research, privacy, surveillance, and promoting the web as a public resource all fit within the focus of the program.

Q: How technical are the fellows?
A: It depends on the needs of the host organization. Generally, they are quite technical (full-stack engineers), and some have specialities. To get a sense of they types of people this program attracts, meet our 2015 cohort of Open Web Fellows.

Q: How involved are host organizations in the selection process?
A: First pass is done by a core Mozilla team. The host organizations will then be given a list of about 100 candidates (depending on how many apply) from which they first choose who Mozilla should interview, and later who they want to interview. The final decision is made in negotiation with Mozilla and the host organization. Read more about the 2015 Fellows selection process.

Q: What if we don’t have a physical office space?
A: Fellows are generally encouraged to work in the office space of the host organization to better understand the culture of civil society organizations and the public sector. If an organization doesn’t have a physical space, arrangements for remote working can be made. However, this requires more oversight and involvement from the host organization.

Q: What sorts of projects do fellows work on?
A: Host organizations and fellows “ship” a tangible outcome over the course of the project. Initial projects range from content productions, campaign sites, mobile apps, mashups of open data sets, and tooling for activist organizations.

Apply now to become a 2016 Ford-Mozilla Open Web Fellows host organization.

Experts develop cybersecurity recommendations

Chris Riley


Today, we’re excited to publish the output of our “Cybersecurity Delphi 1.0” research process, tapping into a panel of 32 cybersecurity experts from diverse and mutually reinforcing backgrounds.

Mozilla Cybersecurity Delphi 1.0

Securing our communications and our data is hard. Every month seems to bring new stories of mistakes and attacks resulting in our personal information being made available – bit by bit harming trust online, and making ordinary Internet users feel fear. Yet, cybersecurity public policy often seems stuck in yesterday’s solution space, focused exclusively on well known terrain, around issues such as information sharing, encryption, and critical infrastructure protection. These “elephants” of cybersecurity policy are significant issues – but too much focus on them eclipses other solutions that would allow us to secure the Internet for the future.

So, working with Camille François & DHM Research we’ve spent the past year engaging the panel of cybersecurity experts through a tailored research process to try to extract public policy ideas and see what consensus can be found around them. We weren’t aiming for full consensus (an impossible task within the security community!). Our goal was to foment ideation and exchange, to develop a user-focused and holistic cybersecurity policy agenda.

Mozilla Cybersecurity Delphi Process

Our experts collectively generated 36 distinct policy suggestions for government action in cybersecurity. We then asked them to identify and rank their top choices of policy options by both feasibility and desirability. The result validated the importance of the “cyberelephants.” Privacy-respecting information sharing policies, effective critical infrastructure protection, and widespread availability and understanding of secure encryption programs are all important goals to pursue: they ranked high on desirability, but were generally viewed as hard to achieve.

More important are the ideas that emerged that aren’t on the radar screens of policymakers today. First and foremost was a proposal that stood out above the others as both highly desirable and highly feasible: increased funding to maintain the security of free and open source software. Although not high on many security policy agendas, the issue deserves attention. After all, 2014’s major security incidents around Poodle, Heartbleed, and Shellshock all centered on vulnerabilities in open source software. Moreover, open source software libraries are built into countless noncommercial and commercial products.

Many other good proposals and priorities surfaced through the process, including: developing and deploying alternative authentication mechanisms other than passwords; improving the integrity of public key infrastructure; and making secure communications tools easier to use. Another unexpected policy priority area highlighted by all segments of our expert panel as highly feasible and desirable was norm development, including norms concerning governments’ and corporations’ behavior in cyberspace, guided by human rights and communicated with maximum clarity in national and international contexts.

This report is not meant to be a comprehensive analysis of all cybersecurity public policy issues. Rather, it’s meant as a first, significant step towards a broader, collaborative policy conversation around the real security problems facing Internet users today.

At Mozilla, we will build on the ideas that emerged from this process, and hope to work with policymakers and others to develop a holistic, effective, user-centric cybersecurity public policy agenda going forward.

This research was made possible by a generous grant from the John D. and Catherine T. MacArthur Foundation.

Mozilla Cybersecurity Delphi 1.0

Chris Riley
Jochai Ben-Avie
Camille François

Decisive moment for net neutrality in Europe

Jochai Ben-Avie


Yesterday, the European Union moved one step closer to enacting real net neutrality across the continent. The European Parliament’s Industry, Research, and Energy Committee (ITRE) approved an agreement on the Telecom Single Market Regulation (TSM), after drawn out negotiations between the three EU policymaking branches: the Parliament, the Council, and the Commission. This draft legislation includes proposed rules specifying that all traffic must be treated equally as well as rules prohibiting paid prioritization and blocking.

The ITRE Committee will vote in the fall to formally adopt the text and it will then move to the full Parliament plenary for a final vote. However, amendments can be offered before both the ITRE vote and the plenary vote, and the European Council (the body representing EU member states) must also ratify the final text before it becomes law.

While the current rules are ambiguous in places and give significant deference to national regulatory authorities, overall this is a significant step to protect the open Internet in Europe. We urge European policymakers to finish strong and enact clear, enforceable rules against blocking, discrimination, and fast lanes.


After years of negotiations, the E.U. Telecom Single Market Regulation (which includes proposed net neutrality rules) is nearing completion. If passed, the Regulation will be binding on all E.U. member states. The policymakers – the three European governmental bodies:  the Parliament, the Commission, and the Council – are at a crossroads: implement real net neutrality into law, or permit net discrimination and in doing so threaten innovation and competition. We urge European policymakers to stand strong, adopt clear rules to protect the open Internet, and set an example for the world.

At Mozilla, we’ve taken a strong stance for real net neutrality, because it is central to our mission and to the openness of the Internet. Just as we have supported action in the United States and in India, we support the adoption of net neutrality rules in Europe. Net neutrality fundamentally protects competition and innovation, to the benefit of both European Internet users and businesses. We want an Internet where everyone can create, participate, and innovate online, all of which is at risk if discriminatory practices are condoned by law or through regulatory indifference.

The final text of European legislation is still being written, and the details are still gaining shape. We have called for strong, enforceable rules against blocking, discrimination, and fast lanes are critical to protecting the openness of the Internet. To accomplish this, the European Parliament needs to hold firm to its five votes in the last five years for real net neutrality. Members of the European Parliament must resist internal and external pressures to build in loopholes that would threaten those rules.

Two issues stand out as particularly important in this final round of negotiations: specialized services and zero-rating. On the former, specialized services – or “services other than Internet access services” – represent a complex and unresolved set of market practices, including very few current ones and many speculative future possibilities. While there is certainly potential for real value in these services, absent any safeguards, such services risk undermining the open Internet. It’s important to maintain a baseline of robust access, and prevent relegating the open Internet to a second tier of quality.

Second, earlier statements from the E.U. included language that appeared to endorse zero-rating business practices. Our view is that zero-rating as currently implemented in the market is not the right path forward for the open Internet. However, we do not believe it is necessary to address this issue in the context of the Telecom Single Market Regulation. As such, we’re glad to see such language removed from more recent drafts and we encourage European policymakers to leave it out of the final text.

The final text that emerges from the European process will set a standard not only for Europe but for the rest of the world. It’s critical for European policymakers to stand with the Internet and get it right.

Chris Riley, Head of Public Policy
Jochai Ben-Avie, Internet Policy Manager

Announcing the 2015 Ford-Mozilla Open Web Fellows


Building and supporting leaders equipped to protect the open Web is a core part of Mozilla’s advocacy strategy. After a comprehensive, worldwide search, we are excited to introduce the 2015 Ford-Mozilla Open Web Fellows!

Paola Paola Villarreal | Americal Civil Liberties Union, Massachusetts
Tim Tim Sammut | Amnesty International
Andrea Andrea Del Rio | Association for Progressive Communications
Drew Drew Wilson | Free Press
Gem Gem Barrett | Open Technology Institute
Tennyson Tennyson Holloway | Public Knowledge

Find out more about what they will be doing in 2015.

The 2015 class represents the diversity of the Web — they come from around the world and bring skills ranging from security analysis and digital campaigning to games and apps development. Each Fellow will spend 10 months immersed in a host organization, working to advance Mozilla’s mission in policy areas including privacy, access, expression and more.

Learn about the competitive selection process.

The Open Web Fellows program — a collaboration between the Ford Foundation and Mozilla — is an international program designed to engage developers, engineers, technologists, programmers and other webmakers with civil society organizations around the world to help protect the Internet. The Fellowship program is designed to create an ecosystem that will strengthen and build leaders dedicated to advancing the free and open Web.

During the 10-month Fellowship, this next generation of leaders will be immersed in projects that address key needs with respect to digital freedom. The Fellowships will produce better technical understanding among civil society and government policy-making bodies, a stronger affirmative agenda that creates better public awareness and understanding of Internet policy issues, and improved cross-sector coordination. Fellows will serve as mentors, advisors and ambassadors, helping to develop a better-informed global policy discussion.

The 2015 class of Ford-Mozilla Open Web Fellows are working with some of the world’s leading organizations to help ensure the public policy climate safeguards the Internet as a shared, global and public resource. In this inaugural year, Fellows are embedded within six organizations: the American Civil Liberties Union (ACLU), Amnesty International, the Association for Progressive Communications (APC), Free Press, Open Technology Institute and Public Knowledge.

Please join us in welcoming the 2015 class of Ford-Mozilla Open Web Fellows. We are eager to see their impact in the months to come.