What about an Open Web Health Report?

report_card_1We often talk about the “Open Web” or “the web as a platform” and it certainly resonates from some, but for others, not so much. It’s a murky concept for sure. Prior to my time at Mozilla, I must admit that I didn’t spend a lot of cycles thinking about the web as a platform, what’s important about it, the key attributes, much less its health. Like most of us, I just used it and assumed it would always be there. My sense is that people think about the open web about as much as they did the “environment” before the environmental movement first gained broad traction in the early ’70s.

Given that much of Mozilla’s mission is about nurturing and creating a healthy web environment, it seems we should have some way to understand and track its health. Just like a doctor wants to understand your symptoms before treatment, or a business tracks its inventory, maybe we need the same thing for the open web. Perhaps there’s a need for some kind of report that tracks key metrics that would give us qualitative and quantitative insight into the health of this so called open web.

There are plenty of reports that monitor traffic like Keynote or Akami’s State of the Internet report that highlights attack traffic, connection speeds, Internet penetration, etc. These are all good but there’s more to the health of the open web than traffic, speed, and adoption.

A clear understanding of the current state and trends should inform our strategy and let us know where, when, and if we have been successful. It would also tell us when we weren’t. Knowing the problem is certainly the first step to solutions. Ten years ago when one browser had roughly 90% market share it was easy to see the problem. Today – not so much.

So how would you do it? First there would have to be some common understanding of the attributes of the open web we want to monitor. This itself is no easy task, but the 80/20 rule seems applicable here. Tantek did some great work a few years ago when he articulated three principle abilities that were essential to the “open web” namely:

  1. publish content and applications on the web in open standards
  2. code and implement the web standards that that content/apps depend on
  3. access and use content / code / web-apps / implementations

In “Long Live the Web: A Call for Continued Open Standards and Neutrality” Tim Berners-Lee articulated universality as the key principle of the web. He also noted that “some of its most successful inhabitants have begun to chip away at its principles.” The FCC’s Open Internet Order articulated four key concepts that encapsulate the idea of net neutrality – one core principle. Google’s Sergey Brin described some of the same principles and threats in a 2012 Guardian interview. In some of our public policy work we attempted to identify “open web DNA” so we could better address policy threats. These all assume the existence of some common set of principles that underpin the open web.

The world is even more complicated today and I would posit that there are a wide range of additional metrics that collectively indicate the health of the open web and the vitality of the principles we care about. Many of these are not the traditional technical components, but commercial and external market factors that could serve as indicators for the abilities described above. For example, it may include factors like:

  • Diversity of service providers and ecosystems
  • Concentration of service providers, publishers, and applications
  • Adoption of open standards, APIs and languages
  • Security
  • User choice and control
  • Public awareness and activism
  • Content restrictions
  • Transparency
  • Interoperability
  • HTML5 developers
  • Relevant economic/growth indicators
  • Usage patterns and trends
  • Maybe even a disruption index

If this kind of report already exists, let’s use it more. If it doesn’t should we try to create it?

Beauty by Cole Zehren


The sweet sound of jazz.
First of a kind.
Body side-to-side.
Where we rest, we shall all walk
But in beauty or sorrow, we have dreams
But it is your dream that comes true.



Copyright Cole Zehren 2013

Dreams by Cole Zehren


My dream
It comes naturally
A lovely new sight
Making the world wonderful
A woken dream for you and me
Nothing like it
We must see it
A deep drive into beauty
In beauty we shall all walk.

Copyright Cole Zehren 2013

Cyber-security heating up on both sides of the Atlantic

In the US, another version of CISPA was reintroduced yesterday in the House of Representatives. The White House has also issued an executive order on the same topic. Similarly in Europe, the European Commission recently published two documents which articulate a strategy for cybersecurity – Cybersecurity Strategy of the European Union and the Proposed Directive on Network and Information Security. Info sharing programs to improve Internet security may be one of the most important global technology policy issues this year. We’re currently looking at these proposals to develop a view and understand if and how they may impact the Mozilla mission. If you would like to contribute to this effort, we welcome your participation.

Full post on the Mozilla privacy blog.

Don’t Leave Before the Miracle Happens

This week friends and family celebrated the life of Veronica McCarthy. While she may have died of cancer, she lived of joy and grace. I went to the funeral this week which was at first surreal and upsetting, but it turned out different. I was struck by an overwhelming sense of gratitude. I looked down the pew and saw all these men and woman who she had touched in profound and material ways. Some of these men I’ve known for over two decades and they are different because of her. Different (as in better) in ways you can’t begin to measure or put a price on. All I could think was what a blessing she was and how lucky we were to know her. She did for some of us what we couldn’t do for ourselves. She instilled a faith and sense of possibility that I couldn’t see at the time, but she could. She also did it in a way that made you feel special, like she was only talking to you. I guess that’s one of those grandma tricks, where all the kids feel most special. When I think of Veronica, or St Veronica as some of us called her, I can only say – Thank you.

Screen Shot 2013-02-01 at 4.00.31 PM

Windows EU Ballot Screen Technical Glitch

We’re encouraged by the European Commission’s efforts to ensure that users have meaningful browser choice in the Windows PC environment. The 2009 Commitments adopted by Microsoft were a foundational part of the remedy developed by the Commission to resolve Microsoft’s competition violations in EC countries. A key part of the remedy was Microsoft’s commitment to present the browser ballot screen to Windows users through vehicles like the Windows 7 Service Pack 1. Earlier this year, we learned that Microsoft failed to fully comply with the browser choice ballot screen obligation for nearly 15 months.

Most recently the EC sent a statement of objections to Microsoft for failing to include the browser-choice screen as promised. Our data suggests that the absence of the browser choice screen had the following impact:

  • Daily Firefox downloads decreased by 63% to a low of 20,000 just prior to the fix;
  • After the fix, Firefox downloads increased 150% to approximately 50,000 per day; and
  • Cumulatively 6 to 9 million Firefox browser downloads were lost during this period.

After accounting for the aggregate impact on all the browser vendors, it seems like this technical glitch decreased downloads and diminished the effectiveness of the remedy ordered in the 2009 Commitments.

Draft Framework for Policy Engagement – Why, When, and How

Over the past few years we’ve become more engaged in public policy issues driven by proposed legislative and regulatory actions that threaten core tenants of the open web. These threats are global in nature and manifest themselves in national legislative bodies, judicial venues, trade organizations, and international treaty setting bodies among others. After engaging in a number of policy issues such as SOPA, ACTA, DNT, jailbreaking, and further seeing a forecast of “more rain” we set out to craft a draft framework that could guide our approach on these issues.

The framework is not meant to be exhaustive nor be a detailed roadmap,  but rather directional in nature.  Hopefully it’s a level set and creates a common point of reference for our community. As time goes on, we’ll naturally iterate and develop the ideas further. At this point we want to test it, incorporate feedback, and see if the approach makes sense. Please add any comments to the governance thread here.

Some key assumptions that inform the framework are:
•    Tech policy can help or hurt the web
•    Key attributes of the open web need to be nurtured and protected
•    All tech policy issues are not the same
•    We can make a difference
•    The nature of the threat will dictate different kinds of responses
•    We remain a project that is primarily focused on building stuff
•    Don’t build what already exists

The framework reflects our current thinking and should answers key questions like:
•    What’s the goal? What are we trying to protect?
•    Can we make a difference?
•    Why do we get involved?
•    When do we get involved and when don’t we?
•    How do we engage?

If you want more color on some of these ideas, take a look at the presentations below where we have begun discussing the broader notions of threats to the open web.

* Open Forum Europe summit presentation by Mitchell Baker
* World Economic Forum presentation by Gary Kovacs
* FISL 2012 presentation “powerful v. empowered” by Harvey Anderson

FISL Talk “Powerful v. Empowered”

During the FISL12 conference last week, I had the opportunity to present a keynote entitled “Powerful v. Empowered – Threats to the Open Web.” The talk examines the threats, the drivers,  and how we can make a difference. The prezo can be found here: FISL Prezo Final. The FISL community was pretty awesome. There’s something about their approach and perspective that had a delicate and thoughtful quality that was really impressive.

Preliminary Comments for Senate Commerce Committee Hearing on DNT

This Thursday, the US Senate Committee on Commerce, Science and Transportation is holding a hearing entitled “The Need for Privacy Protections: Is Self-Regulation Adequate?” Mozilla along with several others have been asked to comment at the hearing on the current state of: i) industry self-regulation; ii) Mozilla’s Do Not Track feature; and iii) the industry’s ability to provide consumers with adequate tools to protect their personal information online.

We’re planning to participate and provide comments based on our experience and perspective. We also posted the questions to governance for input.

In addition to core Mozilla messages about user choice, control, and transparency, the comments will include the following key key points:

  • Industry self-regulation can work when it’s a multi-stakeholder process that reflects the views of all of the relevant parties involved in data transactions including users, developers, service providers, publishers, and the ad networks.
  • Non-voluntary regulatory measures are a last resort. They can introduce unintended consequences that can be harmful to a fragile web ecosystem. As a result we should be cautious in this regard and give voluntary industry efforts every chance to succeed before interceding with regulation.
  • The desire to predict and deliver content that appeals to users is a core driver behind efforts to collect and analyze data about us. This will only increase particularly with the inclusion of the mobile data graph. This is not inherently bad, and delivering content that users want, when they want it, is a good thing if it’s done transparently and in harmony with user intent.
  • Commerce is a vital and beneficial Internet activity. Enabling and maintaining economic ecosystems on the web is essential to a robust and healthy Internet. Commercial imperatives and user choice/control are not mutually exclusive. They can and must coexist through a combination of technical capabilities and user-centric business and data practices.
  • DNT requires cooperative efforts of services providers, ad networks, browsers, and other parts of the web ecosystem. We’re optimistic that the multi-stakeholder process ongoing at the W3C will result in a consensus on both the meaning of DNT and how websites should respond.
  • DNT is one method to give users a voice in how third parties collect, use, and track information about them. It’s not the only method, nor the be all and end all of the data and privacy relationship that exists between users and service providers.

We’re in the process of completing the comments now and will submit them in advance of the hearing on Wednesday.

Patent Matters – Don’t Hate the Player, Hate the Game

The recent acquisition of the Netscape/AOL patent portfolio reminded me that an update on Mozilla’s patent strategy is long overdue. This post is about what we’ve done and what we could/should do in the future.

As you may have seen, there’s been a lot of patent litigation activity lately. The Yahoo suit against Facebook is one of the most surprising – at least to me. And the US Supreme Court just recently weighed in to re-affirm a long held axiom of patent jurisprudence that laws of nature are not patentable subject matter, so the judiciary is getting more active as well.

What’s driving the increase of patent activity? There are numerous drivers in my view including increased competition in the mobile space, the desire for competitive advantage particularly if a company is struggling in the market, and demands for incremental license revenues. Invariably, patent portfolios become more attractive tools for revenue and market competition when a business is not doing well or threatened.

The traditional strategy has been for each company to develop the largest possible patent portfolio to act as a deterrent against potential plaintiffs. This is known as a defensive approach. Others make no such claim at all, and still others do a bit of both depending on the circumstances. For early stage companies and start-ups, patent rights may also be important. If the business fails in the market, IP rights may turn out to be the most valuable asset for investors.

I personally struggle with the effectiveness of “build a big patent pool” as a one size fits all approach. It may not work if you’re way behind in the game or even conflicted about software patents. Also, if done organically, it simply takes too long. In other settings it may however make perfect sense, especially with enough resources and sufficient inventive material that is relevant to your competitors. I got to do this for a few years in my first in-house counsel job working for Mitchell Baker long ago where I was tasked with creating the initial Netscape patent portfolio.

So far Mozilla has not adopted the traditional strategy. A while back we made an exception to file four patent applications on some novel digital audio and video compression codecs co-invented with a contributor at the time. We assigned those applications to xiph.org, a non-profit focused on open video and audio codecs. The assignment included a defensive patent provision which prevents the patent from being used offensively. One of those applications has been published for examination as part of the standard USPTO patent application process. We believe that these applications may help in standards settings so we could achieve a better open standard for audio codecs. For better or worse, in the standards bodies participants use their IP to influence the standards and without some leverage, you’re left only with moral and technical arguments. We’ll see if our theory plays out in the future.

We haven’t filed other applications yet, but I don’t think the past should necessarily dictate the future. I can imagine many places where inventive developments are occurring that have strategic value to the industry, and where we want those protocols, techniques, and designs to stay open and royalty-free to the extent they are essential parts of a robust web platform. Ofcourse filing patent applications is one possible technique, but at those strategic intersections, I think we should entertain filing patent applications as one tool in our overall strategy.

In addition to patent filing strategies, there are other things we could  do including:

  • Adopting techniques to constrain offensive use, like the Inventors Patent Assignment with defensive use terms proposed by Twitter today. (+1 for Ben and Amac at Twitter for this)
  • Building out a robust defensive publication program. IBM wrote the book on this, maybe its time to make source code publications work the same way.
  • Developing an ongoing working prior art system available for defendants. We worked on a version of this a few years back, but the urgent beat out the important and no progress has been made since then.
  • Pooling patents with other like minded groups into safe pro-web entities with defensive protections. The pools need to be relevant to competitive threats for this to have value in my view.
  • Creating other disincentives to the offensive use of patents (similar to the MPL defensive patent provision) but relevant to larger parts of the web.

Sometime mid-year, I’d like to have a broader discussion to brainstorm further and prioritize efforts. Nonetheless, I’m pretty confident that given the changing landscape and markets, we’ll need to play in this domain more significantly one way or the other.