Microsoft acquisition of Netscape/AOL patents

As reported in the news this week, Microsoft acquired some 800 patents from AOL for a billion dollars. A few people have asked what this means for Mozilla. At present, I don’t believe that the acquisition poses an immediate danger to Mozilla.

There are many possible motivations for the acquisition including reducing exposure, preventing others from obtaining the patents, increasing your portfolio size and quality, using them for cross-licensing, or even patent license programs. We’ll never know for sure, but viewing this acquisition in the broader context of the patent battle playing out across the tech sector, it makes sense for strategic reasons.

Certainly Google, Apple, and Microsoft are key competitors in this battle, and Google recently increased its portfolio size dramatically with the acquisition of 17,000 Motorola patents. Other players hold thousands of patents as well, topped out by IBM with 6,000+ new US patents in 2011 alone. Obtaining a huge chunk of patents and licenses in one move, saving time along the way, makes sense for broader reasons, and in this context it is hard to imagine it’s driven by anything related to Mozilla. Frankly, there are easier ways to influence the market without near the attention or the cost.

In this particular case, it would seem that the exposure is even lower because portions of the Mozilla code base are already licensed under some set of these patents. Early code contributions from Netscape to the Mozilla project came with patent licenses from Netscape/AOL via the Mozilla Public License. These licenses are still in play. For example, the first granted Netscape patent was for HTTPS as I recall. To the extent this is implemented in the Firefox browser or Thunderbird code bases by Netscape/AOL (and subsequently the Mozilla code base) patent grants would flow with the code under the MPL. The express MPL patent grant, which didn’t exist in other open source license at the time, finally sees its day.

Overall, while this acquisition is certainly surreal for many Mozilla folks that worked at Netscape including those who are inventors for some of the patents, I don’t view this as a threatening move in and of itself. Patent holders like Microsoft and Google are generally considered more predictable, subject to market and ecosystem pressures, and more often than not, targets of patent litigation themselves. That being said, Yahoo did sue Facebook, so conventional wisdom may no longer apply these days.

I believe the real threat is what ultimately happens with the patents. If Microsoft maintains ownership of the patents, on the margins, it is better than having them sold off piecemeal to non-practicing entities, often called IP trolls. If they end up in the wild, it’s not a good thing. We will need to watch this carefully.

It would be great to see Microsoft express its intentions in this regard or put some protections around the portfolio if it transfers the patents. This could alleviate many of the concerns raised by the transaction.

Comments supporting DMCA jailbreaking exemption

Every three years the US Copyright office, examines whether it will renew certain exemptions to the DMCA. In 2009 we submitted arguments supporting the EFF’s petition for the exemption of  jailbreaking from the DMCA. The Copyright office granted the exemption in 2010 which now expires at the end of 2012.

Although it seems a bit silly to have to do this every three years, we’re going to again file a brief supporting the exemption for jailbreaking, also known as “rooting.” EFF has more information here on the arguments and the process.

Based on feedback from developers around the Mozilla project, the brief will contend that rooting is important because it’s necessary to achieve competitive application performance on Android mobile platforms, to effectively debug applications, and for regression testing.  In addition, it’s even more critical now as mobile devices surpass desktop, and Internet access increasingly comes from mobile platforms.

We plan to file our comments on Friday afternoon. If you have ideas or thoughts that could be incorporated in the brief, please let us know. Alternatively, you can file your own comments, or if your flavor is petitions go here.

SOPA – the Stop Online Piracy Act – Is It Really Dangerous?

Recently, the Stop Online Piracy Act, 112 HR 3261 (SOPA) was introduced as a bill in the US House of Representatives. This is the House companion to the Senate Protect-IP Act that drew considerable opposition from the tech and First Amendment quarters, so many of the issues remain same. The intent of SOPA is to help combat online piracy. This is a laudable goal; however, the unintended consequences are scary for intermediaries, websites with user generated content, DNS providers, and those of us who rely on the Internet as a vibrant and rich communications network.

SOPA grants IP claimants a lot more power than they currently have to remove allegedly infringing content and expands the scope of people who may be liable by giving:

  • the Attorney General the power to compel companies that maintain DNS look-ups to change the tables, also known as domain name filtering. See analysis by Larry Downes.

The problem is that these are powerful remedies made available based upon unproven assertions and little due process. Imagine you’re a website operator, under SOPA you can get your Paypal payment processing services cut-off merely because someone claimed there’s infringing content or apps on your site. Faced with that choice, it’s an easy decision, remove the content early and often just to be safe.

IP rights are certainly important and need to be respected on the Internet, and there is a very real piracy problem, but SOPA threatens an essential attribute of the Internet – its ability to easily share information without friction and permissions. This doesn’t mean that the Internet should be a lawless expanse void of law or consequences either. The challenge is that SOPA exposes intermediaries to undue financial and legal liability for content in a way that will undoubtedly chill the free flow of content and ideas embodied in both software and media. In addition, the language in the bill is ambiguous leaving it open to abuse by plaintiffs who have already demonstrated aggressive interpretations of the existing DMCA framework. This is why there is so much concern that SOPA represents a real and dangerous threat to the Internet.

Some describe this debate in polemic terms, as Hollywood vs. the Internet, where the Internet slowly becomes managed by dominant media interests. Others have focused on the deleterious impact on human rights. Perhaps Masterswitch writer Tim Wu would see this as part of a larger pattern of how open information ecosystems become closed over time. US House Representative Zoe Lofgren, representing voters in Silicon Valley, warns that this “would mean the end of the Internet as we know it.” It could also just be bad legislation.

If SOPA becomes law, few think it will actually solve the problem. For example, it seems clear that blocking domains is not an effective means to combat piracy because domains can be redirected so easily. A while back Homeland Security asked Mozilla to take-down an add-on without a court order or a finding of liability. Under a SOPA regime, it appears the same incident would allow the putative plaintiffs to petition the Attorney General to issue an injunction compelling take-down based only on a specious claim of contributory infringement. Oddly SOPA makes one really appreciate the DMCA.

Many in the tech and policy communities are organizing to oppose SOPA. What’s most important is that Congress hears from everyone on this, whatever their view.  Plus it’s Tuesday November 8th -voting day- so let your voice be heard. If you want to let Congress know that you oppose the legislation EFF and Public Knowledge have sites set up to easily send your message to Congress.

Additional links to the bill and other commentary can be found below.

Read more of this post

Homeland Security Request to Take Down MafiaaFire Add-on

From time to time, we receive government requests for information, usually market information and occasionally subpoenas. Recently the US Department of Homeland Security contacted Mozilla and requested that we remove the MafiaaFire add-on.  The ICE Homeland Security Investigations unit alleged that the add-on circumvented a seizure order DHS had obtained against a number of domain names.   Mafiaafire, like several other similar  add-ons already available through AMO, redirects the user from one domain name to another similar to a mail forwarding service.  In this case, Mafiaafire redirects traffic from seized domains to other domains. Here the seized domain names allegedly were used to stream content protected by copyrights of  professional sports franchises and other media concerns.

Our approach is to comply with valid court orders, warrants, and legal mandates, but in this case there was no such court order.  Thus, to evaluate Homeland Security’s request, we asked them several questions similar to those below to understand the legal justification:

  • Have any courts determined that the Mafiaafire add-on is unlawful or illegal in any way? If so, on what basis? (Please provide any relevant rulings)
  • Is Mozilla legally obligated to disable the add-on or is this request based on other reasons? If other reasons, can you please specify.
  • Can you please provide a copy of the relevant seizure order upon which your request to Mozilla to take down the Mafiaafire  add-on is based?

To date we’ve received no response from Homeland Security nor any court order.

One of the fundamental issues here is under what conditions do intermediaries accede to government requests that have a censorship effect and which may threaten the open Internet. Others have commented on these practices already.  In this case, the underlying justification arises from content holders legitimate desire to combat piracy.  The problem stems from the use of these government powers in service of private content holders when it can have unintended and harmful consequences.  Longterm, the challenge is to find better mechanisms that provide both real due process and transparency without infringing upon developer and user freedoms traditionally associated with the Internet.  More to come.

Marching Along – Privacy Forward

A bunch of folks, including Alex Fowler, Sid Stamm, and Mike Hanson to mention only a few, did some nice work developing Mozilla’s comments on the FTC’s  proposed privacy framework.  More details, including the comments, are available on the blog.

I’m still reading through some of the responses, and it’s really interesting seeing the diverse perspectives. Some saying the creation of a comprehensive US privacy framework will stifle innovation, leading to economic collapse and ruin, others suggesting the FTC hasn’t gone far enough.  (+1 to an open government process with a robust debate and competing ideas)

One theme that seems to pervade the narrative unfortunately is the notion that doing right by the user from a privacy perspective is somehow hostile to innovation and business.  This is a false paradigm. (We saw the same themes in the net-neutrality debate, but that’s a different story.)  Innovating in services, managing information while being user centric and respectful aren’t competing values in my view.  What’s right for the user doesn’t mean being hostile (or captive) to commercial motivations, nor should it mean rolling over to the great data slurp in the cloud.

As Eben Moglen recently reminded us, the web is young – some 7,000+ days young.  Thus, there’s so much more to come, and we can’t drive by looking in the rear view mirror.  So when I look forward, and see some of the ideas kicking around that give users both the benefits and control of their information in a “privacy forward” way, within and outside the Mozilla community,  I see lots of opportunity and innovation.

This is pretty exciting, and on a good day, I feel lucky to observe and participate.

Recent Changes in US Crypto Export Rules

On January 7, 2011, the US Government published a final export rule that relaxed export rules on publically available encryption code. Previously, mass market, encryption object code software was subject to US export controls. Under the new rule, issued by the Bureau of Industry and Security (BIS), publicly available, mass market, encryption object code software with a symmetric key length greater than 64-bits is no longer subject to the export control rules. Although the change will not have a limited direct impact on Mozilla because our code already falls under the TSU source code exception, the change is good because it simplifies and reduces the number of rules that might restrict distribution of publicly available, mass market, encryption object code software outside the US.

BIS reasoned that because there are no regulatory restrictions on making such software publicly available, and because, once it is publicly available, by definition it is available for download by any end user without restriction, removing it from the jurisdiction of the Export Administration Regulations (EAR) will have no effect on export control policy. Such policy is merely clarified and confirmed by this final rule.

This rule change follows the guidance of government and export law attorneys like Dan Minutillo (he also represents Mozilla) who argued in a recent California International Law Journal article that the Government should remove publicly available encryption code from the scope of items subject to the EAR based on the interpretation of a September 11, 2009 Advisory Opinion by the Director of Information Technology Controls Division, Office of National Security and Technology Transfer Controls, US  Government.  It seems this 2009 Advisory Opinion can be interpreted to relate directly to a Voluntary Self Disclosure filed by Minutillo on behalf of Mozilla regarding the exchange of code that resulted in a “No Violation Letter” from the US government in Mozilla’s favor.

Read more of this post

New FTC Privacy Proposal

Today the Federal Trade Commission released a proposal describing a new framework for protecting consumer privacy in both online and offline environments. The report reflects the new challenges users, publishers, service providers, and advertisers face in today’s digital environment and incorporates feedback from public roundtables conducted over the past year.  The report acknowledges the shortcomings of the current “notice and consent” framework, but doesn’t abandon it completely, rather it seeks to implement it in a way that makes more sense for users.

While we’ll need more time to digest and evaluate the details, we’re encouraged by what we’ve seen so far.  In particular, the FTC has proposed a set of principles that align well with the Mozilla manifesto and our approach to software development including:

  • privacy by design;
  • transparency;
  • user choice; and
  • no surprises.

Of course the devil is often in the details, but the first principles seem right.  The FTC should also be commended for continuing its efforts to seek a comprehensive proposal rather than focusing only on one aspect of the issue.

The Commission has also shown that it understands the complexity and nuance of many of the issues, for example, the blending distinction between PII and non-PII, and the contextual nature of privacy issues.  To that end, the Commission has articulated a robust set of questions on which it is seeking further public feedback.  Comments on the proposal are due on January 13, 2011.

Over the next month, we’ll examine the questions and proposal in more detail and take advantage of this opportunity to share our experience, concerns, and views on the proposed framework.

If you have thoughts about the proposal let us know.