Microsoft acquisition of Netscape/AOL patents

As reported in the news this week, Microsoft acquired some 800 patents from AOL for a billion dollars. A few people have asked what this means for Mozilla. At present, I don’t believe that the acquisition poses an immediate danger to Mozilla.

There are many possible motivations for the acquisition including reducing exposure, preventing others from obtaining the patents, increasing your portfolio size and quality, using them for cross-licensing, or even patent license programs. We’ll never know for sure, but viewing this acquisition in the broader context of the patent battle playing out across the tech sector, it makes sense for strategic reasons.

Certainly Google, Apple, and Microsoft are key competitors in this battle, and Google recently increased its portfolio size dramatically with the acquisition of 17,000 Motorola patents. Other players hold thousands of patents as well, topped out by IBM with 6,000+ new US patents in 2011 alone. Obtaining a huge chunk of patents and licenses in one move, saving time along the way, makes sense for broader reasons, and in this context it is hard to imagine it’s driven by anything related to Mozilla. Frankly, there are easier ways to influence the market without near the attention or the cost.

In this particular case, it would seem that the exposure is even lower because portions of the Mozilla code base are already licensed under some set of these patents. Early code contributions from Netscape to the Mozilla project came with patent licenses from Netscape/AOL via the Mozilla Public License. These licenses are still in play. For example, the first granted Netscape patent was for HTTPS as I recall. To the extent this is implemented in the Firefox browser or Thunderbird code bases by Netscape/AOL (and subsequently the Mozilla code base) patent grants would flow with the code under the MPL. The express MPL patent grant, which didn’t exist in other open source license at the time, finally sees its day.

Overall, while this acquisition is certainly surreal for many Mozilla folks that worked at Netscape including those who are inventors for some of the patents, I don’t view this as a threatening move in and of itself. Patent holders like Microsoft and Google are generally considered more predictable, subject to market and ecosystem pressures, and more often than not, targets of patent litigation themselves. That being said, Yahoo did sue Facebook, so conventional wisdom may no longer apply these days.

I believe the real threat is what ultimately happens with the patents. If Microsoft maintains ownership of the patents, on the margins, it is better than having them sold off piecemeal to non-practicing entities, often called IP trolls. If they end up in the wild, it’s not a good thing. We will need to watch this carefully.

It would be great to see Microsoft express its intentions in this regard or put some protections around the portfolio if it transfers the patents. This could alleviate many of the concerns raised by the transaction.

Privacy is Brewing

People think about Mozilla mostly in the context of our major product, Firefox, but we’ve got lots of activities, both related to Firefox and beyond, that touch on issues of user control and privacy.

It’s an incredibly active area right now across the industry, and we’re finding ourselves more involved, so I wanted to start writing about these issues as they develop.  What’s below is a bit of an effort to divine some meaning from what on its face, looks like a series of unrelated events; however, in aggregate, they suggest a bigger story is unfolding which is that users’ expectations about their ability to control their online information, at least for a growing segment,  are not being satisfied.

In the last few months alone, Google Buzz and Facebook privacy practices have made the news more than once, resulting in inquires or complaints in both the EU and the US. The US Federal Trade Commission announced it is planning to create new guidelines for online privacy, and just last week, new online privacy draft legislation was introduced in Congress. (See Boucher bill is here) The US Department of Commerce has started an initiative to explore privacy and innovation, including a notice seeking public comments.  Similarly, the EU Article 29 Data Protection scheme continues to evolve as the Working Party adopted its new Work Programme for 2010-2011 with a goal to “address challenges linked to new technological development” In this same period, there have been countless news stories, all of which say they are about “privacy” but -if you read them carefully- mainly appear to be about sharing and user control.

As the New York Times reported recently:

“Consumer groups have been fighting what they see as the prevalence of online tracking, companies like Google and Yahoo have adjusted their own privacy policies in response to consumer concern, and industry groups recently put forth self-governing principles while arguing that free Internet content depended on sophisticated advertising methods.”

Among many privacy thinkers (at least in the US) there is a view that the current “notice and consent” framework doesn’t work very well.  Jonathan Zittrain has written much about this already, as well as many others. The online privacy environment is more complex than ever before in part because of:

  • new ways to share, track, and analyze information (and accompanying new questions about the definition of “user information”);
  • users who want to connect and share (Facebook didn’t get 400M users accidentally); and
  • an increasing expectation that users, when they do intend to share, also expect some reasonable control of their information and information about them.

It’s unclear whether the critique of notice and consent is driven by the framework itself, the way it has been implemented (i.e. privacy policies tucked away in the footers), or because of the inherent generative nature of the web. It’s really hard to tell whether the idea is fundamentally bad when the implementation doesn’t work that well.

One alternative framework under discussion contemplates a model with few restrictions on what is collected, but significant and enumerated limits on how the collected information may be used. Others have observed that current models are insufficient because they don’t reflect the changing context of the transaction – meaning privacy norms and expectations change depending on what you’re doing.  Helen Nissenbaum suggests a construct called contextual integrity that “ties adequate protection for privacy to norms of specific context.” The concept is developed more fully in her book, Privacy in Context: Technology, Policy and the Integrity of Social Life, which is worth the read.

Recently, we’ve also had the opportunity to share our experiences with some people in policy circles. These have included the FTC, congressional staffers,  and the Commerce Department. The discussions have helped me better understand the landscape, and provided a chance to share how our products are designed to help users manage their interactions on the web and control the information that they share.

In future posts, I’ll try to provide a summary of some of the activities here at Mozilla in this area.  In the interim, we’ll continue tracking and looking for ways to improve what we do.