Dear Selena, On Wednesday, 6 March 2019 02:58:19 UTC+4, Selena Deckelmann wrote: > > I think what you've quoted are accurate statements. That is, recent articles > raised questions that I, and others, felt were important to bring to this > public forum to discuss. >
While we welcome and are fully aligned with a public and transparent discussion, we continue to call for Mozilla representatives to conduct their discretionary powers in accordance with the principles of due process and fundamental fairness. We are in agreement that Mozilla is making good on its commitment when it brings these challenging discussion, and the articles of concern, to this public forum for an independent and unbiased discussion. However, with due respect, we believe that it is extremely prejudicial and biased when Mozilla representatives provide follow-up interviews - to the same misleading article - in order to simply state that this originally disputed “reporting is strong evidence”. It is very simple to see why DarkMatter has reasonable grounds for an apprehension of hidden bias in the Mozilla fiduciaries. > Wayne recently posted about our reasons for maintaining our own CA root > program [1] and quoted the Mozilla Manifesto which states that "Individuals' > security and privacy on the internet are fundamental and must not be treated > as optional." We agree with the Mozilla Manifesto unequivocally. Mozilla should note that a key reason why DarkMatter decided to launch a commercial CA business is because the citizens, residents and visitors to the United Arab Emirates currently do not have access to local providers who can provide them with the protections taken for granted in other parts of the world. We are fully committed to fundamental rights of the individual to security and privacy, and work diligently to advance those through all of our commercial efforts, services and products. While we are a young company, our commitment to security and privacy of the individual is a “verifiable fact” that should also be introduced into this public discussion. To secure and protect individuals who use mobile devices for communications, we have successfully launched KATIM® phone, a purpose built, mobile device based on four security pillars: hardened and tamper-resistant hardware, hardened OS with hardware-based crypto root of trust, KATIM™ secure communications suite and back-end infrastructure that, together form a unique ultra-secure system. [1] Contrary to the misleading narratives and articles being peddled by parties with a hidden agenda, we are fully committed to a secure and safer internet for all individuals everywhere. You will note that this has already been formally communicated in a letter to Mozilla by our CEO, and further shared in this public discussion. A good example of this commitment is the work our security researchers do, each and every day, to identify and disclose malicious applications that attack the security and privacy of individuals everywhere. In May, 2018, we identified and informed Google of a malicious application available on the Google play store.[2] In late 2018, we further made a responsible disclosure to Apple of a significant attack that “bypasses all native macOS security measures”, and further presented the full findings at Hack In the Box conference in Singapore. [3] As you can see, our commitment to the digital security of all individuals, whether in the United Arab Emirates or anywhere else in the world, is fully evident in our work and services to date. We are also extremely proud of all our colleagues in DarkMatter who continually affirm their commitment to security and privacy by the work they conduct on a daily basis. Our CA business unit, headed by Scott Rea, has worked diligently to meet every technical requirement for a CA, in accordance with the CABForum Baseline Requirements and EV Guidelines. This Mozilla inclusion public discussion has also allowed us to showcase our timely and expedient response when issues are identified. A good example is our lead, in how we responded in a timely manner to the concerns raised, by certain list members, with regard to entropy non-compliance of our serial numbers on the EJBCA platform. As a result, other CA’s are now alerted to the same issue that impact them – case in example being Google, who has subsequently declared their own entropy non-compliance and is now in the process of replacing and revoking certificates with 63 bit entropy serial numbers globally.[4] Again, we look forward to meeting the Mozilla representatives, and other CABForum members, at the CABForum’s F2F, and following up on any further clarifications Mozilla may need for a more public and transparent discussion. Benjamin Gabriel General Counsel, DarkMatter Group. [1] https://www.darkmatter.ae/KATIM/ [2] https://www.darkmatter.ae/blogs/darkmatter-identifies-app-stealing-personal-information/ [3] https://www.forbes.com/sites/thomasbrewster/2018/08/30/apple-mac-loophole-breached-in-middle-east-hacks/#7791c17a6fd6 [4] https://bugzilla.mozilla.org/show_bug.cgi?id=1532842 Benjamin Gabriel | General Counsel & SVP Legal Tel: +971 2 417 1417 | Mob: +971 55 260 7410 benjamin.gabr...@darkmatter.ae The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
