Message Body (4 of 6) APPEAL TO MOZILLA FOUNDATION BOARD OF DIRECTORS 1) Discriminatory Practices;
The Module Owner conducted his decision making process, and allowed the distrust discussion to proceed, in a manner contrary to the Mozilla Foundation commitment to an “Internet that includes all the peoples of the earth – where a person demographic characteristics do not determine their online access, opportunities, or quality of experience”. a) The Applicants notified Mozilla of their Root Inclusion request in December of 2017. All TLS certificates (both EV and OV) were logged to CT. The Applicants completed Webtrust certification for CA, for BRs, and for EV in October 2017, and submitted the United Arab Emirates Global Roots as well as the Applicants’ own Commercial Roots to Mozilla for inclusion. In October 2018, the Applicants completed their second year of the required WebTrust Audits for CA, BRs, and EV and provided the same to Mozilla for inclusion with their root submission. Mozilla completed a successful Policy/Process review of and technical review of the UAE Global Roots and the Applicants’ Commercial Roots in January of 2019. Notwithstanding the above, nowhere in his decision, nor in the call for distrust, did the Module Owner provide any weight on the Applicants exemplary conduct in the CA community as reflected in their WebTrust audits over the period of time leading up to the distrust discussion. In February of 2019, citing the disputed Reuters articles, the Module Owner, and Mozilla staff began the distrust of the UAE Global Roots, including the Applicants’ Commercial Roots, and implicitly put into question the right of the United Arab Emirates to operate its existing public trust subordinate CAs through a commercial party located in the United Arab Emirates. b) The distrust discussion marked a significant departure from the existing Mozilla process, in that the Module Owner had now abandoned the reliance on technical compliance and any qualification of the CA or its ability to demonstrate compliant operations. > Some, including DarkMatter representatives, have declared the need to examine > and > consider the benefits of having DarkMatter as a trusted CA. However, last > year we > changed our policy to replace the weighing of benefits and risks with “based > on the > risks of such inclusion to typical users of our products.” [1] The new standard which the Module Owner has now discriminatorily applied solely to the UAE Global Roots and the Applicants’ Commercial Roots appears to be on the hypothetical and unfounded basis of what the Applicants may allegedly do in the future. All of the facts lead would lead an objective person to conclude that the Module Owner has established a dangerous precedent that he wishes to discriminatorily apply only to the Applicants, solely on the basis of incorporation and residence in the United Arab Emirates. c) Notwithstanding the Module Owner’s comments about safeguarding the typical users of Mozilla products, and in regards to the false and unsubstantiated allegation that the Applicants have engaged in spying activities (which the Applicants have repeatedly indicated they do not do); other participants have highlighted that a number of other companies, who currently provide offensive security and surveillance related services have been enrolled in the Mozilla Root Program for a number of years. [2] Notwithstanding the Module Owner’s assertion (in his decision) that “our foremost responsibility is to protect individuals who rely on Mozilla products”, to-date the Module Owner has not contemplated or triggered a distrust discussion against any of these parties. If, in fact, this decision is truly motivated by the issue of “trust” and the protection of individuals (rather than the creation of additional barriers that preserve incumbent parties continued market domination and monopolization), we call on the Mozilla Foundation to apply the same standard that the Module Owner wishes to apply to the Applicants, and immediately start the process of distrust discussion for all CAs in the Mozilla Root Store who are either affiliated, directly, or indirectly, involved or even alleged to be in the business of offensive security and surveillance. d) Furthermore, In accordance with the Mozilla “commitment to an internet that elevates critical thinking, reasoned arguments, shared knowledge, and verifiable facts”, we are of the view that the Module Owner failed in his fiduciary responsibility to moderate the distrust discussions, and reject public assertions that magnified divisive stereotypes about the United Arab Emirates and the Applicants. The Module Owner would have, or should have known, that by remaining silent in the face of discriminatory and divisive comments about the United Arab Emirates and the Applicants, while at the same time continually highlighting the alleged and disputed Reuters’ articles without mentioning the lack of “verifiable facts”, the Applicants would be discriminatorily hampered in presenting their case for inclusion. [1] https://groups.google.com/d/msg/mozilla.dev.security.policy/nnLVNfqgz7g/TseYqDzaDAAJ [2] https://groups.google.com/d/msg/mozilla.dev.security.policy/nnLVNfqgz7g/M_Yj5vwrDQAJ Benjamin Gabriel | General Counsel & SVP Legal Tel: +971 2 417 1417 | Mob: +971 55 260 7410 benjamin.gabr...@darkmatter.ae The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
