Message Body (6 of 6) APPEAL TO MOZILLA FOUNDATION BOARD OF DIRECTORS 1) Violation of Anti-Trust Laws:
The Module Owner’s discretionary decision, when taken into context with the comments of other Mozilla Peers employed by other Browsers and/or competing Certificate Authorities, are intended to result in the types of unfair competition that are prohibited under the United States Sherman Act, the United States Federal Trade Commission Act, the Canadian Competition Act, the European Union Anti-Trust Policies, and the United Arab Emirates Competition Laws. a) Notwithstanding to the assertions for a decision “made on a collective assessment of all the information at hand”, the Module Owner, and Mozilla staff, have blatantly ignored, or failed to acknowledge and consider, the impact of anti-competitive comments made by Mr. Ryan Sleevi, a Google employee, with regard to the Applicants’ Root Inclusion request. > “I highlight this, because given the inherently global nature of the > Internet, there is no technical > need to work with local CAs, and, with a well-run root store, all CAs provide > an equivalent level > of protection and security, which rests in the domain authorization." [1] The above statement is quite startling in that it is being made by a representative of a dominant market power as an argument against the inclusion of a new economic participant’s entry into the global CA market place. In light of the fact that representative has tried to justify a technical non-compliance to support revocation of the Applicants’ Root Inclusion (note that significantly higher number of users were at risk due to the same serial entropy violations of his own employer Google) [2], and considering that this representative was a key player in the demonstration of dominant Browser market power against a significant CA global business [3], the Applicants have a reasonable basis to believe that the distrust discussion are more likely to be motivated by economic considerations that preserve incumbent parties market domination and monopolization. b) Additionally, the Module Owner, and Mozilla staff, have blatantly ignored, or failed to acknowledge and consider, the Applicants’ response to the Google Representative in their decision-making process. The General Counsel of DarkMatter asserted unambiguously in the public discussion as follows: We are of the view that CA monopolies are inherently bad for the internet in that they unfairly exploit market power. The result is a fundamental right to Internet security and privacy being deliberately priced out of reach for a significant population of the world. We ask you, what can be more of an anti-competitive monopoly than a "well run store" (read Google/Mozilla) that does not take into consideration that sovereign nations have the fundamental right to provide digital services to their own citizens, utilizing their own national root, without being held hostage by a provider situated in another nation.” [4] The above discussions are highly relevant to the decision-making process, considering that the Module Owner is aware of the significant economic investment the Applicants have made in progressing the Root inclusion requests over the past two years. In fact, the Applicants have received further communications from other relevant Browser Stores indicating that their respective decision to permit the Applicants to participate in the global CA business ecosystem will be based and influenced by the Mozilla Module Owner’s highly subjective discretionary decision. The entire global internet traffic is controlled by four (4) Browser Root Stores (Mozilla, Microsoft, Google and Apple). As Reuters pointed out in its July 4 story, three (3) of those Browser Stores will likely adopt and enforce this decision by Mozilla. In light of this, the Module Owner would be, or should be, aware of the significant economic harm of a decision based on less than verifiable “credible evidence”. c) Notwithstanding the above highly relevant elements of the public discussion, the Module Owner has now made a significant decision (on less than verifiable “credible evidence”) which we believe is intended to unfairly affect commerce in the global CA ecosystem through the use of the coercive influence he wields on the Applicants as a result of his discretionary decision making power. While rejecting the right of the Applicants to participate directly within the Mozilla Root Store, and by extension setting the stage for an outright denial of the Applicants’ inclusions in any other browser store, the Module Owner has decided as follows: > Mozilla does welcome DigitalTrust as a “managed” subordinate CA under the > oversight of an existing trusted CA that retains control of domain validation > and > the private keys. [5] We are of the view that a fair-minded and objective observer would reasonably conclude that the above statement indicates that the Module Owner’s decision is simply an attempt to place a trade restraint on the Applicant’s competitive global CA business. Furthermore, we are of the view that assertion that Digital Trust would be welcome into the Mozilla Root Store so long as its commercial interests were subordinated in favour of another CA competitor / Browser store would constitute the type of “monopolization, attempted monopolization, or conspiracy or combination to monopolize” that is prohibited by global anti-trust legislation. The Module Owner’s action to apply this subjective process selectively to Digital Trust effectively amounts to incremental tariffs on the internet of the United Arab Emirates with Mozilla de-facto promoting anti-competitive behavior in what was once a vaunted open Trust community. In conclusion we wish to reiterate to the members of the Mozilla Foundation Board of Directors that the Module Owner has wrongly decided this issue for the reasons enumerated above. We call on the Mozilla Foundation Board of Directors to (1) immediately halt the distrust process initiated by the Module Owner and (2) reverse this decision, or review the Root Inclusion request “de novo” on the basis of standard that is applicable to all other CA’s in the Mozilla Root Store CA’s in a non-discriminatory and anti-competitive manner. We continue to assert our agreement, and alignment, with all of the principles stated in the Mozilla Manifesto unequivocally. We have repeatedly made it clear that a key reason why we decided to launch a commercial CA business is because the citizens, residents and visitors to the United Arab Emirates currently do not have access to trusted local providers who can provide them with the protections taken for granted in other parts of the world. We continue to extend our invitation to the Mozilla organization to visit us in the United Arab Emirates so that they can have first-hand “credible” information on the work that we conduct each and every day. Sincerely [1] https://groups.google.com/d/msg/mozilla.dev.security.policy/nnLVNfqgz7g/FwUZDOHlBwAJ [2] https://www.thesslstore.com/blog/mass-revocation-millions-of-certificates-revoked-by-apple-google-godaddy/ [3] https://www.thesslstore.com/blog/remove-trust-in-existing-symantec-ssl-certificates/ [4] https://groups.google.com/d/msg/mozilla.dev.security.policy/nnLVNfqgz7g/QAj8vTobCAAJ [5] https://groups.google.com/d/msg/mozilla.dev.security.policy/nnLVNfqgz7g/TseYqDzaDAAJ Benjamin Gabriel | General Counsel & SVP Legal Tel: +971 2 417 1417 | Mob: +971 55 260 7410 benjamin.gabr...@darkmatter.ae The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
