Message Body (1 of 6) APPEAL TO MOZILLA FOUNDATION BOARD OF DIRECTORS Mozilla Foundation Board of Directors Attention: Mitchell Baker, Executive Chairwoman
Mozilla Corporation Attention: Chris Beard, CEO Attention: Denelle Dixon-Thayer, General Counsel July 16, 2019 Mozilla CA Certificate Policy Module: Appeal of the Module Owner Decision Dated July 9, 2019 Dear Sirs/Mesdames In accordance with the Mozilla organization’s dispute resolution mechanism [1], I am writing to the Mozilla Foundation Board of Directors and the Mozilla Corporation, to formally dispute the decision of Mr. Wayne Thayer (“Module Owner”), the current owner of the Mozilla CA Certificate Policy module (“Mozilla CA Module”), dated July 9, 2019 (and concurred to by Ms. Kathleen Wilson on July 16, 2019), with regard to the Mozilla Root Store inclusion request for both the United Arab Emirates Global Roots and the Digital Trust Commercial Roots (“Root Inclusion”) originally made by Dark Matter LLC (“DarkMatter”) and currently being progressed by its affiliate Digital Trust LLC (“Digital Trust”, and together with DarkMatter, the “Applicants”). In the conduct of his discretionary decision, the Module Owner recommended (1) a rejection of the Applicant’s Root Inclusions, (2) a prohibition of any new additional Root Inclusion requests from Digital Trust, and (3) opened a bug request for an additional distrust of existing intermediate CA certificates created for public trust within the UAE national PKI. [2] The Module Owner’s discretionary decision is disputed, and an appeal to the Mozilla Foundation Board of Directors is lodged, on the grounds of (1) Undisclosed Conflict of Interest, (2) Procedural Fairness/Bias, (3) Abuse of Discretionary Power, (4) Discriminatory Practices, (5) Erroneous Legal Conclusions, and (6) Violation of Global Anti-Trust Laws, as more fully detailed below: (1) Conflict of Interest: The Module Owner failed to recognize, or blatantly ignored, undisclosed Conflict of Interests posed by certain participants (including Mozilla Staff) who represent for-profit corporations with a significant (including, but not limited, to global market dominance and monopolization power) economic interest in the outcome of the Applicant’s Root Inclusion, and the distorting impact of such Conflict of Interests on the Module Owner’s discretionary decision. a) The Mozilla Corporation is a wholly-owned for-profit subsidiary of the Mozilla Foundation. The for-profit Mozilla Corporation provides internet based browser software and other related services. Access to the entire global internet traffic is controlled by four (4) Browser Root Stores (Mozilla Corporation, Google, Microsoft and Apple). Two of these commercial Browser Root Stores are the most significant search engine providers on the internet, and therefore have a substantial economic interest in the global Certificate Authority business (including in the United Arab Emirates). Approximately 93% to 94% of Mozilla Corporation’s revenues are derived from such search engine providers. [3] b) The Module Owner is employed by the for-profit Mozilla Corporation as a Certificate Authority Program manager. Key Mozilla staff who are involved in framing the negative media feedback about the Root Inclusion are also employed by the for-profit Mozilla Corporation. [4] Key CA/Policy participants in the Mozilla CA Module are also employed by other commercial Certificate Authorities/or Browser Stores which have a significant economic stake in the Root Inclusion decision [5]. c) In light of the above, the Module Owner had a responsibility to ensure that any Conflict of Interests by any participants in the Root Inclusion discussions are clarified for the record so that undisclosed interests (including economic market domination and monopolization of the global Certificate Authority business ecosystem) which may distort the Module Owner’s decision making process are publicly disclosed for interested media, the general public, and global trade/competition regulators. d) The Applicants have repeatedly brought their concerns with Conflict of Interests to the attention of the Module Owner. > “While we welcome the public discussion as a vital component in the > maintenance of trust and > transparency in Mozilla’s Root Store, we wish to bring to your attention, and > to other esteemed > CABForum members, DarkMatter’s reasonable apprehension of bias and conflict > of interest in how > the Mozilla organization has framed and conducted the discussion at hand. > Notwithstanding the stated > goal of transparency in the public discussion, recent public comments by > Mozilla employees > (including your opening statement in the discussion), indicate a hidden > organizational animus that is fatal > to the idea of “due process” and “fundamental fairness” being accorded to any > CA applicant to > the Mozilla Root Store. [6] The Applicants explicitly articulated concern has been noted by various participants, and has even been noted in the media. [7] However, the Module Owner has chosen to ignore this explicitly articulated concern of the Applicants, including his own role in the controversy, in his discretionary decision. We believe that the Module Owner’s failure to recognize these Conflicts of Interests, even in his own discretionary decision, has distorted his decision making process, and generated discriminatory consequences (to be discussed below) that undermine a key Mozilla Foundation commitment, namely, that “The Internet is a global public resource that must remain open and accessible”. [8] [1] https://www.mozilla.org/en-US/about/governance/roles/ and also https://wiki.mozilla.org/CA:Dispute_resolution [2] https://groups.google.com/d/msg/mozilla.dev.security.policy/nnLVNfqgz7g/TseYqDzaDAAJ [3] https://assets.mozilla.net/annualreport/2017/mozilla-fdn-2017-fs-short-form-final-0927.pdf [4] https://www-archive.mozilla.org/reorganization/#q13 [5] https://wiki.mozilla.org/CA/Policy_Participants [6] https://groups.google.com/d/msg/mozilla.dev.security.policy/nnLVNfqgz7g/VZf8xR-hAgAJ [7] https://www.thesslstore.com/blog/should-the-tech-industry-be-the-arbiters-of-morality/ [8] https://www.mozilla.org/en-US/about/manifesto/ Benjamin Gabriel | General Counsel & SVP Legal Tel: +971 2 417 1417 | Mob: +971 55 260 7410 [email protected] The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
