Protect Firefox Browser From the U.S. Government, Says Mozilla Exec

By | January 22, 2014

FirefoxAmong the issues
that President Obama did not address in his
lukewarm call
for “reform” of NSA spying practices are
allegations that U.S. government officials have used their clout to

compromise encryption technology and strongarm companies
into
inserting backdoors into their technology. That’s not a small
issue, because it gives the NSA and other agencies access to vast
quantities of information at least as sensitive as what they gather
from sucking up phone meta data. Last week, even before the
president’s speech, Brendan
Eich
, the Chief Technology Officer of Mozilla, the organization
behind the Firefox Web browser, called on the public to help resist
such threats.

Wrote Eich in a blog
post
:

As a result of laws in the US and elsewhere, prudent users must
interact with Internet services knowing that despite how much any
cloud-service company wants to protect privacy, at the end of the
day most big companies must comply with the law. The government can
legally access user data in ways that might violate the privacy
expectations of law-abiding users. Worse, the government may force
service operators to enable surveillance (something that seems to
have happened in the
Lavabit case
).

Worst of all, the government can do all of this without users
ever finding out about it, due to gag orders.

This creates a significant predicament for privacy and security
on the Open Web. Every major browser today is distributed
by an organization within reach of surveillance laws
. As
the Lavabit case suggests, the government may request that browser
vendors secretly inject surveillance code into the browsers they
distribute to users. We have no information that any browser vendor
has ever received such a directive. However, if that were to
happen, the public would likely not find out due to gag orders.

The unfortunate consequence is that software vendors —
including browser vendors — must not be blindly trusted
.
Not because such vendors don’t want to protect user privacy.
Rather, because a law might force vendors to secretly violate their
own principles and do things they don’t want to do.

His proposed solution? Since Mozilla and its products are all
open source, he wants tech savvy users around the world to:

  • regularly audit Mozilla source and verified builds by all
    effective means;
  • establish automated systems to verify official Mozilla builds
    from source; and
  • raise an alert if the verified bits differ from official
    bits.

That way, no matter what Mozilla is ordered to do by a
government body, and forbidden to reveal, any compromises stand a
good chance of being discovered. Even attempting them might
deterred.

Talk about watching the watchers.

Eich is right—open source does have an inherent advantage over
proprietary technology because it’s open to public scrutiny. It
stands to grow in importance for just that reason.

Category: Liberty
Feed

About Feed

When we find noteworthy articles from elsewhere on the Internet we make a concerted effort to get those articles in front of you. But be sure to go to the source to read more...

Leave a Reply

Your email address will not be published. Required fields are marked *