Archive for January, 2012

Congress is considering the most talked-about copyright legislation in a decade, known as Protect IP (PIPA) in the Senate and Stop Online Piracy (SOPA) in the House. Today, Mozilla announced that we’ll join with other sites in a virtual strike to protest PIPA/SOPA.

SOPA makes all of us potential criminals if we don’t become the enforcement arm of a new government regulatory and policing structure. SOPA does not target websites serving up unauthorized content. SOPA does not target people accessing those websites. SOPA targets all the rest of us. These costs are significant, wide-ranging and long lasting. To understand more clearly what SOPA does and the range of consequences, it’s helpful to use an analogy from the physical world where we all have many years of experience.

Assume there’s a corner store in your neighborhood that rents movies. But the movie industry believes that some or even all of the videos in that store are unauthorized copies, so that they’re not being paid when people watch their movies. What should be done?

SOPA/PIPA don’t aim at the people trying to get to the store. SOPA/ PIPA don’t penalize or regulate the store itself. SOPA and PIPA penalize us if we don’t block the people trying to get to the store.

The solution under the proposed bills is to make it as difficult as possible to find or interact with the store. Maps showing the location of the store must be changed to hide it(1). The road to the store must be blocked off so that it’s difficult to physically get to there(2). Directory services must unlist the store’s phone number and address(3). Credit card companies(4) would have to cease providing services to the store. Local newspapers would no longer be allowed to place ads for the video store(5). And to make sure it all happens, any person or organization who doesn’t do this is subject to penalties(6). Even publishing a newsletter that tells people where the store is would be prohibited by this legislation(7).

This is what SOPA and PIPA would impose in the online world. It’s very different than targeting the owner of the video store directly. The obligations to make websites hard to find apply to all citizens and businesses. Each one of us is subject to punishment and fines if we don’t follow these prohibitions. And, because SOPA/PIPA create a new regulatory structure, we become subject to punishment without the due process protections citizens normally enjoy.

Supporters say they are only targeting foreign websites outside US jurisdiction. However the burden of compliance that falls on all of us is not any less because the website servers are elsewhere. And in any case, many US companies with be affected through their locally-identified sites (for example, amazon.co.uk.)

Despite their over-reaching nature, PIPA and SOPA may not even be effective at stopping online piracy. People can still enter the actual Internet Protocol address of a blocked domain name. Sites can register new domain names. Continuously sanitizing the Internet of any mention or link to bad sites is a like the infamous game of “whack-a-mole.”

SOPA and PIPA are dangerous.  So, what to do?

Legislatively:

• Reject SOPA / PIPA soundly.
• Congress must not adopt the SOPA position of protecting content AT ALL COSTS. Congress must represent all of us.
• Focus specifically on the holes in today’s enforcement tools. Why are thePirateBay.ORG or MegaUpload.COM still operating? Why aren’t they part of the definition of “foreign site” in SOPA/PIPA?
• Be very, very cautious about creating new liability because we’re unwilling to punish the people accessing unauthorized content

Philosophically:
Over time, developments in two areas are likely to make this issue recede dramatically. One will be the development of new business models that embrace technology, and consumer expectations of universal access. The second will be new technology that makes it easier for content owners to limit access. Content owners can decide if they want unlimited audiences and alternative revenue sources, of if they want potentially limited audiences and a pay-for-view revenue model. Today we are fighting over what to do in the meantime. The content industry has convinced many that “something must be done.” Even if one agrees with this (which many do not), one thing is clear.

Protecting content at all costs is a disaster.

Our Internet experiences involve more and more data about us. Some of this data we create ourselves.  Sometimes our friends and acquaintances create it, and sometimes the services we use create data about us. On one hand this enables all sorts of exciting new applications. On the other hand, there are some very disconcerting aspects to the explosion of personal data. The ability of big data and cloud service providers to monitor, log, store, use, correlate and sell information about who we are and what we do has huge implications for society and for individuals.

Right now there’s no convenient way for me to share information about myself and maintain control over that information. I share information about myself by putting it someplace where someone else makes all the rules. That “someone else” is the application. Most people think of Facebook or Google, but this issue is much bigger than either of them.  This is an issue of the architecture of user data today, and applies across the Internet. Think of the big recommendation / review sites, or any other application you spend a lot of time living in. Think of any social network you’ve identified connections in. The only convenient way for us to have a “home” at one of these sites is to contribute our data and have whatever control the application developer chooses to give us.

These issues have big implications for Mozilla.

First, it means we should do some new things in the user data space. To really help people with the way we use and share data today, Mozilla will also need to offer people the choice of storing data in the cloud in a way that allows services to access it with your permission.  This will be a new thing for Mozilla. It will involve new challenges.  It’s important that we take these on and address them well. If we develop an offering that handles user data in the cloud properly we will help ensure choice and user sovereignty in new areas of online life. Each of us should have a meaningful choice about where and how our data is stored and managed. No other organization have both the ability to do something totally focused on user sovereignty rather than financial profit, and the ability to have wide impact. A Mozilla presence in the cloud will allow us to to fulfill our mission in important new areas of online life.

Second, this means our approach to handling user data must be different from the industry norm. It must put you at the center, array your data around you, and let you deliver that data to any app you want, on the terms you want. It should store user data when there is a measurable benefit to the user, rather than gathering everything in the hopes that data mining will provide value to someone else. It should allow people to determine if their data is available to others. The principle of user sovereignty will affect the way we design every aspect of our offerings.  Mozilla offerings must embody the values of the Mozilla Manifesto and our privacy principles.

My colleague Ben Adida (tech lead for identity and user data and one of our resident cryptographers) has written a piece describing our thinking on how to build such products.

Mozilla is so much more than Firefox.  Mozilla is an idea, a mission, implemented through products, the market and people.  This video does a nice job of explaining how all this fits together.

We’re starting off 2012 by releasing MPL 2.0, the updated version of the Mozilla Public License.  Here are the details about MPL 2.0.  The MPL was created as part of the launch of the Mozilla project in 1998, and was updated once in 1999.  The MPL is used by the Mozilla project for much of its code, including Firefox and Thunderbird.  It is also used by other organizations and individuals.

Version 2.0 is similar in spirit to the previous versions, but shorter, better, and more compatible with other Free Software and Open Source Licenses.   We appreciate the help of the Free Software Foundation for GPL compatibility and the Open Source Initiative for assistance with compatibility and their ultimate certification of the MPL as meeting free software and open source standards.

The MPL 1.1 versions had one expert who had been involved in every word and every decision.  Even today, more than a decade later, I can still bring to mind particular phrases or section references along with the rationale behind them.  The MPL 2.0 is a vast improvement here as well.  It has 5 peers now,  instead of just one.

I also want to call out the stellar work of Luis Villa, supported by Heather Meeker.  Luis started the MPL 2.0 revision process as a new lawyer just out of law school, but with a long and deep background in free/open source software.  Harvey and I believed that his software experience and his motivation would make up for his status as a young lawyer.     We have been more than vindicated — Luis began with project management, and has come to own much of the content over time.

The MPL 2.0 will be adopted by the Mozilla project; this decision was proposed, reviewed and decided as part of the beta and Release Candidate process over the fall of 2011.  The actual update process with be managed by Gervase Markham,  who managed the update from the MPL only to the MPL tri-license many years ago.

Many thanks to everyone who contributed to the process.  It’s an honor to work with so many great people.