Benjamin, On behalf of Mozilla I'd like to acknowledge that your request has been received and is under review.
- Wayne On Tue, Jul 16, 2019 at 12:14 PM Benjamin Gabriel via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Message Body (6 of 6) APPEAL TO MOZILLA FOUNDATION BOARD OF DIRECTORS > > 1) Violation of Anti-Trust Laws: > > The Module Owner’s discretionary decision, when taken into context with > the comments of other Mozilla Peers employed by other Browsers and/or > competing Certificate Authorities, are intended to result in the types of > unfair competition that are prohibited under the United States Sherman Act, > the United States Federal Trade Commission Act, the Canadian Competition > Act, the European Union Anti-Trust Policies, and the United Arab Emirates > Competition Laws. > > a) Notwithstanding to the assertions for a decision “made on a collective > assessment of all the information at hand”, the Module Owner, and Mozilla > staff, have blatantly ignored, or failed to acknowledge and consider, the > impact of anti-competitive comments made by Mr. Ryan Sleevi, a Google > employee, with regard to the Applicants’ Root Inclusion request. > > > “I highlight this, because given the inherently global nature of the > Internet, there is no technical > > need to work with local CAs, and, with a well-run root store, all CAs > provide an equivalent level > > of protection and security, which rests in the domain authorization." > [1] > > The above statement is quite startling in that it is being made by a > representative of a dominant market power as an argument against the > inclusion of a new economic participant’s entry into the global CA market > place. In light of the fact that representative has tried to justify a > technical non-compliance to support revocation of the Applicants’ Root > Inclusion (note that significantly higher number of users were at risk due > to the same serial entropy violations of his own employer Google) [2], and > considering that this representative was a key player in the demonstration > of dominant Browser market power against a significant CA global business > [3], the Applicants have a reasonable basis to believe that the distrust > discussion are more likely to be motivated by economic considerations that > preserve incumbent parties market domination and monopolization. > > b) Additionally, the Module Owner, and Mozilla staff, have blatantly > ignored, or failed to acknowledge and consider, the Applicants’ response to > the Google Representative in their decision-making process. The General > Counsel of DarkMatter asserted unambiguously in the public discussion as > follows: > > We are of the view that CA monopolies are inherently bad for the internet > in that they unfairly exploit market power. The result is a fundamental > right to Internet security and privacy being deliberately priced out of > reach for a significant population of the world. We ask you, what can be > more of an anti-competitive monopoly than a "well run store" (read > Google/Mozilla) that does not take into consideration that sovereign > nations have the fundamental right to provide digital services to their own > citizens, utilizing their own national root, without being held hostage by > a provider situated in another nation.” [4] > > The above discussions are highly relevant to the decision-making process, > considering that the Module Owner is aware of the significant economic > investment the Applicants have made in progressing the Root inclusion > requests over the past two years. In fact, the Applicants have received > further communications from other relevant Browser Stores indicating that > their respective decision to permit the Applicants to participate in the > global CA business ecosystem will be based and influenced by the Mozilla > Module Owner’s highly subjective discretionary decision. The entire global > internet traffic is controlled by four (4) Browser Root Stores (Mozilla, > Microsoft, Google and Apple). As Reuters pointed out in its July 4 story, > three (3) of those Browser Stores will likely adopt and enforce this > decision by Mozilla. In light of this, the Module Owner would be, or should > be, aware of the significant economic harm of a decision based on less than > verifiable “credible evidence”. > > c) Notwithstanding the above highly relevant elements of the public > discussion, the Module Owner has now made a significant decision (on less > than verifiable “credible evidence”) which we believe is intended to > unfairly affect commerce in the global CA ecosystem through the use of the > coercive influence he wields on the Applicants as a result of his > discretionary decision making power. While rejecting the right of the > Applicants to participate directly within the Mozilla Root Store, and by > extension setting the stage for an outright denial of the Applicants’ > inclusions in any other browser store, the Module Owner has decided as > follows: > > > Mozilla does welcome DigitalTrust as a “managed” subordinate CA under the > > oversight of an existing trusted CA that retains control of domain > validation and > > the private keys. [5] > > We are of the view that a fair-minded and objective observer would > reasonably conclude that the above statement indicates that the Module > Owner’s decision is simply an attempt to place a trade restraint on the > Applicant’s competitive global CA business. Furthermore, we are of the view > that assertion that Digital Trust would be welcome into the Mozilla Root > Store so long as its commercial interests were subordinated in favour of > another CA competitor / Browser store would constitute the type of > “monopolization, attempted monopolization, or conspiracy or combination to > monopolize” that is prohibited by global anti-trust legislation. > > The Module Owner’s action to apply this subjective process selectively to > Digital Trust effectively amounts to incremental tariffs on the internet of > the United Arab Emirates with Mozilla de-facto promoting anti-competitive > behavior in what was once a vaunted open Trust community. > > In conclusion we wish to reiterate to the members of the Mozilla > Foundation Board of Directors that the Module Owner has wrongly decided > this issue for the reasons enumerated above. > > We call on the Mozilla Foundation Board of Directors to (1) immediately > halt the distrust process initiated by the Module Owner and (2) reverse > this decision, or review the Root Inclusion request “de novo” on the basis > of standard that is applicable to all other CA’s in the Mozilla Root Store > CA’s in a non-discriminatory and anti-competitive manner. > > We continue to assert our agreement, and alignment, with all of the > principles stated in the Mozilla Manifesto unequivocally. We have > repeatedly made it clear that a key reason why we decided to launch a > commercial CA business is because the citizens, residents and visitors to > the United Arab Emirates currently do not have access to trusted local > providers who can provide them with the protections taken for granted in > other parts of the world. We continue to extend our invitation to the > Mozilla organization to visit us in the United Arab Emirates so that they > can have first-hand “credible” information on the work that we conduct each > and every day. > > Sincerely > > [1] > https://groups.google.com/d/msg/mozilla.dev.security.policy/nnLVNfqgz7g/FwUZDOHlBwAJ > [2] > https://www.thesslstore.com/blog/mass-revocation-millions-of-certificates-revoked-by-apple-google-godaddy/ > [3] > https://www.thesslstore.com/blog/remove-trust-in-existing-symantec-ssl-certificates/ > [4] > https://groups.google.com/d/msg/mozilla.dev.security.policy/nnLVNfqgz7g/QAj8vTobCAAJ > [5] > https://groups.google.com/d/msg/mozilla.dev.security.policy/nnLVNfqgz7g/TseYqDzaDAAJ > > > Benjamin Gabriel | General Counsel & SVP Legal > Tel: +971 2 417 1417 | Mob: +971 55 260 7410 > benjamin.gabr...@darkmatter.ae > > The information transmitted, including attachments, is intended only for > the person(s) or entity to which it is addressed and may contain > confidential and/or privileged material. Any review, retransmission, > dissemination or other use of, or taking of any action in reliance upon > this information by persons or entities other than the intended recipient > is prohibited. If you received this in error, please contact the sender and > destroy any copies of this information. > > > > > > > > > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy