Protect Firefox Browser From the U.S. Government, Says Mozilla Exec

J.D. Tuccille | 1.21.2014 7:01 PM

Among the issues that President Obama did not address in his lukewarm call for "reform" of NSA spying practices are allegations that U.S. government officials have used their clout to compromise encryption technology and strongarm companies into inserting backdoors into their technology. That's not a small issue, because it gives the NSA and other agencies access to vast quantities of information at least as sensitive as what they gather from sucking up phone meta data. Last week, even before the president's speech, Brendan Eich, the Chief Technology Officer of Mozilla, the organization behind the Firefox Web browser, called on the public to help resist such threats.

Wrote Eich in a blog post:

As a result of laws in the US and elsewhere, prudent users must interact with Internet services knowing that despite how much any cloud-service company wants to protect privacy, at the end of the day most big companies must comply with the law. The government can legally access user data in ways that might violate the privacy expectations of law-abiding users. Worse, the government may force service operators to enable surveillance (something that seems to have happened in the Lavabit case).

Worst of all, the government can do all of this without users ever finding out about it, due to gag orders.

This creates a significant predicament for privacy and security on the Open Web. Every major browser today is distributed by an organization within reach of surveillance laws. As the Lavabit case suggests, the government may request that browser vendors secretly inject surveillance code into the browsers they distribute to users. We have no information that any browser vendor has ever received such a directive. However, if that were to happen, the public would likely not find out due to gag orders.

The unfortunate consequence is that software vendors — including browser vendors — must not be blindly trusted. Not because such vendors don't want to protect user privacy. Rather, because a law might force vendors to secretly violate their own principles and do things they don't want to do.

His proposed solution? Since Mozilla and its products are all open source, he wants tech savvy users around the world to:

regularly audit Mozilla source and verified builds by all effective means;
establish automated systems to verify official Mozilla builds from source; and
raise an alert if the verified bits differ from official bits.

That way, no matter what Mozilla is ordered to do by a government body, and forbidden to reveal, any compromises stand a good chance of being discovered. Even attempting them might deterred.

Talk about watching the watchers.

Eich is right—open source does have an inherent advantage over proprietary technology because it's open to public scrutiny. It stands to grow in importance for just that reason.

The Rattler is a weekly newsletter from J.D. Tuccille. If you care about government overreach and tangible threats to everyday liberty, this is for you.

NEXT: US Military Offers Anti-IED Tech for Olympic Security

Hide Comments (51)

Editor's Note: As of February 29, 2024, commenting privileges on reason.com posts are limited to Reason Plus subscribers. Past commenters are grandfathered in for a temporary period. Subscribe here to preserve your ability to comment. Your Reason Plus subscription also gives you an ad-free version of reason.com, along with full access to the digital edition and archives of Reason magazine. We request that comments be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of reason.com or Reason Foundation. We reserve the right to delete any comment and ban commenters for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.

Fist of Etiquette 11 years ago

Open source is obviously going to have to be... wait for it... BANNED.
1. ruby0015 11 years ago
  
  my neighbor's sister brought in $12350 the prior week. she is working on the computer and moved in a $353200 home. All she did was get blessed and make use of the guide made clear on this web page
  
  ---------- J?U?M?P?2??6.???????
Irish 11 years ago

Holy shit, WaPo dumps Ezra Klein shortly after getting Radley Balko and now they pick up the Volokh Conspiracy.

Jeff Bezos is awesome.
1. The Rt. Hon. Serious Man, Visc 11 years ago
  
  Behind a paywall, though:
  
  "We realize that this may cause some inconvenience for some existing readers ? we are sorry about that, and we tried to negotiate around it, but that's the Post's current approach," Volokh apologized, before, in typical libertarian fashion, immediately listing multiple ways to access the blog's pages for free: The blog's WaPo-hosted content will be freely available for the first six months; after that, intrepid users can use RSS feeds, .edu and .gov domains, and social media links to access the blog.
  
  But good news all the same.
  1. Irish 11 years ago
    
    This made me laugh.
    
    DrewMTips
    ?@DrewMTips
    Koch Brothers will write twice weekly relationship advice column.
    
    #LibertarianWaPo
    1. The Rt. Hon. Serious Man, Visc 11 years ago
      
      Dear Koch Bros: Help! My Husband Wants to Buy Another Platoon of Janissary Rather Than The African Pygmy Colony I've Had My Eye On!
      1. Heroic Mulatto 11 years ago
        
        Bashi-bazouk: The best of both worlds.
        
        Swiss Servator, Befehl! 11 years ago
        
        +1 Crimean War
2. Bam! 11 years ago
  
  How is taking a free blog and turning it into a paid blog awesome?
  1. Irish 11 years ago
    
    Because libertarians are getting positions with a major media outlet?
    
    Libertarians before Bezos: GODDAMMIT WHY DON'T ANY MAJOR MEDIA OUTLETS LET LIBERTARIANS WRITE THERE?!?
    
    Libertarians after Bezos: GODDAMMIT, IT'S A PAYWALL?!
    
    This strikes me as kind of a looking a gift horse in the mouth situation.
    1. Bam! 11 years ago
      
      If I read the post correctly, they weren't giving any new or elevated position, merely the promise they'll get linked to from WaPo articles every now and again.
      
      That's hardly a victory. Twitter drives more traffic than WaPo.
      1. Sevo 11 years ago
        
        "That's hardly a victory."
        You'd rather WaPo wouldn't?
        
        Bam! 11 years ago
        
        If the goal is to spread libertarian ideas, that goal is better served with a free blog than a paywall, regardless of whether WaPo links in.
        
        If anything, this seems like Bezo trying to exploit Volokh Conspiracy readers than trying to broaden WaPo's content.
        
        Cytotoxic 11 years ago
        
        Some of you people will bitch about anything.
3. All-Seeing Monocle 11 years ago
  
  Wow, I somehow missed the earlier Ezra Klein news. So the wish I made on the day the wapo sale was announced is now fulfilled. OK, I didn't actually get to see the smug douchebag get his walking papers on a live webcast, but still.
The Rt. Hon. Serious Man, Visc 11 years ago

Who are you going to trust? Obama and the Most Transparent Administration in history or a private, profit-seeking corporation who's logo features a Fox humping the globe?
Paul. 11 years ago

As discussed in a previous thread, this has only been alleged. I would hardly expect the Obama administration--- any administration really to reform something that's only been alleged.

Now, do I think it's happening? You bet your ass. Unfortunately, we won't know for sure until Edward Snowden II, the Revenge of Edward Snowden pops up with some memos where the NSA admits as much. Like pretty much everything else they've denied, then reluctantly admitted was going on, but didn't matter and due process.
SweatingGin 11 years ago

Verifiable builds, maybe do a P2P distribution to avoid having servers seized/compromised/mitm

Also, remember folks, your browser and computer probably trust the DOD root CA for ssl (green lock for a cert signed by them), maybe others.
1. Cytotoxic 11 years ago
  
  The last paragraph means nothing to a non-ultra nerd such as myself. Could you explain?
  1. Thane ? the booty 11 years ago
    
    He's talking about TLS (more commonly known as SSL, its predecessor, or as HTTPS, for its use on the web).
    
    TLS is most known for providing encryption to internet traffic, which it indeed does. But it's also responsible for verifying the identity of the server (e.g., whether or not you are really talking to Gmail).
    
    To do this it relies on Certificate Authorities. The one you are most likely to have heard of is VeriSign. If reason wanted to make its site accessible via HTTPS, it would go to a certificate authority (or a reseller, like GoDaddy) and get a certificate for reason.com.
    
    So essentially the certificate authority "vouches" for them. In most cases the amount of effort actually put in is minimal, but there are also Extended Validation certificates for important sites (the green lock SweatingGin mentions).
    
    So, I go to reason, and they send me back the certificate issued to them by VeriSign. But of course, I can't just take their word for it.
    
    So browsers and operating systems ship with "root certificates" with which they can verify that a site's certificate was actually issued by a legitimate Certificate Authority.
    
    So know we have a way for reason to verify its identity (by hooking up with a CA) and for the browser to verify that reason has hooked up with the CA (the root certificates). Now, the problem is: the first time I visit reason, how do I know what certificate authority reason actually verified its identity with?
    1. Thane ? the booty 11 years ago
      
      The simple answer is that you don't*. You have to hope that the first time you visit reason, an interloper hasn't spoofed your computer into going to another server. You just trust that a certificate authority wouldn't "go rogue" and issue someone else a certificate for reason.
      
      And hence the problem: the US DOD is a CA and has its own root certificate shipped with browsers. So they can set up an evil fake reason, complete with an evil fake reason certificate, and the browser would trust the certificate.
      
      (Note that for reason that is beside the point, since they don't use TLS in the first place and hence it is trivial to set up an evil fake reason)
      
      *there are work-arounds which I won't explain because they aren't needed to understand the issue at hand
Francisco d Anconia 11 years ago

Worst of all, the government can do all of this without users ever finding out about it, due to gag orders.

Even if you buy the argument that collecting metadata doesn't violate 4A (which is complete bullshit BTW), how in the fuck do they think they can usurp the first amendment?
1. Swiss Servator, Befehl! 11 years ago
  
  Because National Security and FYTW.
  
  /servile judge
  1. Sevo 11 years ago
    
    And Commerce Clause!
    1. Kyfho Myoba 11 years ago
      
      And Necessary and Proper!
crazyfingers 11 years ago

Really he should be encouraging the use of Tor, which is based on Firefox.
1. Bam! 11 years ago
  
  Tor is a network protocol that is browser-independent.
  1. crazyfingers 11 years ago
    
    Should've been more specific. I meant the popular browser bundle.
2. Diggit 11 years ago
  
  That's what I use.
  I'm actually Joe from Lowell.
  
  Oops.
3. Christophe 11 years ago
  
  Unfortunately, it there's a security hole in firefox, and the Tor devs don't spot it, using Tor will simply not protect you.
  1. DJK 11 years ago
    
    Moreover, Tor itself has been compromised.
    1. Kyfho Myoba 11 years ago
      
      Not 100%. Only if you don't dot your i's & cross your t's, ie, not well educated users. Snowden released some stuff on this. NSA can get "a lot" of TOR traffic, but not if the user uses correct implementation.
Swiss Servator, Befehl! 11 years ago

I see the alt-text has already been banned?
cryptArchy 11 years ago

I stand firm with Mozilla and Linux. They will be the future to internet freedom
1. crazyfingers 11 years ago
  
  also pgp and bitcoin. gotta love the open source movement.
  1. cryptArchy 11 years ago
    
    Agreed!!!
2. Daily Beatings 11 years ago
  
  "Given enough eyeballs, all bugs are shallow." - Linus's Law
Diggit 11 years ago

INDEPENDENTS, UNZIP!

Too early?
1. All-Seeing Monocle 11 years ago
  
  "Too early" is only one of the things wrong with that post.
Stilgar 11 years ago

What he asks is easier said than done. The browser code base is huge - too huge for any one or small group to audit. This means you need a large, organized group to do the audits. Yet Mozilla releases nightly, alpha, beta and production releases of Firefox. How much and how often can things be audited? What if some of your auditors are compromised?

Further, binary builds are difficult to normalize. It is quite possible for the same binary built on different machines to not turn out identical. Likewise, unless you have built your compiler from audited, known to be secure code that too is vulnerable.

Open source may offer theoretical advantages over its closed brethren but the reality is that for all but the smallest of projects it is a mostly impossible chore.

TRUST NO ONE
1. Greg F 11 years ago
  
  Stilgar is quite correct as was shown by Ken Thompson of Bell Labs in 1984.
  
  Reflections on trusting trust
  
  The exploit described by Thompson has been discovered in the wild.
2. Corning 11 years ago
  
  Open source may offer theoretical advantages over its closed brethren but the reality is that for all but the smallest of projects it is a mostly impossible chore.
  
  That must be why netscape did so well and why firefox is doing so horribly.
  1. PM 11 years ago
    
    It's not a question of their success in the market, but whether one is inherently more secure. Even though auditing a large code base is very difficult, it's hard to argue that having access is worse than not having it. It's at least theoretically possible to audit Firefox's code; it's not even theoretically possible to audit IE or Opera or Chrome, for example.
3. Christophe 11 years ago
  
  This is an extremely difficult problem. However, there are a few ways to spot exploits.
  
  - The source control system (Mercurial in this case), makes all commits permanent. If I get an exploit in there and then remove it, it still leaves traces in the history of the project. I can still put in a backdoor, but I can't hide the fact that I did that.
  - There are tools to create reproducible builds. This lets 200 people all make the same build in a way that produces exactly the same object. This protects against inserting an exploit right before compiling. I don't think firefox uses it though.
Gindjurra 11 years ago

And if the Firefox source code is ever suddenly pulled by Mozilla, we'll know that they got an order from the government to do so.

Brilliant!
1. Marty G 11 years ago
  
  There are so many copies of the Firefox repository at this point, many outside the official mirrors, that FF would still be able to function. The trick would be which build to trust at that point and from where.
db 11 years ago

It may be theoretically possible to audit Firefox and all its myriad releases. If it is being built from source the compiler must also have been audited to have a chance at security. Any libraries llinked must have ben audited. Etc. It is a very complex problem.
Marty G 11 years ago

On a related note, to my view, the Freedom of Information Act should rightly allow us to request any source code or algorithms that the US government is using in its role with regard to citizens. Such as code used to compute taxes, etc. Basically, the US government should be *required* to use open source code because it is a public institution. Exceptions might be some code used by the military and intelligence agencies but these exceptions should require massive justification and the code should still be open to internal auditing by the DOJ tech squints with appropriate clearance. Code used by the NSA on US citizens would *not* qualify for an exception.
ibcbet 11 years ago

Good idea i think
John Galt 11 years ago

No question about it, the USA is the new USSR. What a disgrace.
cheap kits 11 years ago

"You have to hope that the first time you visit reason, an interloper hasn't spoofed your computer into going to another server. "

Please log in to post comments

Protect Firefox Browser From the U.S. Government, Says Mozilla Exec

Latest

Supreme Court Lets ATF Regulate (Some) DIY Firearms Kits

Brickbat: Injustice Is Blind

The Government Threatened To Seize His Home Over Tall Grass

The Logical Contradictions of Trump's Case for Tariffs

Cops Called on Dad for Playing Catch with 14-Year-Old Son at Park

Recommended

Login Form