Brendan Eich is the chief technology officer of the Mozilla Foundation, the non-profit behind the Firefox web browser. Among many other things, he oversees the Firefox security team — the software engineers who work to steel the browser against online attacks from hackers, phishers, and other miscreants — and that team is about to get bigger. Much, much bigger.
In a recent blog post, Eich calls for security researchers across the globe to regularly audit the Firefox source code and create automated systems that can ensure the same code is used to update the millions machines that run the browser. That’s not an option for other browsers, but it is for Firefox. The code behind the browser is completely open source, meaning anyone can look at it, at any time.
The move is one more way that the giants of the web are responding to revelations that the National Security Agency is snooping on web traffic via popular services and software. After NSA whistleblower Edward Snowden revealed that the U.S. government is tapping into data collected by private companies like Google and Facebook and then private email outfit Lavabit revealed a gag order that forbade the company from the telling customers the government was requesting information about them, Eich is worried that the feds could force Mozilla into adding a backdoor into its browser.
“As the Lavabit case suggests, the government may request that browser vendors secretly inject surveillance code into the browsers they distribute to users,” Eich says. “We have no information that any browser vendor has ever received such a directive. However, if that were to happen, the public would likely not find out due to gag orders.”
Because Firefox is open source, outsiders can not only audit the code, they patch holes in the software and distribute such changes independently of Mozilla. In other words, if there’s a problem with Mozilla or Firefox, someone else can fix it and publish a new version online. “Through international collaboration of independent entities, we can give users the confidence that Firefox cannot be subverted without the world noticing, and offer a browser that verifiably meets users’ privacy expectations,” Eich explains.