Mozilla Sends Cease And Desist Letter To Commercial Spyware Company For Using Firefox Trademark And Code To Trick Users
from the betraying-trust dept
Techdirt has written several times about the increasing tendency for governments around the world to turn to malware as a way of spying on people, without really thinking through the risks. One company that is starting to crop up more and more in this context is Gamma International, thanks to its FinFisher suite of spyware products, which includes FinSpy. A recent report by Citizenlab, entitled “For Their Eyes Only: The Commercialization of Digital Spying“, has explored this field in some depth. Among its findings is the following:
We identify instances where FinSpy makes use of Mozilla’s Trademark and Code. The latest Malay-language sample masquerades as Mozilla Firefox in both file properties and in manifest. This behavior is similar to samples discussed in some of our previous reports, including a demo copy of the product, and samples targeting Bahraini activists.
That’s pretty serious: Mozilla’s trademark is not only being abused, it’s being used to trick people into installing malware that might well have serious consequences for them if their government disapproves of their activities. Quite rightly, then, Mozilla is taking legal action, as the organization’s privacy and public policy lead, Alex Fowler, announced in a blog post:
A recent report by Citizen Lab uncovered that commercial spyware produced by Gamma International is designed to trick people into thinking it’s Mozilla Firefox. We’ve sent Gamma a cease and desist letter today demanding that these illegal practices stop immediately.
Choosing Mozilla as the cover for this malware is cynical in the extreme, for reasons Fowler explains:
As an open source project trusted by hundreds of millions of people around the world, defending Mozilla’s trademarks from this type of abuse is vital to our brand, our users and the continued success of our mission. Mozilla has a longstanding history of protecting users online and was named the Most Trusted Internet Company for Privacy in 2012 by the Ponemon Institute. We cannot abide a software company using our name to disguise online surveillance tools that can be — and in several cases actually have been — used by Gamma’s customers to violate citizens’ human rights and online privacy.
The only consolation regarding this move to create commercial spyware for sale to governments around the world is that it is possible to use conventional legal instruments like cease and desist letters against the companies behind them when they overstep the mark. Nonetheless, it’s a deeply disturbing development that even countries like Germany now seem happy to use FinFisher in order to spy on their citizens by means of malware (original in German.)