FREE ELECTRONIC LIBRARY - Dissertations, online materials

Pages:   || 2 | 3 | 4 | 5 |   ...   | 6 |


-- [ Page 1 ] --

The Honorable Robert J. Bryan










Wednesday, May 11, 2016 Davis Wright Tremaine LLP MOTION TO INTERVENE (15-CR-05351-RJB) LAW OFFICES DWT 29531601v1 0050033-000393 1201 Third Avenue, Suite 2200 Seattle, WA 98101-3045 206.622.3150 main · 206.757.7700 fax I. INTRODUCTION On February 17, 2016, this Court entered an order granting Defendant’s Third Motion to Compel. See Dkt. 161. Among other things, this Order required the Government to produce evidence related to a security vulnerability that it exploited in the Tor Browser. Specifically, the Government was ordered to produce the entire code it used to deploy a Network Investigative Technique that could be used to remotely place instructions on an individual’s system to send back specified information. The Government has a pending Motion for Reconsideration and For Leave to Submit Filing Ex Parte and In Camera in relation to this Order. See Dkt 165.

Mozilla now seeks to intervene in relation to the Government’s pending Motion to request modification of the Order, or in the alternative, to participate in the development of this issue as amicus curiae in favor of neither party, for the purpose of requesting that the Court modify its Order to require the government to disclose the vulnerability to Mozilla prior to disclosing it to the Defendant. Absent great care, the security of millions of individuals using Mozilla’s Firefox Internet browser could be put at risk by a premature disclosure of this vulnerability. This risk could impact other products as well. Firefox is released under an open source license. This means that as Firefox source code is continuously developed, it is publicly available for developers to view, modify, share, and reuse to make other products, like the Tor Browser. The Tor Browser comprises a version of Firefox with some minor modifications to add additional privacy features, plus the Tor proxy software that makes the browser’s Internet connection more anonymous.

Mozilla has reason to believe that the exploit that was part of the complete NIT code that this Court ordered the Government to disclose to the defense involves a previously unknown and potentially still active vulnerability in its Firefox code base. This belief rests on the fact that (1) the Tor Browser at issue relies on a modified version of the Firefox browser;

(2) a prior exploit of the Tor Browser software by the government allegedly took advantage of

–  –  –

9 C. Due Process Requires this Court to Consider Mozilla’s Rights.

Ordering disclosure of the exploit without considering Mozilla’s interests violates Mozilla’s procedural and substantive due process rights under the Fifth Amendment of the United States Constitution. Due process requires courts to hear and consider arguments from parties whose property interests and rights are affected by its decisions. Mathews v. Eldridge, 424 U.S. 319, 348 (1976). Parties “whose property interests are at stake are entitled to ‘notice and an opportunity to be heard.’” Dusenbery v. United States, 534 U.S. 161, 167 (2002).

To consider the weight of Mozilla’s interests, this Court must determine whether the Exploit to be disclosed takes advantage of an unfixed Firefox vulnerability. If it does, Mozilla will suffer harm if the Court orders the government to disclose the vulnerability to the Defendant under the existing protective order. Likewise, Mozilla continues to suffer harm by the Government’s refusal to confirm at this point whether Firefox is the target of the vulnerability. “The fundamental requirement of due process is the opportunity to be heard ‘at a meaningful time and in a meaningful manner.’” Mathews, 424 U.S. at 333; Application of United States for Order Authorizing Installation of Pen Register or Touch-Tone Decoder and Terminating Trap, 610 F.2d 1148, 1157 (3d Cir. 1979) (same). Due process compels this Court to hear Mozilla’s arguments and consider its interests before rendering a decision.8 “The Court's view has been that as long as a property deprivation is not de minimis, its gravity is irrelevant to the question whether account must be taken of the Due Process Clause.” Goss v. Lopez, 419 U.S. 565, 576 (1975).

Davis Wright Tremaine LLP MOTION TO INTERVENE (15-CR-05351-RJB) - 6 LAW OFFICES DWT 29531601v1 0050033-000393 1201 Third Avenue, Suite 2200 Seattle, WA 98101-3045 206.622.3150 main · 206.757.7700 fax Other courts have rejected, or altered, the relief requested by the Government to avoid placing an undue burden on affected parties. Consideration of the effect of an order on a company’s products has been a frequent source of litigation under the All Writs Act. In Application of U. S. of Am. for Or. Authorizing Installation of Pen Register or Touch-Tone Decoder and Terminating Trap, 610 F.2d 1148, 1156 (3d Cir. 1979), the court found a deprivation of a property interest where a tracing order denied appellants the free use of their equipment and the services of their employees. Id. at 1156 (“The procedural guarantees of due process attach when the state deprives a person of an interest in ‘liberty’ or ‘property’” and “[t]he most important requirement of due process is the opportunity to be heard at a meaningful time.”); see also In re XXX, Inc., No. 14 Mag. 2258, 2014 WL 5510865, at *2 (S.D.N.Y. Oct.

31, 2014) (“Courts have held that due process requires that a third party subject to an order under the All Writs Act be afforded a hearing on the issue of burdensomeness prior to compelling it to provide assistance to the Government.”); see also In re Order Requiring Apple, Inc. to Assist in the Execution of a Search Warrant Issued by this Ct., 15-mc-01902-JO, 2015 WL 5920207, at *7 (E.D.N.Y. Oct. 9, 2015) (same).

Here, the relief each party seeks—disclosure to the Defendant or continued secrecy by the Government—will affect Mozilla’s property interests in its business and software. If the Exploit takes advantage of an unfixed Firefox vulnerability, and if the defense receives the Exploit, but Mozilla does not, the vulnerability will be more likely to leak and be used by bad actors, which will harm Mozilla and its users. If the Government retains the vulnerability and does not disclose it at all, Mozilla will continue to be harmed by the nondisclosure, as the vulnerabilities in its software will remain unfixed, exposing Firefox users to potential harm.9 It is worth noting that the Government refuses to tell Mozilla if the Exploit went through the Vulnerabilities Equities Process (“VEP”), which is an interagency process used to determine whether vulnerabilities should be disclosed to the impacted company or should be exploited in secret.

Davis Wright Tremaine LLP MOTION TO INTERVENE (15-CR-05351-RJB) - 7 LAW OFFICES DWT 29531601v1 0050033-000393 1201 Third Avenue, Suite 2200 Seattle, WA 98101-3045 206.622.3150 main · 206.757.7700 fax D. If Mozilla Is Not Permitted to Intervene, It Should Be Allowed to Appear as 1 Amicus.

If Mozilla is not permitted to intervene to protect its interests, this Court should certainly allow Mozilla to appear as amicus curiae. The Court has broad discretion to permit a non-party to participate in an action as amicus curiae. See, e.g., Gerritsen v. de la Madrid Hurtado, 819 F.2d 1511, 1514 n.3 (9th Cir. 1987); Nat. Res. Def. Council v. Evans, 243 F.

Supp.2d 1046, 1047 (N.D. Cal. 2003) (amici “may file briefs and may possibly participate in oral argument” in district court actions). “District courts frequently welcome amicus briefs from non-parties concerning legal issues that have potential ramifications beyond the parties directly involved or if the amicus has ‘unique information or perspective that can help the court beyond the help that the lawyers for the parties are able to provide.’” Sonoma Falls Dev., LLC v. Nevada Gold & Casinos, Inc., 272 F. Supp.2d 919, 925 (N.D. Cal. 2003) (quoting Cobell v.

Norton, 246 F. Supp.2d 59, 62 (D.D.C. 2003) (citation omitted). No special qualifications are required; an individual or entity “seeking to appear as amicus must merely make a showing that his participation is useful to or otherwise desirable to the court.” In re Roxford Foods Litig., 790 F. Supp. 987, 997 (E.D. Cal. 1991).

Because Mozilla will present a unique perspective and will represent the interests of millions of Firefox users, its participation as amicus curiae is particularly important. See Liberty Res., Inc. v. Philadelphia Hous. Auth., 395 F. Supp.2d 206, 209 (E.D. Pa. 2005).

(“Courts have found the participation of an amicus especially proper... where an issue of general public interest is at stake.”). This is because the primary role of an amicus is “to assist the Court in reaching the right decision in a case affected with the interest of the general public.” Russell v. Bd. of Plumbing Examiners of the County of Westchester, 74 F. Supp.2d 349, 351 (S.D.N.Y. 1999). In Liberty Resources, a case brought by a disability rights advocacy group against a public housing authority, the court granted amicus curiae status to another advocacy group that represented residents of public housing because the group’s participation “will serve to keep the Court apprised of the interests of non-disabled Section 8 voucher recipients who may be affected by this case.” 395 F. Supp.2d at 209. Similarly, Mozilla here

–  –  –

3 F. The Protective Order Does Not Adequately Protect Mozilla or its Users.

In light of the dangers that could stem from disclosure of the Exploit, the NIT Protective Order is not adequate to protect the sensitivity of this Exploit. A court may modify a protective order in a criminal case “for good cause.” Fed. R. Crim. P. 16. Good cause exists here because, in the hands of an attacker, the Exploit may provide the ability to either extract information from or gain access to a person’s computer. Mozilla is concerned with the implications to its global user base should the Exploit be disclosed to the Defendant and reveal an active vulnerability in Firefox. An attacker may use this vulnerability for nefarious purposes, including to sell the information or provide access to other individuals, organizations, or governments. It makes no sense to allow the information about the vulnerability to be disclosed to an alleged criminal, but not allow it to be disclosed to Mozilla.

Because of the serious risks associated with disclosure of a vulnerability in Mozilla’s widely used source code, a previously unknown vulnerability in that source code should be treated with the care given to confidential source code containing trade secrets to prevent disclosure to unauthorized parties. In Telebuyer, LLC v. Amazon.com, Inc., No. 13-CV-1677, 2014 WL 5804334, at *2 (W.D. Wash. July 7, 2014), this Court examined a protective order to determine if it adequately protected source code to be disclosed. The Court found that giving “counsel and experts the benefit of the doubt that they will faithfully observe the confidentiality rules to which the parties have already agreed” is not enough. Id. Vulnerabilities in code as widely used as Mozilla’s are similar to source code because they create a “heightened risk of inadvertent disclosure.” Id. (citing Kelora Sys., LLC v. Target Corp., No. 11-cv-01584, 2011 WL 6000759, at *7 (N.D. Cal. Aug.29, 2011)). As with source code, “[i]t is very difficult for the human mind to compartmentalize and selectively suppress information once learned, no matter how well-intentioned the effort may be to do so.” In re Deutsche Bank Trust Co.

Americas, 605 F.3d 1373, 1378 (Fed. Cir. 2010) (citing FTC v. Exxon Corp., 636 F.2d 1336,

–  –  –

14 G. The Court Should Order Advance Disclosure of the Exploit to Mozilla 15 1. Advance Disclosure of Software Vulnerabilities to the Impacted Company is a Best Practice in the Security Community.

In reconsidering its prior order, the Court should be guided by established best practices of advance disclosure in software vulnerability management. These go by different names in the security community such as “Coordinated Disclosure,” “Partial Disclosure,” and “Responsible Disclosure.” The underlying principle is that the security researcher who discovers the vulnerability notifies the affected company and allows some time for the vulnerability to be fixed before it is disclosed publicly, which may occur at security conferences, in papers, distribution lists, or through the company’s own announcement.19 This To the extent that the phrase “defense team” for purposes of the NIT incorporates the general protective order, 25 the number of people who will be exposed to the vulnerability may be excessively broad. See (Dkt. 19 2 (defining “defense team” to include attorneys of record, and investigators, paralegals, law clerks, experts and assistants for the attorneys of record)).

Mozilla was not contacted by the Government regarding the development of the protective order and therefore played no role in the drafting of the order.

Pages:   || 2 | 3 | 4 | 5 |   ...   | 6 |

Similar works:

«Harris Manchester College Oxford University Oxford, England Study Abroad Program Information Package Spring 2017 Semester Important Dates (these dates are approximate and subject to change): February 22, 2016 January 4 January 15, 2017*   BU Law application deadline Approximate dates for Intensive, two-week introductory course on the British Legal Mid-March 2016 System  Selections made January 18 March 11, 2017*  October 2016 Approximate spring 2016 semester dates  Visiting...»

«UNAIDS 2015 | REFERENCE ORAL PRE-EXPOSURE PROPHYLAXIS QUESTIONS AND ANSWERS Reviewed and updated March 2016. Copyright © 2016 Joint United Nations Programme on HIV/AIDS (UNAIDS) All rights reserved. The designations employed and the presentation of the material in this publication do not imply the expression of any opinion whatsoever on the part of UNAIDS concerning the legal status of any country, territory, city or area or of its authorities, or concerning the delimitation of its frontiers...»

«LA NORMALISATION ET LA REPRESENTATION DES CONSOMMATEURS Ludivine COLY-DUFOURTDécembre 2012 1 Sommaire Introduction I/ LA NOTION DE NORMALISATION A/ Définition et cadre juridique B/Normalisation et Réglementation C/Normalisation et marquage CE D/Normalisation et certification II/ DU SYSTEME FRANÇAIS DE NORMALISATION A/ Les acteurs du système français de normalisation 1/ l’AFNOR 2/les bureaux de normalisation 3/ Le délégué interministériel aux normes 4/ les professionnels 5/les...»

«MARK J. VALENCIA* and ABU BAKAR JAAFAR** Environmental Management of the Malacca/Singapore Straits: Legal and Institutional IssuesINTRODUCTION The constricted, shallow Malacca/Singapore Straits is a priority area for a coordinated international approach to environmental management by the principal bordering nations, Malaysia, Indonesia, and Singapore (Figure 1). Regionwide cooperation could yield a mutually beneficial distribution of activities, hence, optimal product mixes. Indeed, with the...»

«Chapter 1 I, the dreamer clinging yet to the dream as the patient clings to the last thin unbearable ecstatic instant of agony in order to sharpen the savor of the pain's surcease, waking into the reality, the more than reality, not to the unchanged and unaltered old time but into a time altered to fit the dream which, conjunctive with the dreamer, becomes immolated and apotheosized. WILLIAM FAULKNER in Absalom! Absalom! Half a deer walked up to my house and rattled at the door. When I didn't...»

«Ḥackərṣ ṭḥaṭ ṣḥōōk ṭḥə ʷōrłḍ Srinidhi Ravi Asian School of Cyber Laws To download great stuff and win lots of goodies, visit: www.facebook.com/republic.of.cyberia Hackers that shook the world ! Srinidhi Ravi Asian School of Cyber Laws 1|Page If you are good hacker everyone knows your name, if you are a great hacker no one knows who you are. 2|Page Published in 2012 by Asian School of Cyber Laws. Copyright © 2012 by Asian School of Cyber Laws. All rights reserved. No...»

«1997 WESTERN AUSTRALIA LEGISLATIVE ASSEMBLY STANDING COMMITTEE ON UNIFORM LEGISLATION AND INTERGOVERNMENTAL AGREEMENTS MINISTERIAL COUNCILS Nineteenth Report Presented by: Hon. K. J. Minson, MLA Laid on the Table of the Legislative Assembly on the 12 June 1997 ORDERED TO BE PRINTED Further copies available from State Law Publisher 10 William Street PERTH WA 6000 Telephone: (08) 9321 7688 Fascimile: (08) 9321 7536 Published by the Legislative Assembly, Perth, Western Australia 6000 1997 WESTERN...»

«THE LAWS AND RULES REGULATING LICENSING OF ELECTRICIANS AND INSPECTION OF ELECTRICAL INSTALLATIONS Minnesota Electrical Act Minnesota Statutes Chapter 326B, sections 326B.31 to 326B.399 Enforcement Minnesota Statutes Chapter 326B, sections 326B.081 to 326B.085 Minnesota Board of Electricity Rules Minnesota Rules Chapter 3800 Minnesota Department of Labor and Industry Rules Minnesota Rules Chapter 3801 OFFICE LOCATION 443 Lafayette Road North Saint Paul, MN 55155 Phone (651) 284-5064 Fax (651)...»

«Boston Legal Roe V. Wade: The Musical Season 4, Episode 12 Broadcast: January 22, 2008 Story by: David E. Kelley, Susan Dickes & Jill Goldsmith Directed by: Steve Robin Copyright © 2008 David E. Kelley Productions. All Rights Reserved. This transcript is not official or taken from the actual script. It is transcribed from watching the broadcast. Transcribed by Bbbeluga and Judithakateacher for Boston-Legal.org [version: February 4, 2008] Thanks to SaraC and Courgari for the screen captures....»

«Study on the application of Criterion VII Considering superlative natural phenomena and exceptional natural beauty within the World Heritage Convention IUCN World Heritage Study Nº 10 The designation of geographical entities in this book, and the presentation of the material, do not imply the expression of any opinion whatsoever on the part of IUCN concerning the legal status of any country, territory, or area, or of its authorities, or concerning the delimitation of its frontiers or...»

«The Thirteenth Amendment at the Intersection of Class and Gender: Robertson v. Baldwin’s Exclusion of Infants, Lunatics, Women, and Seamen James Gray Pope* The common law has recognized certain classes of persons who may be kept in pupilage, viz. infants, lunatics, married women....1 – John Chipman Gray Indeed, seamen are treated by congress, as well as by the parliament of Great Britain, as deficient in that full and intelligent responsibility for their acts which is accredited to...»

«CITY COUNCIL, CITY OF ROCKFORD JOURNAL OF PROCEEDINGS FEBRUARY 4, 2008 COUNCIL CONVENED AT 6:05 P.M.1. The invocation was given by Chaplain David Sorrell, First Church of the Nazarene /Police Chaplain and the Pledge of Allegiance was led by Cub Scout Troop 712, Rockford Lutheran Academy.2. Roll Call: Mayor Lawrence J. Morrissey Aldermen: Sosnowski, Curran, Mark, Wasco, Bell, Jacobson, Thompson-Kelly, Johnson, Timm, Beach, Holt, Beck, -12Absent: McNeely, Conness –23. Alderman Mark moved to...»

<<  HOME   |    CONTACTS
2016 www.dissertation.xlibx.info - Dissertations, online materials

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.