Transparency

Transparency is a key part of how Mozilla approaches user trust. As an open source project that relies on open development, we build transparency into the way we write our code. Additionally, our product documentation and notices describe how our products work and how we handle user data.

With this transparency in mind, we intend to publish bi­-annual transparency reports that help provide additional transparency to government disclosures and takedown requests.

Frequently Asked Questions

What is the scope of the Transparency Report?

We report on Government Demands for User Data, Government Requests for Content Removal, and Copyright and Trademark Requests. We also include a Supplement, which provides additional information. With each additional report that we publish, we’ll continue to re­evaluate how we can be more transparent.

How does Mozilla handle Government Demands for User Data?

As explained in our Privacy Policy, we will comply with a request for user data when the law requires it.

Mozilla requires valid Legal Process to compel the disclosure of Specific User data to the government; such as a legitimate and properly scoped court order, or a search warrant supported by probable cause and issued by an appropriate law enforcement authority. We interpret requests narrowly, and we will oppose unlawful or overbroad requests for specific user data.

Recipients of National Security Requests can only publish reporting bands instead of specific figures. If we receive such a request, we may challenge these reporting bands, in addition to opposing any unlawful or overbroad requests.

How does Mozilla handle voluntary disclosures and Emergency Requests?

The law authorizes us to disclose information to governmental entities in emergencies and we may do so if we have a good faith belief that it is reasonably necessary to protect the rights, property or safety of people.

If we receive an Emergency Request, we require it to be certified in writing by a government officer describing the nature of the emergency and how the information requested might prevent the harm. Additionally, we may attempt to verify information before responding.

How does Mozilla handle copyright removal requests?

See here to read our process for handling reports of copyright infringement.

How does Mozilla handle trademark removal requests?

See here to read our process for handling reports of trademark infringement.

When does Mozilla notify users about a Specific User disclosure?

As described in our Privacy Policy, we will notify impacted users when we receive a Specific User request unless we are legally prohibited from doing so. Sometimes companies are legally required to delay user notification, but we will notify impacted users after the required delay expires. We don’t believe it is appropriate for the government to indefinitely delay a company from providing user notice and we will take steps to enforce this belief.

In some cases when we make a voluntary disclosure, we may choose to skip or delay notification if we have a good faith belief that it is reasonably necessary to protect the rights, property or safety of people.

If a legal request draws attention to a user’s ongoing violation of our terms of use, we may choose to take action to prevent further abuse, such as account termination, which may notify the user that we are aware of misconduct.

When does Mozilla notify users about a copyright or trademark request?

Users are notified if we receive a Takedown Notice related to their submission on a Mozilla service. We also try to publicly post copies of the Takedown Notices (with personal data redacted) to sites such as MozWiki and Lumen Database (formerly known as the Chilling Effects project).

What does the Supplement cover?

This section of our report covers situations that don’t fit into our reporting categories. For example, to the extent we are legally permitted, we may include voluntary disclosures as well as legal and policy activities that we engaged in during the reporting period to further government transparency.

Definitions

Counter Notice

Documentation that meets the counter notification requirements set forth here in response to a Takedown Notice.

Court Order

An order issued by a judge or magistrate compelling a company to engage or refrain from certain action.

Cybersecurity Threat Indicator

Pieces of information about a threat to a computer network or system, such as a vulnerability, piece of malicious code, or the IP address of an attacker. This definition is based on the Cybersecurity Information Sharing Act of 2015 (CISA); the full definition is at 6 U.S.C. § 1501(6).

Emergency Request

A request from a government agency seeking information on an expedited basis in connection with an emergency, typically involving death or serious injury.

Examples of legal processes include: Emergency Request, Court Order, National Security Request, Pen Register Order, Search Warrant, Subpoena and Wiretap Order.

National Security Request
A National Security Letter issued under 18 U.S.C.§2709, a Court Order issued under the Foreign Intelligence Surveillance Act or any other classified request for user information issued in the U.S.
Pen Register Order
A Pen Register and Trap and Trace Order is a type of U.S. Court Order compelling a company to disclose data about a user’s real­time communications (excluding the content of the communications themselves) to law enforcement on an ongoing basis, usually for a period of 60 days.
Search Warrant
A document authorizing law enforcement to obtain user data issued by a neutral and detached magistrate on the basis of finding that “probable cause” exists to believe that the items being sought will be found in the place to be searched.
Specific User
An identifiable user of Mozilla’s products and services.
Subpoena
A formal request for the production of evidence or testimony that can be issued by a government agency or court. Judicial review is not necessarily required.
Takedown Notice
Documentation that meets the requirements set forth in our reporting copyright or trademark infringement page.
Wiretap Order
A type of U.S. Court Order compelling a company to disclose the metadata and content of a user’s real­time communications to law enforcement on an ongoing basis, usually for a period of 30 days.