Transparency Report Reporting Period: July 1, 2020 to December 31, 2020

Government Demands for User Data

In the Reporting Period, Mozilla received the following.

Legal Processes Received Data Produced
Search Warrants 0 0
Subpoenas 4 4
Court Orders 1 1
Wiretap Orders 0 0
Pen Register Orders 0 0
Emergency Requests 0 0
National Security Requests 1 0-249 0-249

Government Demands for Content Removal

In the Reporting Period, Mozilla received 2 government requests for content removal from our services.

Requesting Country Requests Received Data Produced
Germany 1 0
United States 1 0

Supplement

Legislative Reform

During the course of this reporting period, Mozilla continued its efforts to provide all of our users with strong privacy and security protections. Globally, we launched a comment period for our deployment of DNS over HTTPS (DoH) and the Trusted Recursive Resolver (TRR) program within Firefox to crowdsource ideas, recommendations, and insights to maximize the security and privacy-enhancing benefits of DoH in new regions. Additionally, after we were informed that internet service providers in Kazakhstan were telling customers that they needed to install a government-issued root certificate on their devices to access government access, we blocked the use of of the Kazakhstan root CA certificate within Firefox to preclude the government from intercepting and decrypting internet traffic.

In India, we submitted comments for the public consultation held by the Ministry of Electronics and Information Technology (MeitY) on the draft report on non-personal data regulation. Our submission highlighted the need to mitigate risks to privacy, clarify community data, and pass a comprehensive data protection law. And in Australia, we urged the Parliamentary Joint Committee on Intelligence and Security to adopt necessary reforms to the Telecommunications and Other Legislation Amendment (TOLA) law. The reforms, recommended by the Independent National Security Legislation Monitor (INSLM), would establish protections for user privacy and security and enable access to justice.

In Europe, we submitted comments to the European Commission on its survey and public consultation regarding the eIDAS Regulation to protect user security. More specifically, we argued against an interpretation of eIDAS that would require Qualified Website Authentication Certificates (QWACs) to be bound with TLS certificates. To protect the implementation of online security and privacy in the United States, we submitted an amicus brief in Van Buren v. U.S. with Atlassian and Shopify asking the Supreme Court to reject an overbroad reading of the Computer Fraud and Abuse Act (CFAA) and protect critical security research. We also highlighted some of the positive aspects of the California Privacy Rights Act (CPRA), which passed through a state ballot initiative in November.

Voluntary Threat Indicators & Data Disclosures

Type of Disclosure Number of Disclosures
Cybersecurity Threat Indicator 0
Other Specific User Data Disclosure 0