Mozilla Sends Cease And Desist Letter To Commercial Spyware Company For Using Firefox Trademark And Code To Trick Users
from the betraying-trust dept
Techdirt has written several times about the increasing tendency for governments around the world to turn to malware as a way of spying on people, without really thinking through the risks. One company that is starting to crop up more and more in this context is Gamma International, thanks to its FinFisher suite of spyware products, which includes FinSpy. A recent report by Citizenlab, entitled "For Their Eyes Only: The Commercialization of Digital Spying", has explored this field in some depth. Among its findings is the following:
We identify instances where FinSpy makes use of Mozilla's Trademark and Code. The latest Malay-language sample masquerades as Mozilla Firefox in both file properties and in manifest. This behavior is similar to samples discussed in some of our previous reports, including a demo copy of the product, and samples targeting Bahraini activists.
That's pretty serious: Mozilla's trademark is not only being abused, it's being used to trick people into installing malware that might well have serious consequences for them if their government disapproves of their activities. Quite rightly, then, Mozilla is taking legal action, as the organization's privacy and public policy lead, Alex Fowler, announced in a blog post:
A recent report by Citizen Lab uncovered that commercial spyware produced by Gamma International is designed to trick people into thinking it's Mozilla Firefox. We've sent Gamma a cease and desist letter today demanding that these illegal practices stop immediately.
Choosing Mozilla as the cover for this malware is cynical in the extreme, for reasons Fowler explains:
As an open source project trusted by hundreds of millions of people around the world, defending Mozilla's trademarks from this type of abuse is vital to our brand, our users and the continued success of our mission. Mozilla has a longstanding history of protecting users online and was named the Most Trusted Internet Company for Privacy in 2012 by the Ponemon Institute. We cannot abide a software company using our name to disguise online surveillance tools that can be -- and in several cases actually have been -- used by Gamma's customers to violate citizens' human rights and online privacy.
The only consolation regarding this move to create commercial spyware for sale to governments around the world is that it is possible to use conventional legal instruments like cease and desist letters against the companies behind them when they overstep the mark. Nonetheless, it's a deeply disturbing development that even countries like Germany now seem happy to use FinFisher in order to spy on their citizens by means of malware (original in German.)
Follow me @glynmoody on Twitter or identi.ca, and on Google+
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: finfisher, finspy, spyware
Companies: gamma international, mozilla
Reader Comments
Subscribe: RSS
View by: Time | Thread
What could possibly go wrong?
The dinosaurs can't reproduce.
The lock can't be picked.
The Maginot Line can't be breached.
&etc.
[ link to this | view in chronology ]
Re: What could possibly go wrong?
Oh yes they can...they were stupid and used gene sequencing caps from the West African bull frog...which is known to spontaneously change genders in a single gender environment.
[ link to this | view in chronology ]
Re: Re: What could possibly go wrong?
"The bad thing you imagine can't possibly happen."
"What if it does?"
"We've made sure it never will."
"Oh, fuck. Someone made a big boo boo, and now the bad thing has happened."
[ link to this | view in chronology ]
Re: Re: Re: What could possibly go wrong?
[ link to this | view in chronology ]
Re: Re: What could possibly go wrong?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
I've been reading this site for a long time, and while TechDirt regularly opposes copyright and patent law (at least as currently implemented), I've never seen them opposing trademark law, at least not when used to truthfully brand products and services.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Trademarks as marks of origin
[ link to this | view in chronology ]
Re: Trademarks as marks of origin
On another note, I'm certain this isn't the first time this is being asked, but should companies like Gamma stay legitimate? Maybe a lot of companies need some sort of surveillance system for their offices, but doing so through deceitful means like this while also selling products clearly intended to help governments curb free speech?
[ link to this | view in chronology ]
Re: Re: Trademarks as marks of origin
If I recall correctly, it does look like Google. Not that it means much, the Google home page is pretty minimalist.
[ link to this | view in chronology ]
Re: Re: Re: Trademarks as marks of origin
I actually managed to remember one: MyPlayCity. I don't know which software actually installed the nasties (the site offers free games, but it doesn't look like the uninstalling the games instantly removes the crapware as well), but it also hijacked browsers' homepage and default search engine.
I don't know, maybe it doesn't mean much in terms of legal grounds, but it does manage to confuse and trick people. Not that I wouldn't blame them for being too gullible either, though...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Incredibly aggravating
Now Google, on the other hand, didn't make too big a stink when the SWIron browser was placed on browserchoice.eu. And that platform is KNOWN adware/scareware. Hopefully Mozilla doesn't get beleaguered with illegitimate forks and end up apathetic like its primary competitor...
[ link to this | view in chronology ]
Re: Incredibly aggravating
FTA:
"It�s important to note that the spyware does not affect Firefox itself, either during the installation process or when it is operating covertly on a person�s computer or mobile device. Gamma�s software is entirely separate, and only uses our brand and trademarks to lie and mislead as one of its methods for avoiding detection and deletion."
....
"When a user examines the installed spyware on his/her machine by viewing its properties, Gamma misrepresents its program as �Firefox.exe� and includes the properties associated with Firefox along with a version number and copyright and trademark claims attributed to �Firefox and Mozilla Developers.�"
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Trademark
Scandalous!
[ link to this | view in chronology ]
Re: Trademark
Those damn pirates are finally getting what they give!!!11111
ahhhh oh yeah, and
How does it feel you filthy pirate, IP laws are only for when you need them huh????
[ link to this | view in chronology ]
This is the only real reason I put up with it, that is the only reason trademark still has any semblance of legitimacy, different from patents and copyrights that have gone down the crazy line.
[ link to this | view in chronology ]
Shams are everywhere and when a flim-flam (theft by deception) is being perpetrated its best to use the most trusted names in the world and Mozilla fits the evil need of the ones (Germany? And who else?) who want to deceive.
Wanna charge a person a fee to apply for a large famous company? Swipe the logos and name of IBM or ATT and see how much you can make before someone actually calls the home office. So in a way trademark law can make it easier for such deceptions to exist.
If a suggestion could be made; enforce the crime itself and don't involve trademark law. Its a derivative abuse of copyright law and not any more pleasant. Just because it was easier for Mozilla to prosecute for a corporate trademark violation is only a symptom of how weak common criminal/civil law is compared to corporate trademark law.
Trademark law, like copyright law, at one time did perform a somewhat beneficial service to Public Domain Rights but its all long gone in a wash of special interest farm animal feeding upon misplaced public trust in Washington. Was it used well and maybe wisely in this case? Sure, very possibly.
But what if the corporation that owns the trademark itself is the perpetrator of abuse? Would they file for trademark based take-down DMCA notices to try and suppress public opinion? Maybe. Its happened before and with the current lax, corporate one sided, law it will again. Unless steep penalties are enacted against companies who abuse free speech it will also increase.
A somewhat good example was Sony's use of a rootkit for spying on its very own paying customers. That was before layers learned to abuse the DMCA so it did not happen but it could have? Its sooooo easy to do. Might that same rootkit do some dirty work itself (or installing some new software that did) like monitoring any correspondence with the word Sony in it?
There are many problems with current trademark law. Much deals with the lack of oversight and its effects on society and its various cultures?
Trademark law was not supposed to interfere with culture or society. Many cultural figures are firmly based in culture like the Disney characters or Marvel heroes (now Disney controlled). These types of trademarks are subtractions from culture and should never have been allowed. Any such attempt at permanent theft from American culture should be punished.
How is Disney to profit if they loose their precious eternal copyright and trademark laws? Don't know. Maybe they would have to start making new creative work. An end to the rehashing of old crap would be nice. No we do not need another remake of Witch Mountain or whatever? Maybe you like that?
What we need are new interpretations that build or tear down the old way of thinking.
Punchline;
Do we need spy programs that build on the great work of other companies? No. Spying is always wrong. Trust, at least, your own citizens. Do we need to invoke trademark law to prevent this? No. Spying is illegal? Making false claims is illegal. Deception for profit or harm is illegal. Etc.
Who knows anymore. But. At least it once was; In a land called The United States of America. (at least was for some time after the constitution was written) That great almost-dead myth we invoke at camp-side fire to shoo away ghost stories of how the copyright bogeymen (people) will come and take you away in the night. Which is real and fiction?
Reactionary,
Its probably best not to use the built in search box and use some less common method like visiting a web page. Use two browsers. One for general browsing with all java and flash shut down and other safeguards like Privoxy and NoScript or whatever. Use the other less restricted browser for safe/known sites.
[ link to this | view in chronology ]