Access denied: Mozilla rejects UAE bid to become internet gatekeeper

The internet software company Mozilla has rejected a UAE attempt to become an internet security guarantor, saying that a UAE-linked company could use this status to spy on Internet users.
2 min read
10 July, 2019
Mozilla has refused UAE attempts to become an Internet security guarantor [Getty]

Internet software company Mozilla has rejected a UAE bid to become one of its internet security gatekeepers, citing Reuters reports on a UAE internet espionage programme.

Mozilla, a non-profit company whose products include the popular Firefox web browser, said it had stopped the UAE’s bid at the role which has the power to certify the safety of websites for Firefox users, because it would have given cybersecurity company DarkMatter a gatekeeper role.

Reports have previously linked DarkMatter to a hacking programme run by the Emirati authorities.

In January, reports revealed DarkMatter, which is based in Abu Dhabi, provided staff for Project Raven, a secret hacking operation run by Emirati intelligence. The staff of the operation was largely made up of former US intelligence officials conducting offensive cyber operations for the UAE government.

Former Project Raven operatives told Reuters that DarkMatter executives were not aware of the hacking programme, which operated away from DarkMatter’s headquarters.

Project Raven hacked the accounts of human right activists, journalists, and officials from rival governments, Reuters found.

DarkMatter has denied any role in the hacking operation.

Selena Deckelmann, Mozilla’s senior director of engineering, said the reports regarding DarkMatter sparked concern.

"Placing our trust in DarkMatter and disregarding credible evidence would put both the web and users at risk", she told Reuters.

Websites seeking designation as safe by internet browsers have to be certified by an outside organisation that confirms its identity and vouches for its security.

The certifying organisation also help secure the connection between an approved website and its users, promising traffic will not be intercepted.

But if a surveillance group gained that authority, it could certify fake websites impersonating banks or email services, allowing hackers to intercept user data, security experts say.

Organisations that want to obtain certifying authority must apply to browser makers like Mozilla and Microsoft.

Most of the certifying organisations are independent private companies. Browsers like Firefox allow websites to obtain certification from any approved authority anywhere in the world.

But many countries, including China, the United States and Germany also have government-approved organisations playing the role.

Follow us on Twitter: @The_NewArab