I have a lot to say about the recent announcement about Thunderbird. But before I talk about the substance of the proposal, the way it was decided and presented, the framing and all the other aspects, I want to talk about this.
That link is to a pastebin, posted on Friday, of a copy of an email that was circulated to all Mozilla employees and Mozillians about the upcoming changes. It begins:
On Monday Mitchell Baker will be posting on the future of Thunderbird.
We’d like you to be aware of it before it goes public. However, this
is *confidential* until the post is pushed live Monday afternoon PDT.
Please don’t tweet, blog or discuss on public mailing lists before
then.
Clearly, the poster decided not to respect that request. In a personal comment at the bottom, he explains why:
The fact that this message was marked “confidential” is part of a
deeply, deeply troubling trend. The biggest irony? Uninitiated
employees–those being discussed in .governance right now, and who
feel that there’s actually quite a lot at Mozilla that shouldn’t
happen in the public–will point to this incident to try to make their
point, in a tremendous display of Not … Getting It.
Recently, Harvey Anderson, MoCo’s General Counsel (chief lawyer), asked me to put together a document explaining Mozilla’s position on Non-Disclosure Agreements (NDAs). With the rise of B2G, we are increasingly working with partner companies in the mobile space whose backgrounds are very different from ours. Mobile companies can be among the most closed companies you are ever likely to find. And, to some extent, this is OK. They have confidential product plans, feature lists, ship dates and so on, and they want to keep them quiet in a very competitive market. That’s their business, not ours.
However, it means that the first thing they want to do, before they tell you or show you anything, is to get you to sign a broad NDA. This presents a problem for Mozilla. We can sign NDAs – but the only people who are bound by them are the people we employ. That means that any information transmitted under the NDA will have to be restricted to employees only. If that became widespread, it would drive a wedge between employees and the community because only employees would be in the know about what’s going on. We could get all volunteers to sign NDAs with us – but that has a host of problems too. We can try and reduce the scope of the NDA – and we do – but that’s not a complete solution either.
NDAs are a problem. So I wrote this document, which is designed to be given to new partners to explain to them Mozilla’s position on the question. Among other things, it tries to convince them to delay the need to sign an NDA for as long as possible. Here’s an excerpt, from the section titled “Trust”:
Mozilla has a long reputation as a trustworthy partner. We have good relationships and business partnerships with major players such as Google, Microsoft and Twitter. On more than one occasion we have received information without an NDA which other companies can only see under NDA. This is because Mozilla people realise the importance to our partners and to our reputation of keeping appropriate confidentiality.
…
So we try and use this accumulated trust and good reputation to postpone or eliminate the point where an NDA becomes necessary in a relationship, relying instead on verbal agreements and making sure that involved community members are clear on any confidentiality assurances we have given.
In other words: “please don’t make us sign an NDA. You can trust us to keep our mouths shut about your private stuff.”
Can you imagine how I now feel, having written those words only a few weeks ago? I thought what I wrote was true, and that I could be proud of our community’s reputation for discretion. Seems like I was wrong. If we can’t keep our own private stuff private, how on earth is anyone ever going to believe we can keep theirs?
Note that this point is entirely independent of whether Mozilla needs to be more open, and whether the Thunderbird change-of-direction should have been handled in a different way. I may well write more about that later. I continually push for more openness at Mozilla – to the point where I’m sure at least a few MoCo people think I’m a pain in the arse on the subject. My work on NDAs is an example of me trying to prevent project openness dying the death of a thousand small cuts. No-one can accuse me of being part of the group who thinks “there’s actually quite a lot at Mozilla that shouldn’t happen in the public”. I’m an advocate of open-by-default. I’ve done presentations which have a slide “If there’s no reason for it to be private, it should be public.”
And this really does not help.
I really hope this leak is a one-off, isolated exception. Because if Mozilla’s open development of B2G (our attempt to open up the mobile market) gets closed up by us having to sign broad NDAs with all our partners, because none of them trust us any more with their confidential information, then I would suggest that it’s the person who thinks breaking a requested confidence is a great way to make the project more open who is Not … Getting It.