Firefox is trustworthy because its source code may be verified, says CTO Brendan Eich.

Software cannot be trusted unless it’s open-source, claims Mozilla CTO Brendan Eich, in a bid to advertise Firefox, Mozilla’s open-source web browser.

Eich notes that it has become increasingly difficult to trust the privacy promises of our software and services because governments, corporations, organizations, and individuals can be surveilling us online without our knowledge. We now have little recourse, he argues, because such surveillance may well be conducted under statutes that limit oversight and public scrutiny.

Eich points to the Lavabit case for example. Lavabit began offering encrypted email as a service in 2004 but shut down abruptly last August without explanation. Lavabit owner Ladar Levison was under a gag order to not reveal information about his reason behind shutting the service.

With the unsealing of court records several months later, it emerged that Levison is resisting a central authority order to give Lavabit’s Secure Sockets Layer (SSL) encryption key to authorities, who’re believed to be seeking information on ex-NSA contractor Edward Snowden. Levison objects to turning in the master key on grounds that doing so would give the govt. data on all Lavabit’s customers rather then only 1 .

For Eich, as for most security experts, the truth that privacy promises could be subverted by secret order signifies that proprietary code cannot be trusted. Indeed, were some major software company ordered by authorities to produce an undisclosed backdoor to facilitate surveillance and to stay silent in regards to the order, it may well fight the order in court, outside of public view, nonetheless it wouldn’t necessarily prevail.

“Because the Lavabit case suggests, the govt may request that browser vendors secretly inject surveillance code into the browsers they distribute to users,” Eich said in a blog post. “We don’t have any information that any browser vendor has ever received this kind of directive. However, if that were to happen, the general public would likely not discover due to the gag orders.”

That’s not true for open-source software, however. Since the programming code for Mozilla Firefox is totally open to public scrutiny, it may be checked for backdoors, let alone security flaws which may be exploited for access. Firefox could be trusted as it could be verified independently, he said.

Eich argues that here is Firefox’s primary advantage over its competitors. Internet Explorer, he says, is closed-sourced, while Chrome and Safari, contain a mixture of open-sourced and closed-sourced code.

And Firefox must make more of this advantage if it’s to stay a number one browser. Whatever its transparency advantage could be — perhaps not much given other potential weak links within the chain of trust like compromised SSL certificate authorities, tapped fiber optic cables, and sabotaged encryption algorithms — Firefox’s global market share have been eroded by the rising approval for Google Chrome and by Apple rules that keep Firefox off iOS devices.

Eich advises “trust but verify.” First comes “download and install.”

Thomas Claburn is editor-at-large for InformationWeek. He have been writing about business and technology since 1996 for publications comparable to New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business.

InformationWeek Conference is an exclusive two-day event going on at Interop where you’ll join fellow technology leaders and CIOs for a packed schedule with learning, information sharing, professional networking, and celebration. Come learn from one another and honor the nation’s leading digital businesses at our InformationWeek Elite 100 Awards Ceremony and Gala. Yow will discover out additional information and register here. In Las Vegas, March 31 to April 1, 2014.

More Insights