Yahoo handover of year-long user data to US intel exposed
The most alarming example yet of online user data falling under surveillance scanners without proper authorisation has just surfaced. Last year, Yahoo, in an unprecedented move, developed a custom software program to sift through all of its customers' incoming emails. And here's the sinister part: they did it at the behest of top U.S. intelligence officials.
Giving in to the government
Reuters broke the story revealing how Yahoo Inc "complied with a classified U.S. government demand, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI." The news was attributed to three former employees of the company and "a fourth person apprised of the events."
Not everyone within the company aware of the operation was happy with the goings on. Going by the statements of at least two ex-employees, Yahoo Chief Executive Marissa Mayer's decision to comply with data requests upset a number of highly placed officials. Yahoo's chief information security officer Alex Stamos left soon after in June 2015, and joined Facebook. In fact, when Stamos' security team came across the aberrant code, they thought it must be the handiwork of hackers.
Though requests to access user data isn't uncommon for major Internet companies, the scope of this incident has created anxiety about privacy, and prompted a lot of criticism. "Based on this report, the order issued to Yahoo appears to be unprecedented and unconstitutional. The government appears to have compelled Yahoo to conduct precisely the type of general, suspicionless search that the Fourth Amendment was intended to prohibit," said Patrick Toomey, a staff attorney with the American Civil Liberties Union.
Yahoo was quick to shrug off the charges. As part of a short statement the company, reports /Reuters/, simply said, "Yahoo is a law abiding company, and complies with the laws of the United States." Further comments and queries were declined.
"It is deeply disappointing that Yahoo declined to challenge this sweeping surveillance order, because customers are counting on technology companies to stand up to novel spying demands in court. If this surveillance was conducted under Section 702 of the Foreign Intelligence Surveillance Act, this story reinforces the urgent need for Congress to reform the law to prevent dragnet surveillance and require increased transparency," added Toomey.
Setting the wrong precedent
The disappointment isn't unwarranted. Some FISA experts have said that Yahoo could've tried to contest the spy agencies' demands on two grounds - "breadth of the directive and the necessity of writing a special program to search all customers' emails in transit."
In fact, Apple found itself in a similar position recently when the FBI wanted it to give them a "backdoor key" into an iPhone used in the 2015 San Bernardino massacre. Apple didn't comply and the FBI had to resort to a third party to break into the phone. Significantly, no precedent was set.
Other companies were also asked whether similar requests have been made to them as well. /The Intercept/ quotes an Apple spokesperson saying, "we have never received a request of this type... if we were to receive one, we would oppose it in court." A Google spokesperson said: "We've never received such a request, but if we did, our response would be simple: 'no way.'" And Microsoft's statement was - "We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo."
If Yahoo doesn't come out with an explanation soon, or at least a reasonable counter that puts perspective on why they bowed down before the authorities, it might make business quite difficult going forward. The company is trying to close a deal to sell off its core business to Verizon Communications Inc for a hefty $4.8 billion. Worse still for Yahoo, more publications might do, and perhaps rightly so, what The Intercept did in its report - include a link at the bottom that takes you through the steps to delete your Yahoo account!