Yahoo created program to scan customer emails for U.S. intelligence agencies, report says

Posted:
in General Discussion
A report on Tuesday claims Yahoo last year cooperated with U.S. government agency requests to create and deploy software that scanned hundreds of millions of customer emails as they arrived at the company's servers.









Citing multiple sources familiar with the matter, including former employees, Reuters reports Yahoo complied with the wishes of either the National Security Agency or the Federal Bureau of Investigation with its email scanning program.



U.S. intelligence officials through a classified request tasked Yahoo with picking out a particular set of characters, such as a phrase or attachment, and storing it for remote retrieval. It is unclear what the government was looking for, sources said. Whether Yahoo released any data to government agencies as part of the initiative is also unknown.



"Yahoo is a law abiding company, and complies with the laws of the United States," Yahoo said in a statement provided to Reuters.



As noted by the publication, some security experts believe the Yahoo incident is the first known case of a U.S. internet company agreeing to search all arriving messages. It is also the first to involve software created specifically for the purpose of snooping. Email service providers -- like phone companies -- have in the past acquiesced to requests for bulk data searches and limited real-time monitoring.



Yahoo CEO Marissa Mayer gave green lit the project in a decision that didn't sit well with other high-ranking employees, the report says. In particular, sources claim Mayer's move resulted in the resignation of former Chief Information Security Officer Alex Stamos in June 2015.



At the time, Mayer and other decision makers accepted the directive because they thought Yahoo would ultimately lose if they chose to fight, sources said. Further, instead of seeking guidance from Yahoo's security team, executives had engineers write and deploy the program. As can be expected, the security team found the software shortly after it was installed, believing it to be the work of a hacker, not company policy.



Experts believe the same government agencies behind the Yahoo request, whether it be the NSA, FBI or some other shadowy group, likely extended the same demand to competing firms offering similar services. Google and Microsoft told the publication they have never participated in email scanning operations like those reported. A Google representative went further, saying, "We've never received such a request, but if we did, our response would be simple: 'No way.'"



Apple, too, has butted heads with government entities seeking information under the Foreign Intelligence Surveillance Act (FISA). In April, the iPhone maker released its latest Report on Government Information Requests, noting agencies lodged 1,015 requests for customer account information affecting 5,192 users in the second half of 2015.



Earlier this year, Apple found itself at the center of a heated public debate over personal device encryption when the company declined a federal court order to access an iPhone tied to the San Bernardino terror attacks. The U.S. Department of Justice ultimately withdrew the case after FBI agents successfully bypassed the phone's passcode lock using a technique purchased from an unnamed third-party.



News of Yahoo's surreptitious activities comes just two weeks after the company confirmed reports of a massive security breach that impacted at least 500 million accounts in 2014.
«1

Comments

  • Reply 1 of 27
    Yeah so what. Is that illegal?
    mike1
  • Reply 2 of 27
    magman1979magman1979 Posts: 1,292member
    Yeah so what. Is that illegal?
    That pathetic attitude is EXACTLY what enables government to walk all over and trounce the US 4th Amendment, so yeah, it's not "so what"... Get a clue about what you are enabling with that unintelligent train of thought.
    baconstanglolliverpotatoleeksoupprolineanton zuykovsergiozperkedeljay-tdoozydozenmacseeker
  • Reply 3 of 27
    baconstangbaconstang Posts: 1,103member
    As usual, you get what you pay for.
    No $$$, no privacy.
    williamlondonhydrogenlongpathbadmonkwatto_cobra
  • Reply 4 of 27
    roakeroake Posts: 809member
    Wait until the apologists start saying, "Why do you care if you have nothing to hide?'.  What do I have to hide?  My privacy.  My entire private life.  Doesn't matter if people have anything to hide or not.  Exposing every detail about every persons private life is what should be explicitly illegal.
    lolliverbaconstangmagman1979perkedeldoozydozenwilliamlondonlongpathnolamacguybadmonkwatto_cobra
  • Reply 5 of 27
    I'm unsure about this one. 

    What if if the search phrase was something like "place bomb in Times Square"?  
  • Reply 6 of 27
    prolineproline Posts: 222member
    Absurd. Yahoo's customers are all white people over 80 and no self-respecting mujahideen would ever go on a site like that. Total waste of money.
  • Reply 7 of 27
    sully54sully54 Posts: 108member
    To be honest, In this day and age, it would be naive for anyone to think they have a modicum of privacy on the internet. Apple or any company can claim all they want that they take security and privacy seriously—and they very well may—but when you get right down to it, it's all code. And coding will invariably have holes that are just waiting to get exploited, if not by the government then by hackers. 
    mike1
  • Reply 8 of 27
    mattinozmattinoz Posts: 2,299member
    After years of my old yahoo address was so spammed you'd need very powerful filters to find an intelligence in there.
    watto_cobra
  • Reply 9 of 27
    jfc1138jfc1138 Posts: 3,090member
    That sort of generalized fishing expedition isn't legal under FISA unless those hundreds of millions of users were NOT United States citizens. That "F" does stand for "foreign" after all. 

    I'm pretty sure Yahoo got played. 
    edited October 2016
  • Reply 10 of 27
    avonord said:
    I'm unsure about this one. 

    What if if the search phrase was something like "place bomb in Times Square"?  

    What if some government agency bashed in your front door because you used those words just now? What if that phrase is the trigger to monitor all your digital doings in the next 30 days, just to see if this was an innocent remark or a clue to the existence of a really stupid terrorist? What if some of your doings might be interpreted as preparation for an attack if one assumed that you were a terrorist because you have just now, here, in this forum, used those words?

    Dutch 'Loesje' had a quite good take on this: "I have nothing to hide. But they don't need to know that."

    edited October 2016 mvboetzelaerjmc54longpathnolamacguybadmonkjony0
  • Reply 11 of 27
    proline said:
    Absurd. Yahoo's customers are all white people over 80 and no self-respecting mujahideen would ever go on a site like that. Total waste of money.
    And what colour are the mujahideen?
  • Reply 12 of 27
    irelandireland Posts: 17,798member
    avonord said:
    What if if they search phrase was something like "place bomb in Times Square"?  
    Guess who's watch list you are on now?

    Yes, even a joke, sarcasm, irony, an example, pretence, fraping, discussion and other possibilities would cause you to be funnelled into such a government filter. You can argue, "but I did nothing wrong" all day, but you are a filter hit. Now you're in a position where you may have to prove you are innocent for having no involvement in something they may suspect you of. You have to hope they don't get it wrong. And that's if everyone is honest. Not everyone in government is honest or if someone wanted to frame you they could begin to form a picture. Or what about a leader with no morals? Think: ______.

    Are you getting it yet?

    Fiction writers have been arrested at their homes already from such methods. It's happened. This is very dangerous policy. The intelligence guys who said they could have prevented 9/11 with project 'thin-thread' or 'needle-thread' seem mighty convincing. Yet instead the NSA decided to try to collect and analyse everyone's information. The whole thing is ridiculous when encryption is freely available. So only the genuine get punished for the most part and freedom is lost to everyone and the all-watching-eye takes over.
    edited October 2016 spacerayslongpathbadmonkwatto_cobra
  • Reply 13 of 27
    Some of us use private servers for a reason.
    entropysjkichlinelongpath
  • Reply 14 of 27
    macxpressmacxpress Posts: 5,801member
    Some of us use private servers for a reason.
    Including Hillary Clinton...Sorry, couldn't resist! :D
    mike1nolamacguy
  • Reply 15 of 27
    Smart people wouldn't be using electronics for secret communications.
  • Reply 16 of 27
    entropysentropys Posts: 4,152member
    I think Clinton used yahoo, macxpress, at least according to the Russians and that self-aggrandising albino Australian dude.  So no worries.

    /joke for the those having trouble lightening up.
  • Reply 17 of 27
    Some of us use private servers for a reason.
    Is this private server connected to the internet?  Then your privacy is only an illusion. 
  • Reply 18 of 27
    2old4fun said:
    Some of us use private servers for a reason.
    Is this private server connected to the internet?  Then your privacy is only an illusion. 
    No, if you encrypted it properly
    edited October 2016 williamlondon
  • Reply 19 of 27
    maestro64maestro64 Posts: 5,043member
    Yeah so what. Is that illegal?

    Actually it may not be, the laws only says you can not use information you gather this way to prosecute someone. The govern can listen and collect what they want, using that information is where it become illegal. Our Laws only say they can not use it against you.
  • Reply 20 of 27
    maestro64maestro64 Posts: 5,043member
    Some of us use private servers for a reason.

    false sense of security and privacy, it is not like your email never touches another server getting from point A to B. The government can tap in anywhere in the line of communications and copy information on its way from A to B. The only issue with Yahoo is if the emails stay within Yahoo network, ie same building never have to leave their server farm.
Sign In or Register to comment.