Yahoo created program to scan customer emails for U.S. intelligence agencies, report says
A report on Tuesday claims Yahoo last year cooperated with U.S. government agency requests to create and deploy software that scanned hundreds of millions of customer emails as they arrived at the company's servers.

Citing multiple sources familiar with the matter, including former employees, Reuters reports Yahoo complied with the wishes of either the National Security Agency or the Federal Bureau of Investigation with its email scanning program.
U.S. intelligence officials through a classified request tasked Yahoo with picking out a particular set of characters, such as a phrase or attachment, and storing it for remote retrieval. It is unclear what the government was looking for, sources said. Whether Yahoo released any data to government agencies as part of the initiative is also unknown.
"Yahoo is a law abiding company, and complies with the laws of the United States," Yahoo said in a statement provided to Reuters.
As noted by the publication, some security experts believe the Yahoo incident is the first known case of a U.S. internet company agreeing to search all arriving messages. It is also the first to involve software created specifically for the purpose of snooping. Email service providers -- like phone companies -- have in the past acquiesced to requests for bulk data searches and limited real-time monitoring.
Yahoo CEO Marissa Mayer gave green lit the project in a decision that didn't sit well with other high-ranking employees, the report says. In particular, sources claim Mayer's move resulted in the resignation of former Chief Information Security Officer Alex Stamos in June 2015.
At the time, Mayer and other decision makers accepted the directive because they thought Yahoo would ultimately lose if they chose to fight, sources said. Further, instead of seeking guidance from Yahoo's security team, executives had engineers write and deploy the program. As can be expected, the security team found the software shortly after it was installed, believing it to be the work of a hacker, not company policy.
Experts believe the same government agencies behind the Yahoo request, whether it be the NSA, FBI or some other shadowy group, likely extended the same demand to competing firms offering similar services. Google and Microsoft told the publication they have never participated in email scanning operations like those reported. A Google representative went further, saying, "We've never received such a request, but if we did, our response would be simple: 'No way.'"
Apple, too, has butted heads with government entities seeking information under the Foreign Intelligence Surveillance Act (FISA). In April, the iPhone maker released its latest Report on Government Information Requests, noting agencies lodged 1,015 requests for customer account information affecting 5,192 users in the second half of 2015.
Earlier this year, Apple found itself at the center of a heated public debate over personal device encryption when the company declined a federal court order to access an iPhone tied to the San Bernardino terror attacks. The U.S. Department of Justice ultimately withdrew the case after FBI agents successfully bypassed the phone's passcode lock using a technique purchased from an unnamed third-party.
News of Yahoo's surreptitious activities comes just two weeks after the company confirmed reports of a massive security breach that impacted at least 500 million accounts in 2014.

Citing multiple sources familiar with the matter, including former employees, Reuters reports Yahoo complied with the wishes of either the National Security Agency or the Federal Bureau of Investigation with its email scanning program.
U.S. intelligence officials through a classified request tasked Yahoo with picking out a particular set of characters, such as a phrase or attachment, and storing it for remote retrieval. It is unclear what the government was looking for, sources said. Whether Yahoo released any data to government agencies as part of the initiative is also unknown.
"Yahoo is a law abiding company, and complies with the laws of the United States," Yahoo said in a statement provided to Reuters.
As noted by the publication, some security experts believe the Yahoo incident is the first known case of a U.S. internet company agreeing to search all arriving messages. It is also the first to involve software created specifically for the purpose of snooping. Email service providers -- like phone companies -- have in the past acquiesced to requests for bulk data searches and limited real-time monitoring.
Yahoo CEO Marissa Mayer gave green lit the project in a decision that didn't sit well with other high-ranking employees, the report says. In particular, sources claim Mayer's move resulted in the resignation of former Chief Information Security Officer Alex Stamos in June 2015.
At the time, Mayer and other decision makers accepted the directive because they thought Yahoo would ultimately lose if they chose to fight, sources said. Further, instead of seeking guidance from Yahoo's security team, executives had engineers write and deploy the program. As can be expected, the security team found the software shortly after it was installed, believing it to be the work of a hacker, not company policy.
Experts believe the same government agencies behind the Yahoo request, whether it be the NSA, FBI or some other shadowy group, likely extended the same demand to competing firms offering similar services. Google and Microsoft told the publication they have never participated in email scanning operations like those reported. A Google representative went further, saying, "We've never received such a request, but if we did, our response would be simple: 'No way.'"
Apple, too, has butted heads with government entities seeking information under the Foreign Intelligence Surveillance Act (FISA). In April, the iPhone maker released its latest Report on Government Information Requests, noting agencies lodged 1,015 requests for customer account information affecting 5,192 users in the second half of 2015.
Earlier this year, Apple found itself at the center of a heated public debate over personal device encryption when the company declined a federal court order to access an iPhone tied to the San Bernardino terror attacks. The U.S. Department of Justice ultimately withdrew the case after FBI agents successfully bypassed the phone's passcode lock using a technique purchased from an unnamed third-party.
News of Yahoo's surreptitious activities comes just two weeks after the company confirmed reports of a massive security breach that impacted at least 500 million accounts in 2014.
Comments
No $$$, no privacy.
What if if the search phrase was something like "place bomb in Times Square"?
I'm pretty sure Yahoo got played.
What if some government agency bashed in your front door because you used those words just now? What if that phrase is the trigger to monitor all your digital doings in the next 30 days, just to see if this was an innocent remark or a clue to the existence of a really stupid terrorist? What if some of your doings might be interpreted as preparation for an attack if one assumed that you were a terrorist because you have just now, here, in this forum, used those words?
Dutch 'Loesje' had a quite good take on this: "I have nothing to hide. But they don't need to know that."
Yes, even a joke, sarcasm, irony, an example, pretence, fraping, discussion and other possibilities would cause you to be funnelled into such a government filter. You can argue, "but I did nothing wrong" all day, but you are a filter hit. Now you're in a position where you may have to prove you are innocent for having no involvement in something they may suspect you of. You have to hope they don't get it wrong. And that's if everyone is honest. Not everyone in government is honest or if someone wanted to frame you they could begin to form a picture. Or what about a leader with no morals? Think: ______.
Are you getting it yet?
Fiction writers have been arrested at their homes already from such methods. It's happened. This is very dangerous policy. The intelligence guys who said they could have prevented 9/11 with project 'thin-thread' or 'needle-thread' seem mighty convincing. Yet instead the NSA decided to try to collect and analyse everyone's information. The whole thing is ridiculous when encryption is freely available. So only the genuine get punished for the most part and freedom is lost to everyone and the all-watching-eye takes over.
/joke for the those having trouble lightening up.
Actually it may not be, the laws only says you can not use information you gather this way to prosecute someone. The govern can listen and collect what they want, using that information is where it become illegal. Our Laws only say they can not use it against you.
false sense of security and privacy, it is not like your email never touches another server getting from point A to B. The government can tap in anywhere in the line of communications and copy information on its way from A to B. The only issue with Yahoo is if the emails stay within Yahoo network, ie same building never have to leave their server farm.