New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

Yahoo Secretly Scanned Millions of Customer Emails for U.S. Authorities [Updated]

Yahoo secretly built a custom software program to search all of its customers' incoming emails for specific information at the behest of U.S. intelligence authorities, according to people familiar with the matter.

Reuters spoke to three former Yahoo employees who revealed the existence of the custom code, apparently written in compliance with a classified U.S. government demand. The program scanned hundreds of millions of Yahoo Mail accounts for the NSA or FBI, said the former employees and a fourth person with knowledge of the events.

yahoo
Surveillance experts say the revelation represents the first case to surface of a U.S. internet company agreeing to an intelligence agency's request by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real time.

According to two former employees, Yahoo Chief Executive Marissa Mayer's decision to obey the directive did not sit well with some senior executives and led to the June 2015 departure of Chief Information Security Officer Alex Stamos. Stamos now holds the top security job at Facebook, which incidentally just completed the rollout of end-to-end encrypted privacy features for its hugely popular Messenger app.

"Yahoo is a law abiding company, and complies with the laws of the United States," the company told Reuters in response to the claims, but stopped short of denying them. It declined any further comment. The NSA referred questions to the Office of the Director of National Intelligence, which also declined to comment.

According to Andrew Crocker, an attorney with the Electronic Frontier Foundation, it's likely the request invoked Section 702 of the Foreign Intelligence Surveillance Act, which permits the bulk collection of communications for the purpose of targeting a foreign individual. But rather than having a non-U.S. target, every single person with a Yahoo email inbox was placed under surveillance, regardless of citizenship.

Speaking to The Intercept, Crocker said the Yahoo program seems "in some ways more problematic and broader" than previously revealed NSA bulk surveillance programs like PRISM or Upstream collection efforts. "It's hard to think of an interpretation that doesn't mean Yahoo isn't being asked to scan all domestic communications without a warrant or probable cause. The Fourth Amendment implications of that are pretty staggering."

It's unclear what data Yahoo may have handed over to the authorities, if any, and if intelligence officials had approached other email providers besides Yahoo with the same kind of request.

Contacted by The Intercept, an Apple spokesperson said: "We have never received a request of this type, and if we were to receive one, we would oppose it in court." The spokesperson also pointed to a section from a recent public letter by CEO Tim Cook, which he said was still accurate:
Finally, I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will.
Facebook, Google, and Microsoft separately said on Tuesday that they had not conducted such email searches. "We've never received such a request, but if we did, our response would be simple: 'No way'", a spokesman for Google said in a statement. Twitter also said it has never received such a request.

In related news last month, Yahoo revealed that "state-sponsored" hackers had gained access to 500 million customer accounts in 2014. The revelations come at a sensitive time for the company as it tries to complete a deal to sell its core business to Verizon for $4.8 billion.

Update: Yahoo has disputed parts of the Reuters report, saying that "the article is misleading" and that the email scanning outlined in the report "does not exist on our systems."
“The article is misleading,” Yahoo said in a statement. “We narrowly interpret every government request for user data to minimize disclosure. The mail scanning described in the article does not exist on our systems.”

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.



Top Rated Comments

(View all)

32 months ago
that was my porn e-mail account. what a mistake! LOL
Rating: 28 Votes
32 months ago
To have a modern online life, most people have no choice but to trust companies with their data, such as emails in this case.

Now - I don't really trust any of them 100%, but since I have to choose I have chosen Apple because I distrust Apple the least, if that makes sense.
Rating: 25 Votes
32 months ago
Wowwwwww. I knew I hated yahoo. Now I really know why. Pansy ass dipsticks!!
Rating: 19 Votes
32 months ago

Wowwwwww. I knew I hated yahoo. Now I really know why. Pansy ass dipsticks!!


Save some of the hate for the FBI and NSA
Rating: 19 Votes
32 months ago
Think if they were scanning every email they would have better spam control.
Rating: 18 Votes
32 months ago
Surprised Yahoo still exists.
Rating: 16 Votes
32 months ago
wow... just wow... Way to demolish the trust of users...
Rating: 11 Votes
32 months ago
Well, thankfully I only use Yahoo for my Fantasy Football team. Now everyone knows how horrible I am.
Rating: 11 Votes
32 months ago
I thought yahoo died along with its messenger service about 12 years ago
Rating: 7 Votes
32 months ago

Hope they are using it to root out all the criminals, terrorists and pedophiles.


Which, without a warrant, is against the law, and unconstitutional. But that probably doesn't worry you, yet.
Rating: 7 Votes

[ Read All Comments ]