Following a report yesterday that cited three former Yahoo employees who claimed the company built a program to scan every customer's email for specific information at the order of the United States government, new pieces of information have surfaced in a separate article from The New York Times. Specifically, anonymous sources close to the matter said that Yahoo built the program by adapting a filter meant to scan email inboxes for child pornography, malware, and basic spam content.
Yahoo was said to have done this in order to "satisfy a secret court order," created to require the company to search for content containing a specific computer signature related to online communications of an unspecified state-sponsored terrorist group. Two of the anonymous sources -- referred to as "government officials" -- mentioned the Justice Department received the order from a judge of the Foreign Intelligence Surveillance Court sometime last year, an order that Yahoo was "barred from disclosing" to the public.
Through its modifications to the spam filter program, Yahoo complied with the Justice Department's order and made available any email that contained the signature, but as of now that collection method "is no longer taking place." The order was described as "unusual" because it required the scanning of individual emails instead of user accounts as a whole, and was allegedly only given to Yahoo as other tech companies, including Apple, have said they never encountered such a demand.
In response to a request for comment, an Apple spokesperson told BuzzFeed News, “We have never received a request of this type. If we were to receive one, we would oppose it in court.”
A Microsoft spokesperson said, “We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo.”
A Google spokesperson told BuzzFeed News, “We’ve never received such a request, but if we did, our response would be simple: no way.”
According to the sources, federal investigators learned last year that members of a foreign terrorist organization were communicating using Yahoo's email service, through a method that used a "highly unique" designator, or signature, in each communication. Although built to look for specific content, the modified program's far-reaching scanning of each user on the service brought about unrest in the user base when the original report came out yesterday. Yahoo's compliance is also being contrasted to Apple's obstinate response in its battle with the FBI earlier in the year.
After the news broke, Yahoo said that the Reuters story was "misleading" and that the email scanning outlined in the report "does not exist on our systems." Compounding the company's woes, last month Yahoo confirmed that "at least" 500 million user accounts were compromised during an attack in late 2014, leaking customer information like names, email addresses, telephone numbers, birthdates, hashed passwords, and both encrypted and unencrypted security questions and answers. In the midst of all of this, Yahoo’s pending acquisition by Verizon could potentially face negative effects.
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
Top Rated Comments
I also have a hard time believing anybody who has their life or super secret plans on the line would even think of using Yahoo email in the first place. So wouldn't it be a really stupid terrorist gang?
It's over, Yahoo!
This was most likely to look in folders OTHER than the inbox, particularly the Drafts folder.
A well-known circumvention of incoming email sniffing is to use the same account: composing a message and saving it in the Drafts folder. The recipient logs into the same account and reads the draft message, replying to it or deleting it.
Apple, Microsoft, and Google all state they haven't been approached with a request like this. Apple and Google were both pretty emphatic in their response. Hell no. Microsoft on the other hand, their response was a bit more vague and non-commital regarding their response if requested to do something similar.
"We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo." - Microsoft. If someone gave me a response like that, my first question would be "Well what kind of secret email scanning have you done?"