Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Report Claims Yahoo Secretly Searched Emails for US Government

Rights groups are up in arms after a new report claimed Yahoo complied with a secret government order to search the incoming emails of all of its users in real-time for specific information.

Several former employees told Reuters that the internet pioneer agreed to build a bespoke software program in order to carry out the request, which may have come from the FBI but more likely the NSA.

Although the US authorities have previous history when it comes to requesting bulk customer data, it’s thought this case could be a first in its asking a provider to scan incoming messages in real-time on a massive scale.

It’s not known what data Yahoo eventually handed over to the US government.

The report claimed Yahoo boss Marissa Meyer took the decision to comply and cut then-CISO Alex Stamos out of the loop, leading him to quit the role and move to Facebook.

In fact, it is claimed that when Stamos’ team initially found the secret program developed to search for the incoming data in May 2015, they thought it was the work of external hackers. To make matters worse, it apparently contained a bug which could have allowed hackers to access the emails, potentially putting hundreds of millions of users at risk.

Although Yahoo may have been legally bound to accede to the request for customer data, which the government can make in certain cases such as to help track down terrorists, experts are disappointed it didn’t push back.

"Yahoo is a law abiding company, and complies with the laws of the United States," the firm said in a brief statement responding to the story.

However, lawyers at the Electronic Frontier Foundation argued that if the report is accurate it describes a “new and dangerous expansion of the government’s mass surveillance.”

“Mass surveillance of Yahoo’s emails is unconstitutional for the same reasons that it's unconstitutional for the government to copy and search through vast amounts of communications passing through AT&T’s network as part of Upstream,” explained EFF attorneys Andrew Crocker and Mark Rumold.

“The sweeping warrantless surveillance of millions of Yahoo users’ communications described in the Reuters story flies in the face of the Fourth Amendment’s prohibition against unreasonable searches. Surveillance like this is an example of ‘general warrants’ that the Fourth Amendment was directly intended to prevent.”

They continued that the NSA has in the past attempted to justify its mass surveillance programs – like Upstream and Prism – on the basis that they were set up only to target foreigners outside the US.

But on this occasion, “the government seems to have dispensed with that dubious facade by intentionally engaging in mass surveillance of purely domestic communications involving millions of Yahoo users.”

Microsoft, Google Twitter and Facebook have all denied participating in a similar scheme at the behest of the government.

In fact, Microsoft on Monday launched a major new policy document for lawmakers which urges governments to strike a better balance between public safety and personal privacy and freedom.

What’s Hot on Infosecurity Magazine?