For years, Yahoohas been scanning the email of unknowing users and then turning this information over to US intelligence agencies. Citing sources familiar with the matter, Reutersbroke the story today that Yahoo is complicit in breaching the privacy of millions of potential users, even beyond its recent hack.
The company complied with a US intelligence directive that saw millions of Yahoo Mail accounts scanned in near-real time as opposed to the stored message scanning relied on most commonly, and only through use of a warrant for specific individuals. This breach seemingly targeted millions of users, all of which were unaware they were being targeted.
Do business with 5,000 people
TNW Momentum is our New York technology event for anyone interested in helping their company grow.
Find out more
In fact, ‘complicit’ may be the wrong word. Yahoo actively built a tool that enabled this sort of covert surveillance on its users.
According to two former employees, Yahoo CEO Marissa Mayer ordered the company’s compliance, a move that led to the departure of Chief Information Security Officer Alex Stamos’ departure. Three others familiar with the matter reported the order came in the form of a classified directive sent to Yahoo’s legal team.
Bulk data collection on US phone and internet companies is nothing new. Government officials and private surveillance experts claim they’ve not seen such a broad directive for real-time collection on the web.
“I’ve never seen that, a wiretap in real time on a ‘selector,'” said Albert Gidari, a lawyer who represented telecom companies on surveillance issues for the past 20 years. “It would be really difficult for a provider to do that.”
A ‘selector,’ in this case, is a search query used to zero in on a particular target.
Google and Microsoftdidn’t respond to a request for comment. We had intended to ask whether either received similar orders and if they were compliant.
Exclusive: Yahoo secretly scanned customer emails for U.S. intelligence - sources on Reuters