Reuters – Yahoo allowed US government to secretly scanning customer emails

Pierluigi Paganini October 05, 2016

Yahoo may have allowed US government to search user emails by using a secret software program that scanned hundreds of millions of Mail accounts.

Yahoo is still in trouble, this time the company  has reportedly scanned all of its users’ incoming emails with a secret software program that is designed to gather information for the US Government agencies.

According to the Reuters agency, the software was created last year and it was used by IT giant to search emails in hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency and FBI.

“Yahoo Inc last year secretly built a custom software program to search all of its customers’ incoming emails for specific information provided by U.S. intelligence officials, according to people familiar with the matter.” reported the article from the Reuters Agency.

“The company complied with a classified U.S. government demand, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said three former employees and a fourth person apprised of the events.”

If confirmed, this is the firm time of a US Internet company agreeing to an intelligence agency’s request by scanning all incoming email messages in real time. In the past, other cases showed the US agencies to examining stored messages or scanning only  a small number of accounts in real time.

The NSA PRISM surveillance program revealed by the whistleblower Edward Snowden is probably the most popular surveillance initiative that involved US IT giants that have handed over customer data before.

Yahoo PRISM project slide

Yahoo was one of the companies that took part of the NSA’s PRISM intelligence-gathering programme.programme.

It is not clear if the company is still using the powerful surveillance program to comply with a U.S. classified government requests.classified government requests.classified government requests.classified government requests.

Yahoo is a law abiding company, and complies with the laws of the United States,” is the official reply of the company.

It’s still unclear what US intelligence agencies were exactly searching for, it seems the surveillance program was scanning for a certain “set of characters,” possibly a phrase in an email or attachment.

I believe it is important to highlight that according to two of the former employees, the decision of company to obey the government directive led the departure of Chief Information Security Officer Alex Stamos in June 2015.

The Reuters reported Yahoo’s security team discovered the surveillance program in May 2015, a few weeks after its deployment in the company systems. In a first time, the security team thought hackers had broken in, later they discovered that the installation was authorized by the CEO.

“When Stamos found out that Mayer had authorized the program, he resigned as chief information security officer and told his subordinates that he had been left out of a decision that hurt users’ security, the sources said. Due to a programming flaw, he told them hackers could have accessed the stored emails.” reported the Reuters “Stamos’s announcement in June 2015 that he had joined Facebook did not mention any problems with Yahoo.”

Both the NSA and the FBI didn’t immediately respond to a request for comment.

The news arrived a few days after a former Yahoo executive revealed the number of affected user accounts in the 2012 Yahoo data breach may be between 1 Billion and 3 Billion.

Patrick Toomey, a staff attorney with the American Civil Liberties Union used the following statements to comment the news:

“Based on this report, the order issued to Yahoo appears to be unprecedented and unconstitutional. The government appears to have compelled Yahoo to conduct precisely the type of general, suspicionless search that the Fourth Amendment was intended to prohibit.”

“It is deeply disappointing that Yahoo declined to challenge this sweeping surveillance order, because customers are counting on technology companies to stand up to novel spying demands in court. If this surveillance was conducted under Section 702 of the Foreign Intelligence Surveillance Act, this story reinforces the urgent need for Congress to reform the law to prevent dragnet surveillance and require increased transparency.”

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Yahoo, surveillance program)

you might also like

leave a comment