Yahoo denies mass email spying claim, however other’s say differently
Yahoo Inc last year secretly built a custom software program to search all of its customers’ incoming emails for specific information provided by U.S. intelligence officials, according to people familiar with the matter.
The company complied with a classified U.S. government demand, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said three former employees and a fourth person apprised of the events.
Some surveillance experts said this represents the first case to surface of a U.S. Internet company agreeing to an intelligence agency’s request by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real time.
According to two of the former employees, Yahoo Chief Executive Marissa Mayer’s decision to obey the directive roiled some senior executives and led to the June 2015 departure of Chief Information Security Officer Alex Stamos, who now holds the top security job at Facebook Inc.
The NSA referred questions to the Office of the Director of National Intelligence, which declined to comment.
The request to search Yahoo Mail accounts came in the form of a classified edict sent to the company’s legal team, according to the three people familiar with the matter.
U.S. phone and Internet companies are known to have handed over bulk customer data to intelligence agencies. But some former government officials and private surveillance experts said they had not previously seen either such a broad demand for real-time Web collection or one that required the creation of a new computer program.
“We’ve never received such a request, but if we did, our response would be simple: ‘No way’,” a spokesman for Google said in a statement.
A Microsoft spokesperson said in a statement, “We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo.” The company declined to comment on whether it had received such a request.
Under laws including the 2008 amendments to the Foreign Intelligence Surveillance Act, intelligence agencies can ask U.S. phone and Internet companies to provide customer data to aid foreign intelligence-gathering efforts for a variety of reasons, including prevention of terrorist attacks.
Some FISA experts said Yahoo could have tried to fight last year’s demand on at least two grounds: the breadth of the directive and the necessity of writing a special program to search all customers’ emails in transit.
Apple Inc made a similar argument earlier this year when it refused to create a special program to break into an encrypted iPhone used in the 2015 San Bernardino massacre. The FBI dropped the case after it unlocked the phone with the help of a third party, so no precedent was set.
Following the report, the Office of the Director of National Intelligence said that it does not discuss specific techniques used to collect foreign intelligence information. “It is important to remember the Intelligence Community has specific tools available to collect intelligence information, including the Foreign Intelligence and Surveillance Act,” said ODNI Public Affairs Deputy Director Richard Kolko. “Collection under FISA is subject to rigorous oversight by all three branches of government. Under FISA, activity is narrowly focused on specific foreign intelligence targets and does not involve bulk collection or use generic key words or phrases. The United States only uses signals intelligence for national security purposes, and not for the purpose of indiscriminately reviewing the emails or phone calls of ordinary people.”