Yahoo gave the US government access to all user emails, report says [Updated]

Yahoo refutes reports it built an email scanning search tool

Update: A day after the Reuters report broke, Yahoo issued a statement denying the story. The statement from a Yahoo spokesperson and sent to TechRadar reads, "The [Reuters] article is misleading. We narrowly interpret every government request for user data to minimize disclosure. The mail scanning described in the article does not exist on our systems."

It's interesting to note that the statement says the Reuters report is "misleading" and not unequivocally false. There may be some truth to the original story, but Yahoo is not saying which parts are accurate.

However, Yahoo does deny the existence of the email scanning tool that anonymous sources revealed to Reuters. It's unknown why Yahoo originally provided us with a statement that read, "Yahoo is a law abiding company, and complies with the laws of the United States," only to follow up with a denial 12 hours later with the statement above.

The original story continues below...

Yahoo built custom software for the US government to help its spy agencies look for specific information in any of its users' emails, according to a new report.

Reuters claims Yahoo built the program last year at the behest of the National Security Agency (NSA) and Federal Bureau of Investigations (FBI). The publication learned about the company's alleged actions through interviews with two anonymous former Yahoo employees and another anonymous source familiar with the matter.

While technically legal according to the Foreign Intelligence Surveillance Act (FISA), Yahoo's move to allow real-time mass surveillance of its users is unprecedented. It's also unknown what exactly the NSA and FBI were looking for.

Yahoo Mail for Windows

Yahoo Mail for Windows

The revelation is shocking as no major technology company has allowed such broad access to its users information before, setting a dangerous precedent. Traditionally, the US government has approached companies for specific user data on a case-by-case basis.

We asked Yahoo about the allegations, and received this response from a company spokesperson: "Yahoo is a law abiding company, and complies with the laws of the United States."

Fighting for user privacy

Today's report reignites the conversation about whether technology companies should build a backdoor into its security systems for government use.

Last year, Apple fought against the FBI when it refused to create a special program for the agency to break into a terrorist's iPhone. Apple argued that a backdoor for the government would invite attacks from criminals and foreign governments. The FBI dropped its case against Apple after a third-party helped unlock the phone.

iPhone 5c

The FBI wanted Apple to unlock an iPhone 5c that was used by a terrorist

In April of this year, Facebook reported a 13% increase in government requests from the first half of the year for user information. Other tech companies like Google and Microsoft have also historically fought to reveal to the public how many government data requests they receive.

Yahoo has resisted bulk government surveillance in the past. Back in 2014, Yahoo refused to hand over user data to the NSA. In retaliation, the US government threatened to fine Yahoo $250,000 per day until it handed over the data.

Yahoo CEO Marissa Mayer

Yahoo CEO Marissa Mayer

It's unclear why Yahoo decided to allow such unprecedented access to the US government after previously fighting for user privacy. FISA experts speaking with Reuters said Yahoo could have contested the request on the grounds of being too broad and the burden of having to create a tool, similar to Apple's argument against the FBI.

The anonymous sources allege that the final decision to make the tool was made by Yahoo CEO Marissa Mayer. The decision is supposedly the reason Yahoo's Chief Security Officer at the time, Alex Stamos, left the company for Facebook in 2015.

It's also unclear whether or not the state-sponsored hack of Yahoo, where 500 million customer accounts were compromised, was due in part to the tool given to the US government.

Tags