Friday 27 April 2018

Yahoo caved in to US intelligence agencies to spy on users' email for specific phrases

Yahoo chief executive Marissa Mayer
Yahoo chief executive Marissa Mayer

Joseph Menn in San Francisco

INTERNET giant Yahoo secretly built software last year to search all of its customers' incoming emails for specific information demanded by US intelligence.

The company complied with a classified US government demand, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, according to former employees.

Surveillance experts said this was first case to surface of a US Internet company agreeing to a spy agency's request by searching all arriving messages.

It is not known what information intelligence officials were looking for, only that they wanted Yahoo to search for a set of characters. That could mean a phrase in an email or an attachment, said the sources who spoke to Reuters.

Reuters was unable to determine what data Yahoo may have handed over, if any, and if intelligence officials had approached other email providers besides Yahoo with this kind of request.

According to two of the former employees, Yahoo chief executive Marissa Mayer's decision to obey the directive angered some senior executives and led to the June 2015 departure of chief information security officer Alex Stamos, who now holds the top security job at Facebook.

"Yahoo is a law-abiding company, and complies with the laws of the United States," the company said in response to the claims.

The request to search Yahoo Mail accounts came in the form of a classified edict sent to the company's legal team, according to the three people familiar with the matter.

US phone and Internet companies are known to have handed over bulk customer data to intelligence agencies.

But some former government officials and private surveillance experts said they had not previously seen either such a broad demand for real-time Web collection or one that required the creation of new software.

Experts said it was likely the NSA or FBI had approached other Internet companies with the same demand, since they evidently did not know what email accounts were being used by the target.

The NSA usually makes requests for domestic surveillance through the FBI, so it is hard to know which agency is seeking the information.

Reuters was unable to confirm whether the 2015 demand went to other companies, or if any complied.

Google and Microsoft, two major US email service providers, did not respond to requests for comment.

Under laws including the 2008 amendments to the Foreign Intelligence Surveillance Act, intelligence agencies can ask US phone and Internet companies to provide customer data to aid foreign intelligence-gathering efforts for a variety of reasons, including prevention of terrorist attacks.

In a separate incident, Yahoo last month said "state-sponsored" hackers had gained access to 500 million customer accounts in 2014.

Irish Independent

Business Newsletter

Read the leading stories from the world of Business.

Also in Business