back to top
Tech

The Internet Is Pissed Yahoo Built The US A Custom Tool For Email Spying

The internet giant built a custom program for US intelligence to spy on hundreds of millions of users. No one was happy to hear that.

Originally posted on
Updated on

In what seems to be an unprecedented act, troubled internet giant Yahoo Inc built custom software for US intelligence to probe hundreds of millions of Yahoo users’ emails, according to Reuters.

Citing a few unnamed sources familiar with the matter, Reuters reported that the software could search any incoming email to a Yahoo account for specific sequences of characters sought by the US government. The software could also store the information for later retrieval by US spy operatives. It's still unclear whether this software searched only US citizens' email accounts, or if its scope was more broad. Reuters notes that it is likely that the government demanded that other email providers comply with its spying directive as well.

Yahoo's compliance with government spying at this scale seems to be previously unheard of, especially because it built the customized software for the government's spying purposes. Earlier this year, Apple successfully fought a publicized battle with the FBI after the agency demanded that Apple develop software to break encryption on an iPhone owned by one of the San Bernardino shooters.

Yahoo denied the existence of the software in a prepared statement: “The [Reuters] article is misleading. We narrowly interpret every government request for user data to minimize disclosure. The mail scanning described in the article does not exist on our systems.”

The ACLU responded in a prepared statement: “The order issued to Yahoo appears to be unprecedented and unconstitutional...It is deeply disappointing that Yahoo declined to challenge this sweeping surveillance order, because customers are counting on technology companies to stand up to novel spying demands in court."

Sherif Elsayed-Ali, head of technology and human rights at Amnesty International, said in a prepared statement, "This news will greatly undermine trust in the internet...This would demonstrate the failure of US government reforms to curb NSA’s tendency to try and indiscriminately vacuum up the world’s data. This is a clear sign that people can trust neither their government nor their service providers to respect their privacy: only end-to-end encryption that keeps their communications away from prying eyes will do."

And after the Snowden leaks uncovered the PRISM scandal in 2013, tech companies, from Yahoo to Google to Apple, denied their involvement in the NSA's surveillance and emphasized how they had fought the government over orders for data from the Foreign Intelligence Surveillance Court. In 2007, Yahoo did wage a scrappy fight against a Foreign Intelligence Surveillance Act demand for the company to search specific email accounts without a warrant, but it was ultimately unsuccessful.

Cybersecurity and legal experts are not, to say the least, pleased with Yahoo's latest news.

The Fourth Amendment implications are staggering. Yahoo as agent of government scans all email, devoid of probable… https://t.co/Vjxwn0kndy

Yikes. Yahoo complied w a FISA 702 demand without putting up a fight which apparently led to @alexstamos' departure. https://t.co/wC3rO4V2X5

Advertisement

Cardozo also told BuzzFeed News, "This has enormous constitutional implications. There's no way this would satisfy the Fourth Amendment. It's much more intrusive than PRISM, and the fact that Marissa Mayer gave them 'direct access' is insane. Was Verizon aware of what they bought?"

Funny, doesn't look like Yahoo's transparency report indicated how EVERY SINGLE EMAIL was searched for the NSA. https://t.co/COAJ28sOzF

had we shipped it on-schedule at the end of 2014, we would have at least protected some people from getting their emails siphoned by NSA/FBI

I wonder how the candidates feel about Yahoo spying on every single customer's emails for NSA/FBI. Will they defend this shameful practice?

In response to a request for comment, an Apple spokesperson told BuzzFeed News, “We have never received a request of this type. If we were to receive one, we would oppose it in court.”

A Microsoft spokesperson said, "We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo.”

A Google spokesperson told BuzzFeed News, "We've never received such a request, but if we did, our response would be simple: no way."

And Twitter said in a prepared statement: “We've never received a request like this, and were we to receive it we'd challenge it in a court." Twitter is currently suing the Justice Department to be able to disclose information about the government's requests.

Reuters also reported that Yahoo’s security team, which was not informed about the company's development of the spying software, discovered the program in May 2015, just weeks after its installation, and thought it was a hack. Yahoo’s email engineers developed the program.

Yahoo’s Chief Information Security Officer, Alex Stamos, left the company after discovering the compliance with US intelligence. According to Reuters, he advised Yahoo that hackers beyond simply US spies would be able to access the stored emails due to a programming flaw. Recently, news broke that Yahoo endured a hack of 500 million user accounts in 2014, which does not seem to be related the installation of the email spying software.

The company also announced a new app, Newsroom, which it called “Reddit for the masses,” on the same day as the spying became public. Yahoo is in the midst of a $4.8 billion sale to Verizon.

Blake Montgomery is a reporter for BuzzFeed News and is based in San Francisco.

Contact Blake Montgomery at blake.montgomery@buzzfeed.com.

Got a confidential tip? Submit it here.

Promoted