Yahoo secretly gave the NSA access to emails
Share on Facebook
Share on Twitter
Share on Google+
Share on Reddit
Share on Email

A pedestrian street crossing sign stands at Yahoo! Inc. headquarters in Sunnyvale, California, U.S., on Thursday, Jan. 7, 2016. Yahoo! Inc. is planning to eliminate jobs as part of Chief Executive Officer Marissa Mayer's effort to cut costs and revive growth at the struggling web portal, according to a person familiar with the matter. Photo credit: Noah Berger/Bloomberg via Getty Images Israel

A pedestrian street crossing sign stands at Yahoo! Inc. headquarters in Sunnyvale, California, U.S., on Thursday, Jan. 7, 2016. Yahoo! Inc. is planning to eliminate jobs as part of Chief Executive Officer Marissa Mayer's effort to cut costs and revive growth at the struggling web portal, according to a person familiar with the matter. Photo credit: Noah Berger/Bloomberg via Getty Images Israel

Since 2001, Yahoo has tussled with governments on surveillance. Recent security failures have not helped it cope with the pressure

An explosive Reuters investigation revealed today that Yahoo “secretly built a custom software program to search all of its customers’ incoming emails for specific information provided by U.S. intelligence officials.”

It is significant not just because it was kept secret from users, but because of the scale involved and that it would have taken place in real-time.

Yahoo’s woes in the wake of its 2016 disclosure that 500 million accounts were compromised two years ago continue with further revelations about the hack, and Yahoo’s business practices, during this period.

Though the most recent news items cover unrelated incidents, both have again called into question the company’s commitments to users’ privacy and made clear that the business end and security team were at frequent loggerheads when responding to some of the most consequential decisions the tech giant has ever faced since its founding.

Long, losing battle for Yahoo

This effort demonstrates a much more cooperative approach between the tech giant and governments than before. The U.S. intelligence community went to tech giants seeking this level of access within days of the September 11, 2001 attacks, going to the email and ISP titans of the time, like AOL and Yahoo, to search their logs and explore wiretapping options available then.

In 2007, as Reuters notes, the company fought the U.S. government against having to conduct account searches, despite being subject to massive fines for its stance. It lost that fight in court, however, and then had to cooperate with the government. Then, from 2008 to 2010, Yahoo webcams were allegedly, and forcefully, breached by the National Security Agency (NSA) as well as the UK’s GCHQ. The company angrily reacted to the intrusion, saying it had no idea it took place as the intelligence services snatched up millions of still images from the webcams.

Reuters says that the contents of the searches remain classified. A legal challenge against the program is unlikely. By 2015, when the NSA came to Yahoo with its search request, Yahoo probably understood its reluctant participation in PRISM after the 2007 case, bulk surveillance precedents set by telecoms in years past, and decisions about “cross-border surveillance” practices online as constituting legal precedent for cooperating with the NSA.

Security team at odds with business end

But the cooperation also took place without the input of the company’s security team and its then-Chief Information Security Officer, Alex Stamos. He eventually left the company to become Facebook’s CSO. His departure was, in the end, part of a larger clash between him and other Yahoo executives over a variety of issues, including this custom software program, but also over Yahoo’s reluctance to spend as much on security as Stamos and his security team, dubbed “the Paranoids,” wanted.

To further compound Yahoo’s image problem, the cyber security firm InfoArmor now contests Yahoo’s attribution of the 2014 hack to a nation-state. According to InfoArmor, the breach that targeted Yahoo’s third-party vendors in 2014 was carried out by a collective, known as “Group E” to investigators, “who [since 2012] were hired to compromise customers databases from a variety of different targeted organizations.”

Yahoo has not yet named the supposed nation-state, citing its ongoing investigation.

Share on:Share
Share on Facebook
Share on Twitter
Share on Google+
Share on Reddit
Share on Email

More Goodies From Big Data


How Cognitive Search Eliminates Common Struggles Website Users Face

How did Big Data transform the manufacturing industry?

10 ways to save money with AWS Redshift