Yahoo Reportedly Scanned Millions of Customers’ Emails On Behalf of U.S. Intelligence
Just a couple weeks after confirming that it was subject to a major security breach, Yahoo was back in the news on Tuesday for a similar but also different matter: According to a new report from Reuters, the tech company scanned all of its users incoming emails for certain keywords that United States intelligence agencies asked them to look for. While the National Security agency was revealed to have access to the average person’s emails in the Edward Snowden leaks, they were usually collected in bulk and then searched on the NSA’s end. Under the Foreign Intelligence Surveillance Act, U.S. intelligence can request customer data to stop terrorist attacks among other reasons.
While the keywords themselves were not revealed, this is the first time that an internet communication company was outed as searching all of its customers’ correspondence, as opposed to just a chunk or the NSA getting the information and searching it themselves. It’s not yet clear if any other email providers did the same thing at the federal government’s request, but it rubbed some executives the wrong way, to the point that it’s believed that this story is why Chief Information Security Officer Alex Stamos (who also declined comment) left for Facebook.
Yahoo issued the following statement on the story:
Yahoo is a law abiding company, and complies with the laws of the United States.
Microsoft and Google, the other two leading email providers, would not comment on the story.
UPDATE 5:00 p.m. ET: Microsoft released a statement to Vocativ:
We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo.
They also reached out to Apple, who wouldn’t issue a statement but directed them to a letter that CEO Tim Cook wrote about privacy which includes this comment:
I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will.
Have a tip we should know? firstname.lastname@example.org