close

Yahoo Built a Secret Tool to Scan Your Email Content for US Spy Agency

by bertram on 475 views
NEW YORK, NY - APRIL 27: Yahoo CEO Marissa Mayer attends the 2015 Yahoo Digital Content NewFronts at Avery Fisher Hall on April 27, 2015 in New York City. (Photo by Cindy Ord/Getty Images for Yahoo)

In 2015, Yahoo CEO Marissa Meyer ordered the company’s engineers to build a tool that scanned Yahoo Mail messages in realtime for “characters” of interest to a US security agency, either the FBI or the NSA.

As far as we know, the move was unprecedented in US tech history, and it triggered the departure of then-CSO Alex Stamos (previously), now CSO for Facebook.

The demand to search Yahoo Mail accounts came in the form of a classified directive sent to the company’s legal team, according to the three people familiar with the matter.

U.S. phone and Internet companies are known to have handed over bulk customer data to intelligence agencies. But some former government officials and private surveillance experts said they had not previously seen either such a broad directive for real-time Web collection or one that required the creation of a new computer program.

“I’ve never seen that, a wiretap in real time on a ‘selector,'” said Albert Gidari, a lawyer who represented phone and Internet companies on surveillance issues for 20 years before moving to Stanford University this year. A selector refers to a type of search term used to zero in on specific information.

“It would be really difficult for a provider to do that,” he added.




‘Unhappy’ Chief Information Security Officer Left Yahoo Immediately

When Yahoo’s Chief Information Security Officer Alex Stamos found out that Mayer had authorized the surveillance program, he resigned from the company, telling his subordinates that “he had been left out of a decision that hurt users’ security.”

Stamos now works for Facebook.

Here’s what Yahoo said in a brief statement in response to Reuters demand:

“Yahoo is a law-abiding company, and complies with the laws of the United States.”

The company declined any further comment.

It is most likely that other Internet companies may have also received a similar court order because the spy agency did not know which the target was using email service.

And since the NSA usually makes requests for domestic surveillance through the FBI, it is hard to say which agency was seeking the information.

This news comes just weeks after Yahoo announced the company was the victim of a “state-sponsored” cyber attack that leaked the personal details of more than 500 million of its users.

you might also like