Yahoo’s CISO resigned in 2015 over secret e-mail search tool ordered by feds

Networking and broadband talkabout. Need help with that new router or setting up a network?
Post Reply
User avatar
wvjohn
Posts: 9238
Joined: Wed Nov 22, 2000 7:09 am
Contact:

Yahoo’s CISO resigned in 2015 over secret e-mail search tool ordered by feds

Post by wvjohn »

Yahoo is just full of surprises these days...

http://arstechnica.com/tech-policy/2016 ... arch-tool/

According to a new report by Reuters citing anonymous former employees, in 2015, Yahoo covertly built a secret “custom software program to search all of its customers' incoming emails for specific information.”
Reuters noted that Yahoo “complied with a classified US government directive, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said two former employees and a third person apprised of the events.” It is not clear what data, if any, was handed over.

FURTHER READING
Yahoo exec goes mano a mano with NSA director over crypto backdoors
Presuming that the report is correct, it would represent essentially the digital equivalent of a general warrant—which is forbidden by the Fourth Amendment, as Electronic Frontier Foundation lawyer Andrew Crocker noted on Twitter.
View image on Twitter
View image on Twitter
Follow
Andrew Crocker @agcrocker
The Fourth Amendment implications are staggering. Yahoo as agent of government scans all email, devoid of probable cause, particularity, etc
1:24 PM - 4 Oct 2016
37 37 Retweets 15 15 likes
This seems to be the first known case of an American Internet company acting on behalf of the government to search messages in near real time—previous operations captured stored data or intercepted only a handful of target accounts.

As Reuters also reported, Yahoo's then-Chief Information Security Officer, Alex Stamos, resigned in protest once he found out about the secret program. Stamos now works at Facebook.

Yahoo did not immediately respond to Ars' request for comment.

UPDATE 5:11pm: Kaitlin Kikalo, a Yahoo spokeswoman, sent Ars the same statement that the company has been sending to other media and declined further questions: “Yahoo is a law abiding company, and complies with the laws of the United States."

A spokeswoman for Microsoft, Kim Kurseman, e-mailed Ars this statement, and also declined further questions: “We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo.”

For its part, Google was the most unequivocal. Spokesman Aaron Stein e-mailed: "We've never received such a request, but if we did, our response would be simple: 'no way.'"

Sen. Ron Wyden, a Democrat who represents Oregon, also expressed dismay over the Yahoo revelation.

It is a fact that collection under Section 702 of the Foreign Intelligence Surveillance Act has a significant impact on Americans’ privacy. It is public record that this expansive surveillance program is the basis for warrantless searches of Americans’ emails, and that the government has never even counted how many. The FISA court has publically stated that tens of thousands of wholly domestic communications are caught up under 702 collection every year and that the potential number of Americans impacted is even larger than that.
The NSA has said that it only targets individuals under Section 702 by searching for email addresses and similar identifiers. If that has changed, the executive branch has an obligation to notify the public.
Neither the NSA nor the FBI have responded to Ars' request for comment.
Post Reply