Reuters’ Joseph Menn is reporting that just last year, Yahoo chose to comply with a classified “directive” to build “a custom software program to search all of its customers’ incoming emails for specific information provided by U.S. intelligence officials” – the NSA in particular.
It’s still unknown what the “specific information” here was—or is—but Yahoo CEO Marissa Mayer’s decision to not put up any fight against the extremely broad request apparently prompted the departure of then-Chief Information Security Officer Alex Stamos, now head of security at Facebook.
Reached via Twitter DM, Stamos told The Intercept that he’s “not commenting at all on Yahoo.” When asked if Facebook had ever received a similar government directive, Stamos replied that he would “pass that to Facebook comms,” which has not yet responded.
It remains unclear what form the “directive” took, though according to Andrew Crocker, an attorney with the Electronic Frontier Foundation, the best guess is that it invoked Section 702 of the Foreign Intelligence Surveillance Act, which permits the bulk collection of communications for the purpose of targeting a foreign individual.
But this Yahoo program doesn’t appear to have had even an ostensibly non-U.S. target. Rather, literally every single person with a Yahoo email inbox was evidently placed under surveillance, regardless of citizenship.
Crocker said the Yahoo program seems “in some ways more problematic and broader” than previously revealed NSA bulk surveillance programs like PRISM or Upstream collection efforts. “It’s hard to think of an interpretation” of the Reuters report, he explained, “that doesn’t mean Yahoo isn’t being asked to scan all domestic communications without a warrant” or probable cause.
“The 4th Amendment implications of that are pretty staggering,” Crocker said.
The Yahoo program, as described, also differs from previous federal data-grabs in that the scanning occurred in real-time, as messages arrived in a user’s inbox, rather than being conducted in an archive of stored communications.
The fact that every single Yahoo email account was subject to this surveillance seems at odds with figures in Yahoo’s transparency report, which claims fewer than 20,000 accounts were tapped at the behest of the U.S. government. It would also appear to run contrary to the spirit of two quotations on Yahoo’s transparency site, where Yahoo General Counsel Ron Bell claims “We fight any requests that we deem unclear, improper, overbroad, or unlawful” and Mayer says “We’ve worked hard over the years to earn our users’ trust and we fight hard to preserve it.”
The Reuters report is sourced to “two former employees and a third person apprised of the events,” rather than government officials – raising the possibility that similar orders have been issued to other major service providers.
An Apple spokesperson declined to comment on the record when asked if Apple has received or complied with the same or similar directive, but pointed to a section from a recent public letter by CEO Tim Cook, which he said was still accurate:
Finally, I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will.
A Microsoft spokesperson would not comment when presented with the same question, but said the company is working on a public statement. This post will be updated when that statement is published.
A Google spokesperson said they too are working on a statement, but were unable to comment on the record in the meantime.
Patrick Toomey, a staff attorney with the American Civil Liberties Union, said in a statement that “the order issued to Yahoo appears to be unprecedented and unconstitutional. The government appears to have compelled Yahoo to conduct precisely the type of general, suspicionless search that the Fourth Amendment was intended to prohibit.”
He added: “It is deeply disappointing that Yahoo declined to challenge this sweeping surveillance order, because customers are counting on technology companies to stand up to novel spying demands in court.”
from The Intercept ift.tt/2cQyHYr