Complying with a classified directive from U.S. Intelligence, Yahoo Inc. reportedly built custom software that scans through its customers’ incoming emails searching for specific keywords and phrases at the behest of the National Security Agency and FBI, reported Reuters’ Joseph Menn.
It’s unclear whether the “specific information” the intelligence officials were seeking relates to a phrase in an email or an attachment, explained three former employees and a fourth person apprised of the event, only that every single person with a Yahoo email address was “evidently placed under surveillance” — regardless of citizenship status. The act seemingly contradicts Yahoo’s transparency report, which claimed that fewer than 20,000 accounts were tapped at the request of government agencies. Yahoo’s General Counsel Ron Bell claims, “We fight any requests that we deem unclear, improper, overbroad, or unlawful.”
Andrew Crocker, an attorney with the Electronic Frontier Foundation, told The Intercept’s Sam Biddle that the directive must have invoked Section 702 of the Foreign Intelligence Surveillance Act, which legalizes the bulk collection of communications for the purpose of targeting a foreign individual. As Edward Snowden’s whistleblowing made clear, it’s not unheard of for U.S. internet and phone companies to cooperate with intelligence agencies and hand over bulks of customer data following the 2008 amendment to the Foreign Intelligence Surveillance Act. What sets the present circumstance apart is the scale.
Former government officials and private surveillance experts said that this is the first case to surface demanding such a broad degree of real-time web collection, as opposed to examining email stored on the company’s servers. This is also the first known instance in which a new tool was commissioned for the task.
As targets are not barred from registering multiple email accounts, it’s reasonable to assume that the other major tech companies were also approached with similar demands if the NSA or FBI sought to maximization its data accumulation. When asked about if the agencies were asked to conduct email searches, both Microsoft and Google responded by stating that no such request was made, and if it were, the two companies would not simply comply without legal battle.
“We've never received such a request, but if we did, our response would be simple: 'No way,'” a spokesman for Google said in a statement to Reuters.” A Microsoft spokesperson said, “We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo.”
Some FISA experts argue that Yahoo could have made an effort to fight last year’s request on two grounds: the scale of the direct, and the inability to do so [without developing special software]. While others defended Yahoo’s decision to comply, suggesting that it was within the surveillance court’s power to order the mass collection of a specific term instead of a specific account since “upstream” bulk data is legal with phone carriers.
Encryption is one way that tech companies can close off access to intelligence agencies, but with that comes the responsibility of doing some of the work done by the latter or choosing a strict adherence to privacy above all else.
Nine years earlier, Yahoo fought a similar FISA demand to conduct searches on specific email accounts without a court-approved warrant. This time around, Yahoo executives decided to comply.
Advertisement
Learn more about Electronic Products Magazine
