Yahoo Inc last year secretly built a custom software program to search all of its customers’ incoming emails for specific information provided by U.S. intelligence officials, according to people familiar with the matter.
The company complied with a classified U.S. government directive, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said two former employees and a third person apprised of the events.
Some surveillance experts said this represents the first case to surface of a U.S. Internet company agreeing to a spy agency’s demand by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real time.
According to the two former employees, Yahoo Chief Executive Marissa Mayer’s decision to obey the directive roiled some senior executives and led to the June 2015 departure of Chief Information Security Officer Alex Stamos, who now holds the top security job at Facebook. This suggests that the previous news of a massive hack at Yahoo previously blamed on Russians may have been all the doing of Marissa Meyer herself, under pressure by the NSA.
Mayer and other executives ultimately decided to comply with the directive last year rather than fight it, in part because they thought they would lose, said the people familiar with the matter.
Yahoo in 2007 had fought a FISA demand that it conduct searches on specific email accounts without a court-approved warrant. Details of the case remain sealed, but a partially redacted published opinion showed Yahoo’s challenge was unsuccessful.
Some Yahoo employees were upset about the decision not to contest the more recent directive and thought the company could have prevailed, the sources said.
They were also upset that Mayer and Yahoo General Counsel Ron Bell did not involve the company’s security team in the process, instead asking Yahoo’s email engineers to write a program to siphon off messages containing the character string the spies sought and store them for remote retrieval, according to the sources.
The sources said the program was discovered by Yahoo’s security team in May 2015, within weeks of its installation. The security team initially thought hackers had broken in.
When Stamos found out that Mayer had authorized the program, he resigned as chief information security officer and told his subordinates that he had been left out of a decision that hurt users’ security, the sources said. Due to a programming flaw, he told them hackers could have accessed the stored emails.
U.S. phone and Internet companies are known to have handed over bulk customer data to intelligence agencies. But some former government officials and private surveillance experts said they had not previously seen either such a broad directive for real-time Web collection or one that required the creation of a new computer program.
“I’ve never seen that, a wiretap in real time on a ‘selector,’” said Albert Gidari, a lawyer who represented phone and Internet companies on surveillance issues for 20 years before moving to Stanford University this year. A selector refers to a type of search term used to zero in on specific information.
“It would be really difficult for a provider to do that,” he added.
But don’t think for a minute it was only Yahoo: as Reuters adds, “it was likely that the NSA or FBI had approached other Internet companies with the same demand, since they evidently did not know what email accounts were being used by the target. The NSA usually makes requests for domestic surveillance through the FBI, so it is hard to know which agency is seeking the information.”
Alphabet Inc’s Google and Microsoft Corp, two major U.S. email service providers, did not respond to requests for comment.
Which probably means we can expect more dramatic revelations at that “other” free email company.
“Yahoo is a law abiding company, and complies with the laws of the United States,” the company said in a brief statement in response to Reuters questions about the demand. Yahoo declined any further comment.
So – to clarify – after “Russian” hackers hacked 500 million Yahoo accounts, Yahoo itself hacked ALL user accounts.
Paging Verizon? Is this material enough to break the deal?
[Zurich Times] This latest revelation from another top IT services company in the United States Corporation is that if you do not cooperate with the NSA your job will be gone, your company will be sanctioned, and your life will also be in danger. Ms. Mayer was given a choice and it was an odious decision that she made and it will be remembered in history as such.
Another confirmation of the power of the NSA now is the way the WikiLeaks 10th Anniversary turned out to be a total farce and fiasco. Looks and sounds like another back room deal was made and he has either been offered some type of immunity deal or a deal to walk free from the Embassy Prison he has been living in for the past few years.
Lessons learnt here is that your data is by any means “private” or “secure”, because the NSA and its spying software has been data-mining it for literally years so use caution and discernment in what your write and what your say and what you put on your mobile phones and in in your emails because someone else is reading them for sure. See the above photo for the start dates for these programs.
Your innocence is something “they” will determine not your. You are guilty until proven harmless in the Amerika of 2016.
The words and concepts of “Integrity” and the “Truth” still Matter to some and the fight for “Freedom” continues. The failed and flawed decisions of Ms. Mayer and Mr. Assange should be lessons and warnings for all.