[Cryptography] Reuters: Yahoo secretly scanned customer emails for U.S. intelligence - sources
Perry E. Metzger
perry at piermont.com
Tue Oct 4 16:16:18 EDT 2016
Reuters: Yahoo secretly scanned customer emails for U.S. intelligence
http://www.reuters.com/article/us-yahoo-nsa-exclusive-idUSKCN1241YT
Just so everyone understands: This article tells us Yahoo didn't
merely cooperate with intelligence officials asking for selected
customer emails, but rather voluntarily built a platform to
systematically scan *all* customer email for things intelligence
officials might want to read and turning it over to them. The CISO
apparently resigned when he discovered this had been implemented
without the knowledge of the security team.
Shame on Yahoo for agreeing to do such a thing.
The shame is not only on Yahoo, however. The shame is also on the
government for demanding the ability in the first place.
Also note:
Yahoo's GC claims on their site that they fight such requests. That
claim appears to be false — he personally approved this one.
Choice quotes extracted from:
https://transparency.yahoo.com/government-data-requests
"We carefully scrutinize each request to make sure that it complies
with the law, and we push back on those requests that don’t satisfy
our rigorous standards. When we are compelled to disclose data,
consistent with our Global Principles for Responding to Government
Requests, we disclose only as much data as is necessary to comply with
the request."
"We fight any requests that we deem unclear, improper, overbroad, or
unlawful." — Ron Bell, Yahoo General Counsel, who apparently signed
off on this.
--
Perry E. Metzger perry at piermont.com
More information about the cryptography
mailing list