Yahoo’s CISO resigned in 2015 over secret e-mail search tool ordered by feds

According to a new report by Reuters citing anonymous former employees, in 2015, Yahoo covertly built a secret “custom software program to search all of its customers' incoming emails for specific information.”

Reuters noted that Yahoo “complied with a classified US government directive, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said two former employees and a third person apprised of the events.” It is not clear what data, if any, was handed over.

Presuming that the report is correct, it would represent essentially the digital equivalent of a general warrant—which is forbidden by the Fourth Amendment, as Electronic Frontier Foundation lawyer Andrew Crocker noted on Twitter.

This seems to be the first known case of an American Internet company acting on behalf of the government to search messages in near real time—previous operations captured stored data or intercepted only a handful of target accounts.

Link

No end to the invasions, probably in the name of fighting terrorism. No wonder that the government fights encryption. The internet has made it so easy to monitor so much.

Too bad Yahoo didn't just disappear.

Gmail is most likely under the same scutiny.

a reply to: roadgravel

This is frightening. With this power in the hands of the government, it will eventually be abused to silence dissent.

Snowden tweeted earlier today:

Use @Yahoo? They secretly scanned everything you ever wrote, far beyond what law requires. Close your account today.

a reply to: roadgravel

we are on a dangerous path.

Wonder what George Orwell and Aldous Huxley would think of the current situation

a reply to: FamCore

I doubt they would be surprised. Told ya so, comes to mind.

Looks as though we are arriving at the time that the Constitutions is the Constitution on paper only. And so many back it's erosion directly or in a roundabout way.

First to do it, or first to get caught?

Would be silly to think Google, Microsoft or apple or any other tech giants are on some moral high ground .. The fbi iPhone hack thing comes to mind... "See look we are looking out for you!"

Please.

I am horrified by this, but I am not at all surprised. From the moment George W. Bush created the Department of Homeland Security and the Patriot Act was passed into law it was clear that the Nazis had taken full control of the USA's intelligence operations and the central organs of government. Even the once proud FBI found itself subsumed under the CIA and all of the CIA's Project Paperclip grandchildren and step-children.

a reply to: roadgravel
It would be fascinating to learn what (if anything) the "spies" were able to glean from their complete surveillance of yahoo account holder's emails. I also wonder if the recent compromise (by hackers?) had anything to do with any of this.

What happened to the data collected? Did they discard anything that wasn't pertinent to their "investigation" or did they archive it for future "investigations"? We will probably never know, and those that do will probably never tell.

a reply to: SteamyJeans

I bet they all do some in one form or another. With the secrecy required to be kept under law in certain circumstance, it could be very wide spread.

A national security letter (NSL) is an administrative subpoena issued by the United States federal government to gather information for national security purposes. NSLs do not require prior approval from a judge.

The Stored Communications Act, Fair Credit Reporting Act, and Right to Financial Privacy Act authorize the United States federal government to seek such information that is "relevant" to authorized national security investigations. By law, NSLs can request only non-content information, for example, transactional records and phone numbers dialed, but never the content of telephone calls or e-mails.

NSLs typically contain a nondisclosure requirement, frequently called a "gag order", preventing the recipient of an NSL from disclosing that the FBI had requested the information.

Link

Trust this to be done right?

In the 80s we became aware that our phone calls were monitored for any key words like kilo, pound, coc aine, the like.

The war on drugs you know?

Randomly caught trigger words would prompt a computer to begin recording whatever conversation in the hopes more were detected. if more appeared in the short segment, the recording might be kicked out for actual analysis. If warranted, a tap could be placed on the phone to listen for more 'talk' of a drug nature, which would also be analyzed by computers in human form. If hard surveillance become necessary , then actual surveillance might be started on a location; parking on the street, watching the house, and if drug dealing activity was detected, then even more surveillance could be ordered of a 24 7 nature.

They might even try to bust someone and get them to wear a wire, make a buy, then initiate a full blown surveillance, determine the best time to raid, get a warrant, call swat, raid, search, confiscate and arrest people.

This whole process took weeks, months, could result in nothing or a bit of dope and some junkies.

What a waste.

This was thirty plus years ago. They still do it the same way. Whatever they think warrants further investigation results in a ramping up process of closer and closer scrutiny followed by increasing levels of surveillance and final authorization to make a raid.

All that is expensive, they have limited resources, have to justify each increasing level and get authorization before spending all that time and effort. They need to have something to go on at each stage in the process to move to the next stage.

This is the United States we're talking about. I thought it was just generally assumed that the government had free access to all our communications.

originally posted by: roadgravel
a reply to: SteamyJeans

I bet they all do some in one form or another. With the secrecy required to be kept under law in certain circumstance, it could be very wide spread.

I would be totally surprised if Yahoo was alone in this.

I am willing to bet that every social media site, browser, phone/cell phone company, and every email site, is under full government surveillance at anytime they choose.

We are being watched at every street corner and now folks are even bringing more sophisticate surveillance devices into their homes with the Echo and Google Home.

Imho it's best case to just assume that even if you are not "under surveillance " you can easily be back tracked... It's all stored somewhere.

Anything and everything you have said around anything with a Microphone can or will one day be Recorded and just waiting. To be used against you, should the need arise.

But hey, I'm just paranoid.
a reply to: NightSkyeB4Dawn

originally posted by: BiffWellington
This is the United States we're talking about. I thought it was just generally assumed that the government had free access to all our communications.

We get these glimpses of questionable activity from time to time. How much that we are never aware of happens. Odds are it is sizable.

In a phone interview, Rep. Ted Lieu, a Democrat who represents a portion of Los Angeles County, told Ars that this type of forced government request was "flat out unconstitutional."

"The continuing revelation of our law enforcement and these agencies violating the Constitution shows that there is a break down in oversight," he continued. "The [Foreign Intelligence Surveillance Court] has shown repeatedly that they do not have the ability to protect the Constitution or the rights of Americans, we need another system—thank God we have freedom of the press."

Congressman admits it's wrong but since laws are being broken, changes will probably be ignored also.

Updated

A spokeswoman for Microsoft, Kim Kurseman, e-mailed Ars this statement, and also declined further questions: “We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo.”

For its part, Google was the most unequivocal. Spokesman Aaron Stein e-mailed: "We've never received such a request, but if we did, our response would be simple: 'no way.'"

Same Link

Can we believe them? Seems like Prism says no.

originally posted by: SteamyJeans
Imho it's best case to just assume that even if you are not "under surveillance " you can easily be back tracked... It's all stored somewhere.

Anything and everything you have said around anything with a Microphone can or will one day be Recorded and just waiting. To be used against you, should the need arise.

But hey, I'm just paranoid.
a reply to: NightSkyeB4Dawn

Pretty much, to be used at a later date if needed. What's that quote" Whatever you put in writing can be used against you." Now it's subject to being not limited to just text send over the net.

originally posted by: seattlerat
a reply to: roadgravel
It would be fascinating to learn what (if anything) the "spies" were able to glean from their complete surveillance of yahoo account holder's emails. I also wonder if the recent compromise (by hackers?) had anything to do with any of this.

What happened to the data collected? Did they discard anything that wasn't pertinent to their "investigation" or did they archive it for future "investigations"? We will probably never know, and those that do will probably never tell.

It's archived, probably at the Utah data center, that place has an unbelievable storage capacity.

Anyways just remember, the best security is to not have a record of anything you want kept secure. Your data wouldn't have existed to have been stolen if Yahoo wasn't hanging onto it in the first place.

Large databases only do one thing, which is make juicy targets for hackers.