Yahoo built custom software for the US government to help its spy agencies look for specific information in any of its users’ emails, according to a new report.
Reuters claims Yahoo built the program last year at the behest of the National Security Agency (NSA) and Federal Bureau of Investigations (FBI). The publication learned about the company’s alleged actions through interviews with two anonymous former Yahoo employees and another anonymous source familiar with the matter.
While technically legal according to the Foreign Intelligence Surveillance Act (FISA), Yahoo’s move to allow real-time mass surveillance of its users is unprecedented. It’s also unknown what exactly the NSA and FBI were looking for.
The revelation is shocking as no major technology company has allowed such broad access to its users information before, setting a dangerous precedent. Traditionally, the US government has approached companies for specific user data on a case-by-case basis.
We asked Yahoo about the allegations, and received this response from a company spokesperson: “Yahoo is a law abiding company, and complies with the laws of the United States.”
Fighting for user privacy
Today’s report reignites the conversation about whether technology companies should build a backdoor into its security systems for government use.
Last year, Apple fought against the FBI when it refused to create a special program for the agency to break into a terrorist’s iPhone. Apple argued that a backdoor for the government would invite attacks from criminals and foreign governments. The FBI dropped its case against Apple after a third-party helped unlock the phone.
In April of this year, Facebook reported a 13% increase in government requests from the first half of the year for user information. Other tech companies like Google and Microsoft have also historically fought to reveal to the public how many government data requests they receive.
Yahoo has resisted bulk government surveillance in the past. Back in 2014, Yahoo refused to hand over user data to the NSA. In retaliation, the US government threatened to fine Yahoo $250,000 per day until it handed over the data.
It’s unclear why Yahoo decided to allow such unprecedented access to the US government after previously fighting for user privacy. FISA experts speaking with Reuters said Yahoo could have contested the request on the grounds of being too broad and the burden of having to create a tool, similar to Apple’s argument against the FBI.
The anonymous sources allege that the final decision to make the tool was made by Yahoo CEO Marissa Mayer. The decision is supposedly the reason Yahoo’s Chief Security Officer at the time, Alex Stamos, left the company for Facebook in 2015.
It’s also unclear whether or not the state-sponsored hack of Yahoo, where 500 million customer accounts were compromised, was due in part to the tool given to the US government.
Article continues below