Yahoo Secretly Scanned Customer Emails For US Intelligence (reuters.com) 194
An anonymous reader shares with us an exclusive report from Reuters: Yahoo Inc last year secretly built a custom software program to search all of its customers' incoming emails for specific information provided by U.S. intelligence officials, according to people familiar with the matter. The company complied with a classified U.S. government directive, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said two former employees and a third person apprised of the events. Some surveillance experts said this represents the first case to surface of a U.S. Internet company agreeing to a spy agency's demand by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real time. It is not known what information intelligence officials were looking for, only that they wanted Yahoo to search for a set of characters. That could mean a phrase in an email or an attachment, said the sources, who did not want to be identified. Reuters was unable to determine what data Yahoo may have handed over, if any, and if intelligence officials had approached other email providers besides Yahoo with this kind of request. The two former employees say that the decision Yahoo CEO Marissa Mayer made to obey the directive resulted in the June 2015 departure of CISO Alex Stamos, who left to work for Facebook. The company said in response to Reuters questions about the demand, "Yahoo is a law abiding company, and complies with the laws of the United States."
and this is news because? (Score:2, Insightful)
...was there anybody left who didn't know that?
Re: and this is news because? (Score:2, Insightful)
Ahhhhh the old "this isn't news cos it's the ravings of paranoid conspiracy nuts" to "this isn't news cos everyone knows about it" gambit.
Re:and this is news because? (Score:5, Insightful)
The scale is what wasn't know. this is every email going through there servers. Which is unconstitutional. Oh, and their poor implementation led to back door access as well.
Other questions still to be answered: Did google & microsoft do the same thing? So far, they've said 'no comment'. Which isn't good.
Re:and this is news because? (Score:5, Insightful)
Also remember, this happened in the timeframe (mid 2015) that Apple was actively fighting the FBI to not build a software hack into iOS. So it can be fought. And won.
Re: (Score:2)
Also remember, this happened in the timeframe (mid 2015) that Apple was actively fighting the FBI to not build a software hack into iOS.
No, the Apple case started in February 2016.
Re: (Score:2)
If they were fighting over the second amendment instead of the fourth amendment, would you feel different? Would the average person feel differently?
Re: (Score:3)
The scale is what wasn't know. this is every email going through there servers. Which is unconstitutional. Oh, and their poor implementation led to back door access as well.
Other questions still to be answered: Did google & microsoft do the same thing? So far, they've said 'no comment'. Which isn't good.
Why is that even a question. Of course the NSA have everything that they want to look at from any cloud provider. As long as they can legally use gag orders, there is no privacy. Period.
Re: (Score:2)
Other questions still to be answered: Did google & microsoft do the same thing? So far, they've said 'no comment'. Which isn't good.
According to an article at Ars Technica, they have both denied it:
A spokeswoman for Microsoft, Kim Kurseman, e-mailed Ars this statement, and also declined further questions: “We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo.”
For its part, Google was the most unequivocal. Spokesman Aaron Stein e-mailed: "We've never received such a request, but if we did, our response would be simple: 'no way.'"
Re: (Score:3)
How many knew it for a fact?
Very few is my guess.
How many know that they were running a search on all incoming mail?
Not me.
Re: (Score:2)
Users would have expected domestic access to be court approved per account.
In the past a lot of sock puppets would have attempted to distant efforts like this with suggestions of collection been too large, political protections, legal protections, lawyers, material found been of no use in a court, strong protections and respect for US data and accounts.
Now all that is out in the
Re: (Score:2)
"...was there anybody left who didn't know that?"
Yes, all the YAHOO users obviously.
Re: (Score:2, Interesting)
People actually working in the field, who understood how the tech actually works (clear text), and understand how people actually work (will steal and sell information to the highest bidder), KNEW there was no way this wasn't happening.
Re:and this is news because? (Score:5, Insightful)
Everyone ignores the fact that the FBI has been doing this for the last 20 years, but makes a big commotion about the NSA doing it. Yawn.
Obama (Score:5, Insightful)
Obama had the most transparent administration in history. If you don't agree, you will be subject to double enhanced surveillance.
Re: (Score:3)
While I agree in principle, it's not like Obama _wanted_ to have the most transparent administration in history... but alas, some of us have greatness thrust upon us.
Re:Obama (Score:4, Insightful)
That's true. No administration before lied so transparently.
Re:Obama (Score:5, Insightful)
The transparency is supposed to be on the government side, not the citizen side.
Re: (Score:2)
Ah yes, the NSA... (Score:5, Funny)
...the only department of the US Government that actually listens to you.
Oh, wait...
Old joke from an old movie (Score:3)
Cop:
And why are you receiving phone calls from J. Edgar Hoover?
Wadsworth:
J. Edgar Hoover?
Cop:
That's right. The head of the Federal Bureau of Investigation.
Colonel Mustard:
Why is J. Edgar Hoover on your phone?
Wadsworth:
I don't know. He's on everyone else's, why shouldn't he be on mine?
Re: (Score:2)
.the only department of the US Government that actually listens to you.
But only if you use the trigger words.
Like "hello" and "goodbye"?
Unfortunately.... (Score:5, Funny)
THEY DIDN'T FIND ANY!
"....Nobody here but yahoo customers...."
Re: (Score:2)
Re: (Score:2)
Yes.
Leaving Yahoo! (Score:5, Interesting)
I have a Yahoo! mail account, which was my main contact account for things like my bank, credit cards and so on. After 2 cases of password breaks, I've now migrated away from that and sent them all to gmail, which I was using for something else.
Looks like once the remaining people on it leave, there won't be even a subscriber base to make Yahoo! even worth acquiring.
Re: (Score:2)
I regret to inform you that the entire internet is infected with code that is always exploited, all of the time, everywhere.
Its the one thing we ALL share in common on the net: DELUSIONS OF PRIVACY, SAFETY AND CONTROL.
Now take the blue pill.
Re: (Score:2)
Re: (Score:2)
What is the blue pill?
Its not the red one...
Re: (Score:2)
I've now migrated away from that and sent them all to gmail, which I was using for something else.
It's cool, just say "porn".
Re: (Score:2)
Re: (Score:2)
Run your own mail-server though
Do you have any idea what it takes to get your mail delivered these days and maintain IP reputation? You have to intentionally violate RFCs, and if your static IP is provided by your phone/cable company you get blacklisted anyway.
Re: (Score:2)
Re: (Score:2)
That's not the only RFC violation - in order to prevent backscatter spam, you have to not send most types of NDRs.
Re: (Score:2)
More than a decade here, and the only issue in all that time was one listing on the Spamhaus PDL (I still have no idea how it got listed) and was taken care of in five minutes. But, it runs on a machine in a real data center with clean IP addresses (IPv4 and IPv6), a proper RDNS entry, secondary/tertiary DNS, SPF/DKIM entries, etc.
Re: (Score:2)
Some will block or greylist IP addresses in certain ranges if they match common ISPs even if the reverse DNS is set correctly. Maybe you just have a small ISP.
Damn Bush and his Rethuglicans (Score:2, Funny)
I can't wait for the Democrats to take over and end this nonsense just like they promised.
Re: (Score:2)
I can't wait for the Democrats to take over and end this nonsense just like they promised.
We'll NEVER end NONSENSE!!!
What, are you nuts?
We might be crazy, but we're not suicidal...yet.
..and the rest (Score:5, Insightful)
I'll bet a whole dollar that Microsoft, Google and Apple have been secretly doing this for ages too.
Re: (Score:2)
Re: (Score:3)
You have a dollar? Can I see what it looks like?
Re: (Score:2)
They're too busy fighting microaggressions to care about the big ones.
Re: (Score:2)
Have they secretly released your password to hackers too?
Re: (Score:3)
https://www.youtube.com/watch?... [youtube.com] Again, see how Microsoft is at the bottom left of this chart, meaning they were in "bed" the longest. And notice how MS got more and more aggressive since the WGA was introduced, and people didn't understand what it truly represented and didn't raise any objections. That
Re: (Score:2)
Thanks this is really informative. If I had mod points you'd have gotten them.
Re: (Score:2)
Make no mistake they all did fight to protect the privacy of users, which they consider they owned and thus the fight was not to keep that privacy, just not to give it away for free. The fight was for how much they could charge for selling your privacy, just like the sell it to everyone else, they own it, your privacy is their property and they demand that if government wants it, they will have to pay for it, just like everyone else. Now, that's the reality.
Re: (Score:2)
just one word:
calea
'nuff said?
So Marissa ignored everyone but the NSA (Score:5, Insightful)
Re: (Score:2)
I wonder if, retrospectively, people will consider her the worst CEO ever, taking the crown from Ballmer?
She has merely fiddled while Rome burns. Upsetting the employees, making small acquisitions that did not add anything of value to the company's portfolio, took no bold moves, nothing.
As I have said before, the board could have put a monkey in her office and been hundreds of millions of dollars better off at this point.
But, she is set for life, financially.
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
She has a hell of a long way to go before she catches up to Carly.
Carly wrecked TWO companies.
Obviously unconstituional request (Score:2)
That is a request that is so obviously unconstitutional.
But, perhaps, we should consider why Yahoo acquiesced. Perhaps when the NSA was wiretapping those connections between datacenters, they discovered something that could be used to blackmail Yahoo, or its CEO,
Re: (Score:2)
Re: (Score:2)
No. It might be unconstitutional if it were a demand or order, but a request, with no pressure on Yahoo to submit to it?
You ever deal with law enforcement, like, ever? Its all pressure, all the time. You don't think there was some coercion involved? Some quid pro quo? Some something as carrot or stick, or both? A little of the old good cop/bad cop?
You think they just sent a letter to the CEO of Yahoo, said pretty please, and ended the email with "if you wouldn't mind too much violating the trust of your entire customer base?"
There was coercion. There were heavy-handed tactics. There was quid pro quo. There were conve
NSA tried to get some intelligence (Score:2)
I can understand that. Who needs is more than them.
And Another Irony Flag... (Score:3)
AT&T had cut a plum deal with Yahoo to provide e-mail services for the telecom giant way back in the early 2000's, which is still in effect to this day.
Chew that over and get back with me.
Alternatives to Yahoo (Score:2)
https://www.vmail.me/en/ [vmail.me]
https://countermail.com/ [countermail.com]
http://www.neomailbox.com/ [neomailbox.com]
http://www.e-mail-made-in-germ... [e-mail-mad...germany.de]
/
http://techpp.com/2013/08/28/n... [techpp.com]
(not encrypted but smaller country + company appeals to me
http://techpp.com/2013/08/28/n... [techpp.com]
we n
My Own Email Server (Score:2)
Re: (Score:2)
Customers? (Score:2)
Usually, by "customer" we mean the people who pay for something.
AFAIK the Yahoo e-mail service is free, so its users aren't customers.
Yahoo customers are advertisers, or people who make transactions on its e-commerce platform. And Yahoo don't control their e-mails unless they are also using Yahoo mail. So Yahoo cannot really monitor their incoming messages.
Comment removed (Score:3)
Re: (Score:2)
Also do any modern browsers support the gopher protocol anymore?
Yes those are somewhat serious questions as it has been ages since I accessed a gopher server, probably since the mid to late 90s and the last time I did was probably when I was at the University of Minnesota.
What was the result? (Score:2)
Did they find any?
This is the last straw! (Score:2)
From now on, sensitive writings from me will be on paper and encoded with Enigma with a codebook unique to me and the recipient.
I bet they forgot how to work Enigma out, since it seems they've spent the last 20 years slurping our email.
I'm only half joking.
Other Major Email Providers (Score:2)
Oh really? (Score:2)
Th
Not in real time (Score:2)
Re:GOV'T NEEDS MORE MONEY!!! Pay your fair share! (Score:4, Informative)
Re:GOV'T NEEDS MORE MONEY!!! Pay your fair share! (Score:5, Insightful)
That's correct. When the baby boomers are retired, retirees outnumbers workers, and two-thirds of the federal budget goes to Social Security and Medicare in 2030, taxes will have to go way up to pay for everything else.
We could always set up public health care like any other reasonable country and take the health care corporations' extortion out of the equation. Nah.
Re:GOV'T NEEDS MORE MONEY!!! Pay your fair share! (Score:4, Insightful)
Because everyone wants the government to swallow 1/8th of the economy, and then make all of our healthcare become just as efficient and safe as the VA Medical system!
You're comparing apples and oranges. Extending Medicare for everyone is the public option. The problem with the VA system is that the country went to war without allocating resources for all the damaged bodies that got chewed up and spit out on the battlefield.
Re: (Score:2, Insightful)
why is it everytime the president doesnt get what he wants, the people in the most need suffer. (with government shutdowns)
I dont want them in charge of whether or not i can go see a doctor
Re: (Score:2)
Why would anyone (besides the doctor) be in charge of whether you can see a doctor? Or can Americans force doctors to see them?
Re: (Score:2)
Why would anyone (besides the doctor) be in charge of whether you can see a doctor?
I had a health insurance provider that told me that a local clinic was in network — except none of the doctors at the clinic were in network. Every time I went to the clinic, I got a big bill because the insurance provider determined that I went outside the network. That kind of nonsense was routine before Obamacare.
Re: (Score:3)
Extending Medicare for everyone is the public option.
...because that would never be abused... just like college tuition never shot into the stratosphere after Uncle Sugar began guaranteeing student loans to world+dog... right? Oh, wait... it did. (yes, I know facilities currently refuse Medicare, but only because there's less paperwork and hassle per dollar to be gained by dealing only with private insurers.)
Incidentally, if you actually know someone on Medicare (not Medicaid mind, but Medicare), you'd know that it doesn't cover a whole lot, necessitating a l
Re:GOV'T NEEDS MORE MONEY!!! Pay your fair share! (Score:5, Informative)
As far as free market medical care goes, if one has money to pay out of pocket for a medical procedure they can always get it. In countries with single payer medical care systems there are always private alternatives if one can afford to pay. While I am not a fan of Obamacare I don't see why people feel justified in complaining about it when healthcare prices are dictated by the free market they want to revert back to. Healthcare prices have always been skyrocketing even before Obamacare, the baby boomers just didn't notice it because they didn't need those services until today.
Regardless of a single payer or free market health care system in America the state and federal healthcare regulators need to require healthcare providers to publicly publish current health service prices and outcomes. Why is it when I visit a healthcare facility I always have to sign a waiver saying I am liable for paying for any service the provider deems necessary at whatever price the provider dictates? That is like going into a retail store and the sales associate fills your shopping cart up with whatever unpriced merchandise they think you want and then mail you a bill a few weeks later. It is absurd. I think price and outcome transparency would go a long way to drive down prices.
Also getting rid of for-profit health insurance companies would be a tremendous consumer savings. I have been covered by all the name brand health insurance companies over the years and they provide nothing of value beyond central planing/price fixing with providers. They provide no guidance on cost savings, don't want offend a provider, and I get dozens of bills from all the providers sent directly to me to figure out what was done and if it was necessary. They skim their profits off the top and then make up for it by denying claims or raising prices. The more money that goes directly to the providers the better.
Re: (Score:2)
Let me pile on here. My company (a Fortune 500 member) used to offer up to a half dozen different healthcare plans through several providers. As of this year, we were down to one with two plans, one a "Cadillac". For next year, we no longer have any options...just a single plan (not the Cadillac), and my doctor won't accept that one. Oh, and prices have continued to rise much faster than inflation every single year. So, tell me again why I should be happy with the ACA? We wanted to insure all of the u
Re: (Score:2, Troll)
My company (a Fortune 500 member) used to offer up to a half dozen different healthcare plans through several providers. As of this year, we were down to one with two plans, one a "Cadillac". For next year, we no longer have any options...just a single plan (not the Cadillac), and my doctor won't accept that one.
Strange. The small company I worked for used to have a single health plan that would cost me $500 per month. Now we have a half-dozen health plans and I'm paying $150 per month for better coverage. I think your Fortune 500 company is screwing you over to make a political statement about ObamaCare.
Re: (Score:2)
Diminishing health care plans and rapidly rising health care costs have been with us for years, ACA or no ACA. It sounds to me like your employer was cutting benefits costs, and may have been using the ACA as an excuse. Never trust a Fortune 500 company to be honest about why it's doing things.
Which prices have been going up far faster than inflation? What you pay for your plan? That could be skyrocketing while health care costs went up moderately if that's just what the plan costs minus what your em
Re: (Score:2)
Lucky you. My plan (through United Healthcare), covering the family, is very close to $5k/year, along with co-pays and deductibles that have jumped every year. I think the Cadillac plans are being eliminated due to the changes going into affect over the next couple years. Here's an article on that.
http://kff.org/health-costs/is... [kff.org]
Re: (Score:2)
Why do you despise America?
Literally every other developed nation has universal health care. There's differences in how they do this, but they do, and they pay much less money (last I looked, German care was the most expensive, at about two-thirds of what US health care costs per capita), and often get significantly better results. Why do you reject the idea that the US can do something as well as other governments?
Re: (Score:2)
The ACA in its current form is a failed attempt to fix existing problems - it wasn't the cause of these existing problems.
It "fixed" problems by creating new, or worsening existing problems. There's no competition for providers, no more Cadillac plans (just lost mine), and skyrocketing costs. This can't continue because it's unsustainable.
Re: (Score:2)
No competition for insurance providers? In Minnesota, there's several companies offering policies through MNSure. I don't know why it's not working for you; did your state set up an exchange? I've got a very good plan myself, with no particular effort on my part. Health care costs were skyrocketing before. From where I sit, the ACA has been a considerable improvement, and lots more people have some sort of access to health care.
Re: (Score:2)
Re: (Score:2)
What a load of crap. VA medical has been in the shitter for decades, and the government has done next to nothing to fix it.
And yes, I'm a vet.
Re: (Score:2)
Even better is that it would stop Americans from coming up here, pretending to be Canadian to get medical coverage (as simple as using someones CARE card in BC and without one you pay the same as the government) so we could actually afford to treat taxpayers.
Re: (Score:2)
Yeah, because the Canadian system is so wonderful.
My deceased aunt, an Ontario resident, got her free healthcare, but had to wait, and wait for services she needed for a brain tumor. You know, those services saved her money that she can't spend anymore. She could have gotten it addressed quickly here in the U.S., though at a price.
Re: (Score:3)
Re: (Score:3)
That's one possible outcome, to be sure - won't work, of course, since we've never managed to collect more that 20% of GDP as federal taxes for very long. Far more likely IMO is that we'll just print the money to pay the seniors, while continuing to lie about inflation where it maters for inflation-adjusted payouts. Naturally, a future where we spend less isn't to be taken seriously - those barrels will be full of pork come what may!
Re:GOV'T NEEDS MORE MONEY!!! Pay your fair share! (Score:5, Informative)
trivial to fund those, right now only the first $118,500 of income is taxable for Social Security. Raise that limit and the problem goes away, and it only affects the upper middle class and upper class.
Problem solved. There is no real problem.
Re: (Score:2)
......remember Shi Tao?
Is that the pig guts in curry sauce, or the duck's feet with gravy?
.
Re:laws huh? (Score:5, Insightful)
If they were a law-abiding company, they would DENY requests for warrantless wiretaps.
Indeed. Because, if the law or regulation under which they are demanded is unconstitutional, it was unconstitutional from the moment it was passed. It "never existed":
If the law is unconstitutional, not only does Yahoo not have any legal requirement to grant the access, but the non-existent legal framework doesn't protect them from any action against them by people who were harmed, or against prosecution for the violation of any laws they broke in the process of "obeying" the non-law.
Re: (Score:2)
But the law isn't "unconstitutional", right up until the day the Supreme Court says it is. Until that day, it's a fully fledged law with all the force of every other law.
No. That's the whole POINT of the supreme court judgement I referenced.
The law is void from the day it was passed.
You don't have the court's DECLARATION that is was always void until the court gets around to it (if it ever does - like when you successfully fight it "all the way up to the Supreme Court" AND win there). But it's void, alway
Re: (Score:2, Flamebait)
You mean the Trump that asked, in his first national security briefing, three times why we couldn't use the nuclear bomb?
Re: (Score:2)
Were you at the meeting, or do you have actual evidence of his national security briefing? Prove to us you are telling the truth, but that would make you a whistleblower or a terrorist sympathizer.
Re: (Score:2)
See my other reply. Many sources reported it happening.
Google "trump security briefing nuclear" for yourself.
Re:And you know that how? Who broke security? (Score:5, Informative)
No joke. Choose your source. It happened.
http://thehill.com/blogs/ballo... [thehill.com]
http://www.nytimes.com/2016/08... [nytimes.com]
or google "trump security briefing nuclear"
Re: (Score:2)
No joke. Choose your source. It happened.
Your first reference quotes Joe Scarborough making the claim, without substantiation, in the course of interviewing former CIA Director Michael Hayden (who is NOT the source). That takes the libel (and maybe the felony) out of your mouth and puts both into his.
The second, and as many of its links as I've followed (I don't promise to have followed them ALL, but I tried to follow each that seemed appropriate), doesn't mention the "asked three times in his first securi
Re: (Score:2)
I don't know if you're attempting humor here, but that is something particularly sought after. Email which doesn't get sent from an inbox that is connected to by remotely varied IP's is something they are aware of.
Re:Use drafts. (Score:4, Informative)
The "login records" get tracked
"Surveillance and Security Lessons From the Petraeus Scandal" (Nov 13, 2012)
https://www.aclu.org/blog/surv... [aclu.org]
Re: (Score:2)
Nope. But that was to be expected. I mean, seriously, they were looking for intelligence in people using Yahoo mail.