Yahoo just had its version of the so-called October surprise after a news report dropped a bombshell that could possibly leave the tech company's reputation in tatters.
Emerging information revealed that Yahoo built and used a software to help the U.S. government search the emails of all of its customers from January to June last year. Sources privy to this incident identified Marissa Mayer, Yahoo's CEO, and Ron Bell, the company's general counsel, as directly responsible for the move. This purportedly caused the resignation of Alex Stamos, Yahoo's chief information security officer, in June 2015.
Reuters, which first broke the report, said that it appeared Yahoo caved in to an intelligence agency's demand, which effectively made it the first case of U.S. tech company to have aided a governmental surveillance program. Certainly, there are others who could have done the same, but Yahoo was the very first to be exposed. A New York Times report underscored this when it revealed the NSA has a program that scans messages to and from the United States possibly since 2008.
The four Reuters sources, who all have worked at the tech company, said in the report that the intelligence agency scanned incoming emails. Experts believe this is unprecedented since intelligence officials typically want to search stored emails as well as a specific number of email accounts as opposed to the entire Yahoo email user base. It is not known what the agency is looking for except that it purportedly provided the company a set of characters to query.
To be fair, Reuters did not obtain the context of the compliance. It is not clear, for example, if there was an imminent national security threat that could have prompted Yahoo to direct its engineers to let the government crawl all arriving messages.
There is no official confirmation coming from Yahoo about the incident. The company merely issued a brief statement when reached for comment.
"Yahoo is a law abiding company, and complies with the laws of the United States," Yahoo told Reuters.
At this point, it is not clear what specific statutes Yahoo could have violated for non-cooperation. Apple and the Federal Bureau of Investigation have sparred over this subject, but it was not legally resolved.
Ultimately, email privacy is guaranteed by the U.S. Constitution under the Fourth Amendment. Several states have also introduced more explicit privacy protections. A specific law called Electronic Communications Privacy Act also covers email privacy, but this law only protects stored email messages. Additionally, the law exempts email providers under its "provider exception," which allows companies such as Yahoo to process their users' emails for advertising purposes.
Some sectors, however, are now branding the government's Yahoo surveillance as unconstitutional.
"This is big brother on steroids and it must be stopped," Congressman Ted Lieu stressed. "If true, the government's directive to Yahoo to write a software program and search all of its customers' incoming emails for certain content is a gross abuse of federal power."
The Yahoo incident has shined light on the imperative to implement the end-to-end encryption on email messages. Here, only the owner will be able to view email messages.
Photo: Eric Hayes | Flickr