Yahoo Secretly Built Software To Scan All Emails Under Pressure From NSA Or FBI

from the uh-wait-a-second dept

Tue, Oct 4th 2016 11:48am — Mike Masnick

So Reuters had a big exclusive report this morning about Yahoo creating "custom software to search all of its customers' incoming emails for specific information" at the behest of the NSA or FBI. This was built last year -- which came well after the Snowden disclosures, and after Yahoo had been revealed to have legally challenged earlier NSA dragnet attempts -- and after it had rolled out end-to-end encryption on email.

Apparently, this was a decision made at the top by Marissa Mayer, and pissed off the company's top security guy, Alex Stamos (who is awesome and a big supporter of end-to-end encryption) leading him to leave the company (and move to Facebook, where he is currently).

According to the two former employees, Yahoo Chief Executive Marissa Mayer's decision to obey the directive roiled some senior executives and led to the June 2015 departure of Chief Information Security Officer Alex Stamos, who now holds the top security job at Facebook Inc."Yahoo is a law abiding company, and complies with the laws of the United States," the company said in a brief statement in response to Reuters questions about the demand. Yahoo declined any further comment.

Of course, this comes out less than a week after the NY Times had a big report on how Mayer de-prioritized security, despite having built up a great team of computer security experts called "The Paranoids." But, Mayer apparently downplayed or blocked their efforts, leading many to go elsewhere. And now we find out that Yahoo agreed to create this special software for scanning all emails for certain phrases or keywords. Bizarrely, this new report notes that Mayer gave the task of writing this software not to the security team, but to email engineers, leaving the security team in the dark, until they discovered it, thinking it was malware:

They were also upset that Mayer and Yahoo General Counsel Ron Bell did not involve the company's security team in the process, instead asking Yahoo's email engineers to write a program to siphon off messages containing the character string the spies sought and store them for remote retrieval, according to the sources.

The sources said the program was discovered by Yahoo's security team in May 2015, within weeks of its installation. The security team initially thought hackers had broken in.

When Stamos found out that Mayer had authorized the program, he resigned as chief information security officer and told his subordinates that he had been left out of a decision that hurt users' security, the sources said. Due to a programming flaw, he told them hackers could have accessed the stored emails.

Now, there are still a number of open questions about this: chief among them if others, such as Google, Microsoft, Facebook, and Twitter were similarly compelled to create similar software. This may not be that meaningful, but the article does not say that it was a FISA Court "order" but rather a "directive" that compelled this:

The company complied with a classified U.S. government directive, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said two former employees and a third person apprised of the events.

The question then is what secret "directive" does the government have that allows such broad scanning? The most likely (but certainly not the only) possibility is a stretched interpretation of Section 702 of the FISA Amendments Act. That Section is responsible for two known programs for the NSA to collect info: PRISM, which had big tech companies sharing specific information with the NSA, and "upstream" collection in which broadband providers like AT&T would scan all traffic for certain information. Without more detail, it's a little difficult to know what happened here, but it sounds like something in between PRISM and upstream -- in which online service providers were similarly asked to scan all content for certain information.

It seems clear that Yahoo either didn't think it could win a legal fight over this (certainly a possibility), or that it just didn't want to. At the very least, this seems like yet another example of totally secretive rulemaking by the US government on what surveillance capabilities are legal, without any public review or adversarial process designed to make sure that civil liberties are protected. I know that many of the more paranoid folks out there think that the NSA already had deals with the big companies to scan all content, but they weren't supposed to, and as far as we knew they did not as of a few years ago. But if that changed last year, that's a big, big deal, and much more information needs to become public on this.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: alex stamos, bulk collection, email, marissa mayer, mass surveillance, nsa, privacy, scanning, section 702
Companies: yahoo

79 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

TruthHurts (profile), 4 Oct 2016 @ 11:58am

Yahoo committed treason against this nation.
Obviously Yahoo is *NOT* a law abiding company as they broke the 4th Ammendment in such a way that constitutes treason to the American people.

How does it constitute treason? It failed to protect the American people in their "right to be secure in their persons, houses, papers, and *effects*, against unreasonable searches and seizures" This constitutes grave damage to the people of this nation by Yahoo's betrayal of trust, which is one of the definitions for Treason.

Now, I don't know about you, but I damned sure count my e-mails as "personal effects", and am damned sure that I have not, and will not allow anyone from the lowliest beggar to the PoTUS or SCoTUS to redefine them in any way.
[ link to this | view in thread ]
Anonymous Coward, 4 Oct 2016 @ 12:00pm

And this is why I am currently switching to protonmail as my main provider. One must wonder, how much is the US tech industry losing by eroded user trust, and when will the drop off reach critical mass, killing the entire sector? I am certanly running away from US based services, and urging everybody I know to do the same
[ link to this | view in thread ]
Ninja (profile), 4 Oct 2016 @ 12:01pm

As if Yahoo needed any more nail in its coffin. And it will spill in other companies as the article notes. The US Govt via their intel are dismantling any and all trust people had on their companies. One has to wonder how much it has already cost. In the end, no terrorist has ever done as much damage as the Govt itself did to the country be it by eroding Constitutional rights or directly by driving people away from doing business with the US.
[ link to this | view in thread ]
Anonymous Coward, 4 Oct 2016 @ 12:07pm

To paraphrase: The US government has always been at war with everybody in the world who is not part of that government,
[ link to this | view in thread ]
I.T. Guy, 4 Oct 2016 @ 12:17pm

"I know that many of the more paranoid folks out there think that the NSA already had deals with the big companies to scan all content"
[Raises hand]

Once a "conspiracy theory" pondering, turns out to be true... AGAIN!!! And again and again and again.

Ok smart people... why would the gov do this to Yahoo and not MicroGoogleBook?
[ link to this | view in thread ]
Anonymous Coward, 4 Oct 2016 @ 12:20pm

Adjust your threat model
Assume this is the rule, not the exception. All providers that can be reached by the state are likely to be compromised.

It is not a leap to imagine a similar system applying to voice phone conversations.
[ link to this | view in thread ]
Anonymous Coward, 4 Oct 2016 @ 12:23pm

"There is a lot of talk about data coming out of facebook: is it coming to me? is it coming to him? is it coming to them? They want you to think that the threat is data coming out. You should know that the threat is code going in." - Eben Moglen

Social media and communications platform have become defacto platforms of societal surveillance.
[ link to this | view in thread ]
Anonymous Coward, 4 Oct 2016 @ 12:24pm

Re:
"So you are looking for classes of people. You don’t know their names, but you know what they are like you know who is recrutable for you as an agent you know who are likely sources, you can give the social characteristics of your adversaries, and once you know your adversaries, you can find the influencables.

So what you want to do is run code inside facebook. It will help you find the people that you want it will show you the people whose behavior and whose social circles tell you that they are what you want by way of agent, sources what their adversaries are and who you can torture to get to them.

So you don’t want data out of facebook the day you have data out of facebook it is dead. You want to put code into facebook and run it there and get the results you want to cooperate."
[ link to this | view in thread ]
Anonymous Coward, 4 Oct 2016 @ 12:33pm

I'm going to drop this here:
https://www.amazon.com/gp/product/B00UMBGZH4/ref=kinw_myk_ro_title

It's kind of, sort of, possible even now.
[ link to this | view in thread ]
HegemonicDistortion (profile), 4 Oct 2016 @ 12:35pm

Maybe CALEA or even All Writs Act? Yahoo would be an easier target since they have the least incentive to defend against it (in trying to sell the remaining shell of the company).
[ link to this | view in thread ]
OldGeezer (profile), 4 Oct 2016 @ 12:37pm

This would only catch really dumb terrorists
Any terrorists who don't use encryption would have to be incredibly ignorant to spell out their plots using the keywords these programs are looking for. It really isn't hard to figure out what words and phrases would be on the naughty list. Don't you think they would at least use some sort of code? Criminals have been doing this for ages from Mafia families to street level drug dealers. What a colossal waste of time and money.
[ link to this | view in thread ]
That One Guy (profile), 4 Oct 2016 @ 12:42pm

Re:
Pretty much the only reason I can think of why the government might not give Microsoft, Google or Facebook the same treatment is that those companies likely have more money and could afford to fight back.
[ link to this | view in thread ]
Anonymous Coward, 4 Oct 2016 @ 12:46pm

Re: This would only catch really dumb terrorists
What a colossal waste of time and money.

Not if your intent is to preserve the political status quo, and nip protest movements in the bud by identifying people to put on the no-fly list or otherwise hinder the potential leaders ability tom meet with each other, or get to Washington to lead the Protest. Asset seizure of vehicles is another handy tool for this purpose
[ link to this | view in thread ]
Anonymous Coward, 4 Oct 2016 @ 12:46pm

Re:
"As if Yahoo needed any more nail in its coffin"

If I was a disgruntled ex-employee selling my stock would be a wise move before leaking to the press.
[ link to this | view in thread ]
I.T. Guy, 4 Oct 2016 @ 12:47pm

Re: This would only catch really dumb terrorists
This has nothing to do with catching terrorists.
[ link to this | view in thread ]
Digitari, 4 Oct 2016 @ 12:50pm

Hmmmm
Could this explain Hillary's use of a "Private email sever"? you say it was all done in the last year, but I wonder...
[ link to this | view in thread ]
That One Guy (profile), 4 Oct 2016 @ 12:50pm

Worse than nothing
This was built last year -- which came well after the Snowden disclosures, and after Yahoo had been revealed to have legally challenged earlier NSA dragnet attempts -- and after it had rolled out end to end encryption on email.

So they spend time and money to implement end-to-end encryption for the email, and then spend time and money to implement code that makes that completely worthless.

At this point they'd have been better off never bothering with end-to-end encryption at all because it's blatantly clear that they'll break it the second someone with enough power asks them to.
[ link to this | view in thread ]
I.T. Guy, 4 Oct 2016 @ 12:55pm

Wouldn't it be sweet sweet irony if the 500 million users info that was copied was caused by the writing of a special program to search all customers' emails in transit.
[ link to this | view in thread ]
Anonymous Coward, 4 Oct 2016 @ 12:57pm

If all they did was modify their spam detection software, then I don't think the bad guys have anything to worry about.
[ link to this | view in thread ]
Anonymous Coward, 4 Oct 2016 @ 1:00pm

Re: Hmmmm
Does that also mean she was using a bunch of terms that would flag the system?
[ link to this | view in thread ]
bob, 4 Oct 2016 @ 1:01pm

The real question is why are people using yahoo email in the first place.
[ link to this | view in thread ]
anonymous me, 4 Oct 2016 @ 1:01pm

Re:
"The US government has always been at war with everybody in the world who is not part of that government,"

...as well as with some who are.
[ link to this | view in thread ]
Anonymous Coward, 4 Oct 2016 @ 1:08pm

Re: Yahoo committed treason against this nation.
breaking the 4th has NOTHING to do with treason. The term "Treason" has a definition explicitly established in the Constitution to prevent people like you from misusing the Term.

That being said, Treason is definitely occurring just not in the manor of which you are accusing. Yahoo is not required to honor the 4th in regards to the email accounts it hosts, it is not an extension of the Law, this is just more 3rd party doctrine being used for government to skirt the 4th. Since these actions are not being used to aid an enemy of the US (that we know of) then it cannot be classified as treason. For now, it is just fucking unconstitutional... not that any of my fellow citizens give a flying fuck though. As long as they have their Cheeze Whiz and Superbowl Sundays... they are are kept little arm chair patriots.

Every Nation gets the Government it Deserves!
~Joseph De Maistre
[ link to this | view in thread ]
kallethen, 4 Oct 2016 @ 1:11pm

Re:
My email address from my old dial-up ISP (AT&T) is managed through Yahoo Mail. I would be surprised that's a wide-spread userbase of Yahoo Mail.

Between this and other recent revelations, I'm seriously thinking I should completely shut down the account and use a new email address. The problem is... who to trust?
[ link to this | view in thread ]
UniKyrn, 4 Oct 2016 @ 1:11pm

So who watched the NOVA episode about 15 years of terrorism and was annoyed when it wasn't a documentary about the abuses of .gov, it was a puff piece about security theater?

We don't have the ability to stop them because we don't know who they are, what they're doing and we're denied legal means of fighting back. Some might call it searching for a needle in a haystack. These days, it seems more like finding the hay in a stack of needles.
[ link to this | view in thread ]
HegemonicDistortion (profile), 4 Oct 2016 @ 1:23pm

Even worse than previous programs
The biggest development here, it seems to me, is that this operation completely does away with any notion of a criminal predicate. Previous efforts have mostly been about "connecting dots," i.e. searching those communicate with suspected terrorists, or at least those communicating with people from what the US deems TerrorLand.

But this, this is a search of everyone, right from the start, no suspicion or even mere connection to some suspect. It's the equivalent of searching everyone's house for evidence they committed some crime. It's an actual general warrant.
[ link to this | view in thread ]
art guerrilla (profile), 4 Oct 2016 @ 1:26pm

Re: This would only catch really dumb terrorists
hat-way if-yay errorists-tay earn-lay ig-pay atin-lay ? ? ?
[ link to this | view in thread ]
Padpaw (profile), 4 Oct 2016 @ 1:33pm

Re: This would only catch really dumb terrorists
not meant to catch terrorists its meant to catch dissenters.

Political protesters, people with jobs those in charge don't like, people that do legal stuff those in charge don't like.

Whoever is running the US government has no respect for their own laws or constitutional rights. American citizens do not have any protections they think they do, when those running the show ignore them.
[ link to this | view in thread ]
Padpaw (profile), 4 Oct 2016 @ 1:36pm

Re: Re:
no one, seems to be the safest idea
[ link to this | view in thread ]
JustShutUpAndObey, 4 Oct 2016 @ 1:44pm

This explains why Yahoo email is so slow...
eom
[ link to this | view in thread ]
Anonymous Coward, 4 Oct 2016 @ 1:49pm

We don't need more detail to know if Google participated. It's a literal given that they participated.
[ link to this | view in thread ]
Chryss (profile), 4 Oct 2016 @ 1:53pm

Re: Re:
This is what I keep wondering. Is there any company ou there offering meaningful security and privacy, not just for email, but virus scanners etc?
[ link to this | view in thread ]
I.T. Guy, 4 Oct 2016 @ 1:58pm

Re: Re:
They may have and lost in a secret tribunal.
[ link to this | view in thread ]
Anonymous Coward, 4 Oct 2016 @ 2:01pm

Wait a minute...they BUILT software?!
And now we find out that Yahoo agreed to create this special software for scanning all emails for certain phrases or keywords.

Why would anyone who knows ANYTHING about email do that?

Software to do exactly that has existed, in numerous forms, since the last century. To name just one piece of it, out of dozens and dozens: SpamAssassin. (Of course SpamAssassin does much more than that, but stay with me here.)

It would be the work of a few hours to take the list of words, character strings, or phrases provided by the government, configure it into SA, remove everything else, and set it up to either copy messages to a secondary mailbox or divert them entirely (so that the intended recipient never got them). I'd imagine that the former would be desirable in order to avoid alerting recipients and thus, eventually, senders.

This is a trivial task for anyone who's run a mail system for a couple of years and has worked with the various moving parts, i.e., SMTP servers, POP and IMAP servers, anti-spam configuration, and so on. It's not a development task: it's a configuration task, since all the pieces already exist and just need to be put together.

Incidentally, while not in play here, searching already-stored mail is equally trivial. See "grepmail" for -- again -- one of many readily-available tools.

So why is Yahoo telling us that they had to build this? And especially why are they telling us that when we all know they already have content-scanning software deployed in the their mail system? (It's part of the anti-spam, anti-malware defenses they like to brag about.)
[ link to this | view in thread ]
OldGeezer (profile), 4 Oct 2016 @ 2:01pm

Re: Re: This would only catch really dumb terrorists
Agreed, but terrorism is always what they to justify any snooping. Targeted surveillance has worked in a few cases but most of the time the feds still blow it. Before 9/11 they were wiretapping the house that was used to relay messages between Al-Qaeda leaders and operatives. The NSA knew that known terrorists made it into the country with legal visas. They not only failed to share intelligence with the FBI but they somehow lost track of them much of the time. A flight instructor informed authorities of mid eastern men who wanted to fly but did not want to learn to land a plane. The no fly list is such a joke that these men with known terrorist ties were allowed to board using their real names. Many other mistakes were made that could have prevented the attack. The feds have the mentality of "collect it all" that has NEVER worked.
[ link to this | view in thread ]
Skeeter, 4 Oct 2016 @ 2:10pm

Missing the Details
Funny, everyone focused on the actions we know are already transpiring, not one-single-question about 'what string or phrase were they searching all these e-mails for'.

Isn't it quite curious that three sources dropped-a-dime on the government, Yahoo, and what happened - but across a dozen stories, not one single one stated 'what they are searching for'?

HINT: It is ONE person (and goofy search strings they think will lead them to him by querying), and beyond that, I can't say more. Maybe someone could share more-interest in 'what' they are searching for, instead of the obvious - their breaking the law to find him, er, it.
[ link to this | view in thread ]
David, 4 Oct 2016 @ 2:14pm

Re: Yahoo committed treason against this nation.
The 4th amendment restricts the power of the government. Last time I looked, Yahoo was not part of the government. The 4th Amendment should have enabled Yahoo to state "Sorry folks, you are overstepping your authority unless you can show us a warrant issued upon probable cause for all of our customers and we aren't required to be an asset to your attempt of violating the Bill of Rights.", not required them to do so.

But apparently the Constitution is no longer the highest law of the land and superseded by secret laws that are not even open to democratic scrutiny. Nobody knows what rights and recourse Yahoo or U.S. citizens have under those secret laws: the government does what it wants to and labels its own rules a state secret. Basically everybody pretends that there has been a military coup and the Constitution has been suspended, with the Bill of Rights being optional for the government.

Yahoo is not treasonous but incompetent and sleazy if they don't do their part in protecting their users' rights.

The treason is committed by the government. Execute everybody involved with putting the Constitution out of order and see whether the rest then understands that swearing an oath on the Constitution is serious business.

Oaths have meanings. And it's not Yahoo who had to swear an oath on the Constitution in order to be admitted into service of the People of the United States of America.
[ link to this | view in thread ]
Anonymous Coward, 4 Oct 2016 @ 2:18pm

Re:
"Wouldn't it be sweet sweet irony if the 500 million users info that was copied was caused by the writing of a special program to search all customers' emails in transit."

Except that the 500 million appeared to include very old accounts that had not been used in aeons. (I read somewhere) that was part of Marissa Mayer's justification for not doing an automatic password reset or sending out an earlier notification - the fear that users with old accounts would close the account rather than create a new password, hence leading to LOSS OF REGISTERED USERS - a disaster far worse PR than, you know, letting personal information be stolen. Far far worse, when one has stock prices, your own reputation and the next gig to care about.
[ link to this | view in thread ]
OldGeezer (profile), 4 Oct 2016 @ 2:19pm

Re: Re: This would only catch really dumb terrorists
That would probably work!!
[ link to this | view in thread ]
Anonymous Coward, 4 Oct 2016 @ 2:21pm

Re: Wait a minute...they BUILT software?!
"So why is Yahoo telling us that they had to build this? And especially why are they telling us that when we all know they already have content-scanning software deployed in the their mail system? (It's part of the anti-spam, anti-malware defenses they like to brag about.)"

They deliberately did NOT WANT their own IT/IT security teams to know what they were doing so they had this done by the email code team. The IT security team discovered it after it had gone live and they reported it upwards because they thought they'd caught Y! being hacked from outside.
[ link to this | view in thread ]
That One Guy (profile), 4 Oct 2016 @ 2:31pm

Re: Even worse than previous programs
Nonsense, it was a very narrowly worded 'request', it only applied to one entire company. The government could have 'requested' that Yahoo perform the same scanning of the databases of every US-based company, which of course would have still been very narrowly worded because it only applied to the companies based in one country.

And when, a few years down the road they 'request' that every company that sells to or offers service to anyone in the US does the same thing it will still be a 'narrowly worded request', because it only applies to companies on one planet.
[ link to this | view in thread ]
That One Guy (profile), 4 Oct 2016 @ 2:37pm

Re: Re: Re:
Good point, I completely forgot for a moment that something like this almost certainly wouldn't be before an actual court, but would be presented to the joke of a rubber-stamp that is FISA or something similar, in which case all the money in the world wouldn't help.
[ link to this | view in thread ]
afn29129 (profile), 4 Oct 2016 @ 2:43pm

Re: Worse than nothing
"and after Yahoo had been revealed to have legally challenged earlier NSA dragnet attempts -- and after it had rolled out end-to-end encryption on email. " What Yahoo has ISN'T end-to-end encryption on/for email. End-to-end is where the sender or recipient have the keys, and nothing to do with a transit-provider. If Yahoo really is making that claim, then they are lying their asses off.
[ link to this | view in thread ]
Anonymous Coward, 4 Oct 2016 @ 3:11pm

Re: Re: Wait a minute...they BUILT software?!
I get that. But this is software built, configured, and operated by the email team. Not by the security people.
[ link to this | view in thread ]
Anonymous Coward, 4 Oct 2016 @ 3:15pm

Re: Worse than nothing
To be fair, there's more than one government in the world that has the technological capability to split and mirror data from fibre optic cables. Those governments theoretically would be locked out still.

But as you pointed out, it looks like the NSA is trying to replicate BULLRUN domestically, which is a gigantic "fuck you" to Silicon Valley. We can reasonably assume the same has been imposed on other tech companies that publicly stated that they encrypted data between all their datacenters - Google and Facebook included. Perhaps this is the FBI order Sergey Brin and Larry Page refused to comply with in 2014 and were subsequently arrested for and walked out of Google HQ in handcuffs. Obviously they have since capitulated and agreed to comply with the order from the FBI since.
[ link to this | view in thread ]
Anonymous Coward, 4 Oct 2016 @ 3:16pm

Re: Re:
Trust yourself. It's the only one you can trust online. Use a random provider that won't sell your metadata and use PGP for your emails.
[ link to this | view in thread ]
Anonymous Coward, 4 Oct 2016 @ 3:24pm

Skeeter, you can't seriously expect us to believe that only one person is being looked for with this. Even in the extraordinarily unlikely case it is only one person, it's not like the FBI and/or NSA will close up this capability and never use it again.

I tire of spooks who pretend that the arbitrary discretion of Intelligence Community policymakers and analysts somehow make this okay in the slightest. It's a grossly disingenuous argument by someone who doesn't have the courage to stand by their convictions.
[ link to this | view in thread ]
Anonymous Coward, 4 Oct 2016 @ 3:27pm

Re: Re: Re: Wait a minute...they BUILT software?!
The security people would be better positioned to limit the data the tool provided to the minimum possible responsive to the legal order.
[ link to this | view in thread ]
Anonymous Coward, 4 Oct 2016 @ 3:35pm

Not to worry.
I have it on good authority that Yahoo requires requests to conduct searches with this tool be submitted on yellow sticky notes.
[ link to this | view in thread ]
Thad, 4 Oct 2016 @ 3:50pm

Re: Re: Re:
But MS has fought back publicly.

https://www.techdirt.com/articles/20160714/10134734971/huge-win-court-says-microsoft-does-n ot-need-to-respond-to-us-warrant-overseas-data.shtml

Now, that involved data stored on foreign servers, and it's certainly not a guarantee that MS has never complied with any other government requests for data. But it *does* imply that MS's leadership is cognizant of the importance of maintaining overseas customers' faith that the US government wasn't spying on their E-Mails, in a way that Yahoo wasn't.

Still and all, E-Mail is based on outdated, unsecure protocols, and, whether companies are complying with government spying requests or not, people should always assume that nothing they put in their E-Mail is really private.
[ link to this | view in thread ]
Thad, 4 Oct 2016 @ 3:54pm

Re: Re: Re:
PGP's not a remotely workable solution for most users. But people who read Techdirt? Yeah, not a bad suggestion.
[ link to this | view in thread ]
JMT (profile), 4 Oct 2016 @ 5:15pm

Re: Yahoo committed treason against this nation.
Your Truth won't Hurt much if you state falsehoods. Yahoo has neither broken the 4th Amendment nor committed treason. These things have actual definitions, you can't just make up your own you add drama to a legitimately concerning issue.
[ link to this | view in thread ]
Justme, 4 Oct 2016 @ 5:33pm

Re: Re: Yahoo committed treason against this nation.
I can't say it's treason, but if it's yahoo that is running the system to scan and select targeted emails before handing them over to the nsa/fbi. Then they are most certainly acting as a agent of the government.

Which would change the equation legally, compared to the government doing the scanning and selection of emails.
[ link to this | view in thread ]
anti-antidirt (profile), 4 Oct 2016 @ 6:12pm

Re: Yahoo committed treason against this nation.
The Fourth Amendment doesn't protect you from corporation's searches and seizures. That's considered a given, because obviously, Yahoo can't obtain a Warrant. Yahoo can't set up checkpoints either (in case you were wondering). The Amendments are limitations the Government have in relation to the People. Furthermore, if Yahoo had ONLY one customer and did this, immediately you'd jump to the treason charge?

Yahoo didn't damage the nation with it's "betrayal of trust." They were dipshits years ago. ANYONE using Yahoo in 2016 is someone that can't be trusted anyway.

Not treason.
[ link to this | view in thread ]
AJS (profile), 4 Oct 2016 @ 6:45pm

The next "directive"
"Please send us all emails containing any of the letters 'a, e, i, o, u, or y'"
[ link to this | view in thread ]
Anonymous Coward, 4 Oct 2016 @ 9:14pm

Yahoo really is a shitty company.
[ link to this | view in thread ]
Anonymous Coward, 4 Oct 2016 @ 10:13pm

The special characters NSA was looking for is...
find(*)
[ link to this | view in thread ]
Padpaw (profile), 4 Oct 2016 @ 10:16pm

Re: Re: Re:
In my case I am not all that worried to be honest. I don't use email for my personal life just for the various fake personalities I have set up for differant online things.

Not a single bit of my real name or life is associated in any way with any of my emails.

But then again I have always been paranoid about such things.
[ link to this | view in thread ]
Anonymous Coward, 4 Oct 2016 @ 10:21pm

Agent of the Government?
With all the money att, verizon, sprint, and other companies that gleefully hand over customers data and then bill the government, shouldn't they be considered a partially funded government entity.

I wonder if yahoo billed the government for all the IT work they had to do extra?
[ link to this | view in thread ]
John Mayor, 5 Oct 2016 @ 12:10am

GLOBAL FORENSIC ICT SOLUTIONS
Afterupon learning a couple weeks ago of the hack of ID on a 1/2 BILLION Yahoo customers, one should wonder how this company is managing to stay solvent!... and!... why users haven't kicked in the front doors of Yahoo's headquarters (let alone, haven't mounted the largest civil law suit in US history, and the largest "criminal roundup", and prosecution in US history!)!
.
This CYBER SHOCK AND AWE, has-- I feel!-- caused Netizens to become SHELL SHOCKED! I mean... one week you're wondering if an "intergalactic invasion" has hit earth, and the next week you're wondering whether the "aliens" are actually living next door!... and whether Donald Sutherland will knock any minute, and ask that your children accompany him to a "landing pad"!
.
It's A-B-U-N-D-A-N-T-L-Y C-L-E-A-R-- to me!-- that the BEHAVIOR of our "Internet Gatekeepers" is affecting/ impacting on everything we're attempting to do on the Net! In attempts to "catch the bad guy", these "Gatekeepers" have moved into the realm of P-S-Y-C-H-O-P-A-T-H-I-C B-E-H-A-V-I-O-R!... and leaving many Netizens with little-- OR N-O!-- recourse!
.
It's time for a G-L-O-B-A-L C-O-A-L-I-T-I-O-N O-F N-G-O-+-N-P-O S-E-C-U-R-I-T-Y A-D-V-O-C-A-C-I-E-S, T-O M-O-U-N-T T-H-E L-A-R-G-E-S-T N-E-T-I-Z-E-N L-A-W-S-U-I-T I-N H-I-S-T-O-R-Y, A-N-D T-H-E E-S-T-A-B-L-I-S-H-M-E-N-T O-F T-H-E L-A-R-G-E-S-T "N-E-T-I-Z-E-N I-C-T D-E-F-E-N-C-E L-E-A-G-U-E I-N H-I-S-T-O-R-Y"!
.
Enough!... of allowing Netizens to walk around with their hands over their ears!... to lesson the impact of the "daily explosions"!
.
Please!... no emails!
[ link to this | view in thread ]
PaulT (profile), 5 Oct 2016 @ 12:21am

Re: Missing the Details
"Isn't it quite curious that three sources dropped-a-dime on the government, Yahoo, and what happened - but across a dozen stories, not one single one stated 'what they are searching for'?"

No, because it's irrelevant to Yahoo's actions.

"HINT: It is ONE person"

...and you know this because...?
[ link to this | view in thread ]
David, 5 Oct 2016 @ 1:19am

Frankly,
to me the denials from other companies sound like "well yeah, we obey the same kinds of request, just less amateurishly".

It seems to take a Mayer to effectively say "You want a backdoor? I'll give you a backdoor! Let's pull down our city walls for you!"

She puts the ancient Trojans to shame. It would seem that she left her "Don't Do Evil" motto at Google. Not that they had any use for it.
[ link to this | view in thread ]
Lord Lidl of Cheem (profile), 5 Oct 2016 @ 3:03am

Having read about this earlier and then watching the google livestream last night all I could think of was - what if google are doing the same thing and prepping a government version of its assistant...

OK Google, tell me what crimes are happening in this area?
"There are 18 drug deals currently going occurring in a 15 mile radius - would you like to see them on a map?"
[ link to this | view in thread ]
OldGeezer (profile), 5 Oct 2016 @ 4:20am

Re: Re: Re: Re:
Just because you are paranoid doesn't mean they aren't out to get you!
[ link to this | view in thread ]
Whatever, 5 Oct 2016 @ 6:16am

This is clearly all Snowden's fault. If he didn't leak that information, nobody would have known about this. This country is weaker thanks to that filthy traitor.
[ link to this | view in thread ]
Anonymous Coward, 5 Oct 2016 @ 6:55am

Re: Re:
"The US government has always been at war with everybody in the world who is not part of that government,"

NSA's explicit responsibility is to attack other countries and defend the U.S. *government*. Nowhere in their charter does it say anything about protecting U.S. companies or citizens.
[ link to this | view in thread ]
David, 5 Oct 2016 @ 9:39am

Re:
As if Yahoo needed any more nail in its coffin.

That coffin must be worth a fortune in scrap metal by now. Probably Yahoo's primary asset.
[ link to this | view in thread ]
Anonymous Coward, 5 Oct 2016 @ 10:00am

Re: Re: Yahoo committed treason against this nation.
Last time I looked, Yahoo was not part of the government.

Um, but if Yahoo is acting as an agent of the government by I don't know say instituting a government surveillance system.
[ link to this | view in thread ]
Anonymous Coward, 5 Oct 2016 @ 10:02am

Trust
This is exactly why the USA will lose the technology industry to foreign competitors.
[ link to this | view in thread ]
Anonymous Coward, 5 Oct 2016 @ 1:00pm

Re: GLOBAL FORENSIC ICT SOLUTIONS
I know your trolling, but when chunk of your text is big and dashed you just make it harder to read instead of adding emphasis like you think.

Also the shouting just makes people not want to read the post.

If you just share your insight like a normal person more eyes will bother to read it. ;P
[ link to this | view in thread ]
Anonymous Coward, 5 Oct 2016 @ 1:01pm

Re: Re: GLOBAL FORENSIC ICT SOLUTIONS
Yes I know I made a grammar mistake, it's you're not your.

Where is the edit button... :(
[ link to this | view in thread ]
Anonymous Coward, 5 Oct 2016 @ 1:04pm

Re:
Yeah assistant is so worthless, every time I ask where drugs are it doesn't know.
[ link to this | view in thread ]
Thad, 5 Oct 2016 @ 1:25pm

Re: Re: GLOBAL FORENSIC ICT SOLUTIONS
See, I'm not actually sure if he's trolling or if he's legitimately disturbed.
[ link to this | view in thread ]
John Mayor, 5 Oct 2016 @ 3:51pm

Re: Re: GLOBAL FORENSIC ICT SOLUTIONS
Shhh!... go back to sleep!... and stop pretending you can think!
.
Please!... no emails!
[ link to this | view in thread ]
John Mayor, 5 Oct 2016 @ 4:18pm

Re: Re: Re: GLOBAL FORENSIC ICT SOLUTIONS
Hey!... Jude!... patron saint of desperate cases and lost causes! Take your "sad song", and make it better! Remember!... it's a fool who plays it cool... by making his world a little colder!
.
Please!... no emails!
[ link to this | view in thread ]
Anonymous Coward, 6 Oct 2016 @ 6:15am

Re:
"Social media and communications platform have become defacto platforms of societal surveillance."

Duh!!

"Social network" is simply another name for "Surveillance network".

When Google, Facebook, Twitter, Linked-In, etc., build surveillance platforms to sell consumer data to advertisers, why wouldn't the government use the third party doctrine to get the information?

The government could simply have purchased access to the information like any other paying customer, but by using secret rubber-stamp FISA orders, they get the information for free.
[ link to this | view in thread ]
Anonymous Coward, 7 Oct 2016 @ 12:47am

Not that this matters anymore considering CISA allows for EXACTLY this kind of surveillance. Still unconstitutional though no matter how you look at it.
[ link to this | view in thread ]
Anonymous Coward, 9 Oct 2016 @ 11:12pm

Just metadata.........my ASS

Bunch of no good lying human life interferers
[ link to this | view in thread ]
Mac (profile), 24 Sep 2018 @ 8:59pm

Problems with PRISM? Use PrismCipher!
Nobody is going to stop the NSA from mining, recording, indexing and analyzing email traffic. But we can make the effort cost a little more with encryption. PrismCipher is user-to-user encryption that works with Gmail and Yahoo email. It prevents Google, Yahoo, the NSA and anyone else from parsing and analyzing your emails.
[ link to this | view in thread ]