Yahoo Issues Tone Deaf Non-Denial Denial Of Email Scanning Report
from the blink-twice-if-you're-being-forced-to-say-this dept
After basically all the big tech companies have come out with strong and clear denials, Yahoo this morning released a silly mealy mouthed non-denial denial, written by a PR firm, that took almost 24 hours to craft:Good morning –
We are reaching out on behalf of Yahoo regarding yesterday’s Reuters article. Yahoo said in a statement:
“The article is misleading. We narrowly interpret every government request for user data to minimize disclosure. The mail scanning described in the article does not exist on our systems.”
Best,
The Joele Frank Team
Media to Yahoo: Did you eat all the cookies?
— Christopher Soghoian (@csoghoian) October 5, 2016
Yahoo *with crumbs and smeared chocolate around mouth*: We do not have any cookies.
More importantly, note that they say they want to minimize disclosures. But that's not the key issue here, as Chris Soghoian points out. The Reuters report was on the searching of all emails, not the disclosure bit. Yes, sure, it seems clear that after searching everyone's email, Yahoo likely only "disclosed" a small number to the NSA, but that's not really the point, is it?
I mean, I guess this statement is better than Yahoo's original: "Yahoo is a law abiding company, and complies with the laws of the United States" statement. But, it's not very reassuring. Much more important is what Yahoo could have said, but didn't.
What Yahoo could have easily said but didn't: “We have not conducted such scanning. We produce content only about specific accounts."
— Julian Sanchez (@normative) October 5, 2016
The NSA or the Director of National Intelligence could help clear this up, but so far they're going all Glomar on any questions:
NSA's Rogers neither confirmed nor denied Yahoo story. #cambridgecyber
— Ken Dilanian (@KenDilanianNBC) October 5, 2016
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: email, mass surveillance, non-denial denial, nsa, scanning, section 702
Companies: yahoo
Reader Comments
Subscribe: RSS
View by: Time | Thread
Considering..
http://www.cnn.com/2016/10/05/politics/intelligence-contractor-arrested-stealing-secrets/index.html
h ttp://www.nytimes.com/2016/10/06/us/nsa-leak-booz-allen-hamilton.html
[ link to this | view in thread ]
Confirmed!
[ link to this | view in thread ]
Well, it's better than the alternative of letting the NSA search it, because at least this way the NSA doesn't have everyone's emails.
[ link to this | view in thread ]
Re:
Sorry cupcake, we do.
[ link to this | view in thread ]
Narrow Interpretation
Further, the request was narrowed to only search emails from the present to the past, and excluding all future emails to be sent once the ongoing search operations cease.
[ link to this | view in thread ]
Re:
Maybe Hills and The Don can cover this at the next debate while we consider better degrees of awful candidates.
[ link to this | view in thread ]
They're lying through thier teeth, Mike, and you know it.
Which mean absolutely NOTHING given their LONG CONCRETELY ESTABLISHED HISTORY OF LYING.
[ link to this | view in thread ]
Re: They're lying through thier teeth, Mike, and you know it.
You know damned well that no one can lie through Thier's teeth, as Thier hasn't had any teeth for at least a decade.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: They're lying through thier teeth, Mike, and you know it.
[ link to this | view in thread ]
[ link to this | view in thread ]
As always
[ link to this | view in thread ]
Re: Considering..
[ link to this | view in thread ]
[ link to this | view in thread ]
"What we do is legal" and "Our policy is to do X" are standard boilerplate responses.
This means that, yes, they're remaining silent for now, which can be interpreted Yahoo is guilty as fuck, but they don't know yet if they can cover this up and if not, who to can as a scapegoat. Also, if incidental, who is actually responsible.
If Yahoo doesn't change their statement soon, it's going to default to we don't give two shits for our end users. All we care about is short-term dividends and executive paychecks.
So...stay tuned!
[ link to this | view in thread ]
Re: "What we do is legal" and "Our policy is to do X" are standard boilerplate responses.
[ link to this | view in thread ]
Of course Yahoo is lying
And so on. Frankly, I doubt that they had the technical competence to execute this task correctly, a speculation substantiated by the resignation of their security guy and his statement that this implementation compromised user accounts.
Gee. You don't think that had anything to do with 500M+ accounts we found about last week, do you?
The best thing that could happen for the Internet at this point is (1) the export of all remaining useful data from Yahoo and (2) its immediate shutdown.
[ link to this | view in thread ]
That's right Yahoo is now a Verizon thing.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Considering..
[ link to this | view in thread ]
RE:
[ link to this | view in thread ]
Re:
Is that the only alternative you can see? How about the government not having warrantless access to anyone's emails?
[ link to this | view in thread ]
Fight?
I'm curious how a random tech company would be able to fight?
I guess a good answer is to spend a bunch of money to implement end-to-end encryption (and then even more, to do it properly)... but that doesn't work for email, or message boards, or a bunch of other situations.
But even then, how does a random tech company fight back against demands from the government to open a back door?
The only options I can see end up being to be to fight it in court (Apple), or to fold the company and liquidate the equipment (Lavabit). Both are horrifically expensive, and either way the cost is ultimately borne by the customer.
[ link to this | view in thread ]
Fighting in court / Folding and liquidating
For companies not big enough to fight, when they instead fold in protection of their customers, that reputation of integrity goes with them to their next line of work. It shows they're solid and willing to suffer a terrible setback to uphold the privacy and security of their customers.
That's the impetus (other than sleeping soundly) of Alex Stamos quitting Yahoo when he discovered his superiors circumvented him in adding their (vulnerability-laden) spy code.
Stamos did the right thing, and he may well be chosen for a hire based on that very action.
[ link to this | view in thread ]
Re: Re: They're lying through thier teeth, Mike, and you know it.
They can't. People want to insist that the tech companies are lying, but there's been *zero* evidence to support this. The telcos, yes, but not the internet companies.
[ link to this | view in thread ]
Re: Fighting in court / Folding and liquidating
Massive companies can afford to go to court, hoping that the PR boost from fighting for their customers comes back to their bottom line.
Individual employees, or tiny companies like Lavabit can afford to fold up operations, because those people are making the decision for themself.
What if you're the owner of a company with a dozen employees? A hundred? A thousand, across multiple countries? You may be able to get work again quickly on the back of a reputation of "standing up to the man"... but how long until you can afford to re-hire all of those employees again? Will they be able to hold out for long enough?
Plus, as one of your customers, how do I know that your new product is going to be around for long enough to get use out of it? Especially if you're offering a service, what happens when the government targets your new service in six months time? At what point does "have backup providers ready" become "just use a different provider"?
It's not just tech companies either; tax accountants, builders and tradespeople (we need you to install a bug while you're doing this job)... I don't know if lawyers are on this list; would client-attorney privilege trump an NSL? And that's probably the best solution for the people - reverse the third party doctrine, and give client-attorney-like privilege to ALL dealings between customers and their providers/contractors! Good luck with that, though.
[ link to this | view in thread ]
Re:
It's better than killing and eating babies, so that makes it OK!
[ link to this | view in thread ]
Good Riddance I know you shouldn't attribute to malice what can be adequately explained by incompetence but with Yahoo the bar is flat on the ground.
[ link to this | view in thread ]
Would client / attorney privilege trump an NSL?
I suspect there's a way to do it legally with a string of lawyers, but I am completely unqualified even to speculate.
[ link to this | view in thread ]
THE LAISSEZ FAIRE CARTE BLANCHE BEFORE THE HORSE
.
These commissions and omissions by Yahoo, NSA and others are not merely "inadvertent mishaps" requiring belated apologies from the perps!... but, rather, premeditated breaches of the most important sanctions that a country can bestow on its citizens!... A-N-D W-H-I-C-H T-R-A-N-S-C-E-N-D M-E-R-E C-R-I-M-I-N-A-L A-C-T-S C-O-M-M-I-T-T-E-D B-Y W-H-O-M-E-V-E-R! Such commissions and omissions strike at the very core/ heart of who and what we are!... A-N-D T-H-U-S, T-H-I-S I-S W-H-Y S-U-C-H B-R-E-A-C-H-E-S A-R-E D-E-S-E-R-V-I-N-G O-F O-U-R H-A-R-S-H-E-S-T O-F P-E-N-A-L-T-I-E-S!
.
Please!... no emails!
[ link to this | view in thread ]