Pic: AP
Yahoo calls report on secret email scanning for U.S. intelligence ‘misleading’
YAHOO has challenged a media report that said it had built a secret software allowing U.S. intelligence agencies to scan all of its customers’ incoming emails, calling the article “misleading” and claiming the software described “does not exist”.
Reuters reported on Tuesday that sources close to the matter revealed that Yahoo had agreed to demands by the National Security Agency or FBI to scan hundreds of millions of emails. Such an action would be the first time a U.S. Internet company has complied with a government request of this nature by searching through every incoming message rather than a pre-determined set of stored messages or a small number of accounts.
SEE ALSO: Apple issues security fix after hack attempt on UAE activist Ahmed Mansoor
However, Yahoo has hit back at the report. The company issued a statement saying: “The article is misleading. We narrowly interpret every government request for user data to minimize disclosure. The mail scanning described in the article does not exist on our systems.”
The mail scanning system Yahoo is referring to was reportedly signed off by CEO Marissa Mayer and Yahoo General Counsel Ron Bell, who allegedly told the company’s email engineers to produce a code that gathered messages containing certain characters the intelligence agency was looking for and “store them for remote retrieval”.
Reuters’ sources said Alex Stamos, Yahoo’s Chief Information Security Officer, resigned after learning the program was approved by Mayer. Stamos joined Facebook as the social network’s Chief Security Officer in June, but did not mention any issues with Yahoo.
Yahoo built a mechanism that allows the NSA & FBI to scan its users’ incoming emails for specific characters/words: https://t.co/B7cquCs2G1
— Free Press (@freepress) October 5, 2016
The FBI order is particularly unusual as it brought Yahoo to perform a systematic scan of all incoming messages rather than individual accounts.
A spokesperson for Google was quoted by Reuters as saying: “We’ve never received such a request, but if we did, our response would be simple: ‘No way’.” A spokesperson for Microsoft also echoed the same sentiment, but did not say whether they too had received such a request.
Although Yahoo now insists that such a program does not currently exist, they did not outright deny complying with the FBI’s request for secret information on their customers.
This report comes less than two weeks after Yahoo revealed that they knew a massive data attack took place in 2014, and failed to issue a password reset earlier.
SEE ALSO: Yahoo just admitted to knowing hackers stole information of 500m users in 2014
This means more trouble on the horizon for Verizon, the biggest wireless communications service provider in the U.S., who in July had set out to acquire Yahoo’s core Internet business for US$4.8 billion. In fact, Yahoo’s former CEO Ross Levinsohn told CNBC that his old company may not have disclosed their issues to Verizon despite knowing about them earlier.
In Levinsohn’s opinion, Verizon should be asking Yahoo for a “discount” following these new revelations.
READ MORE
- The criticality of endpoint management in cybersecurity and operations
- Ethical AI: The renewed importance of safeguarding data and customer privacy in Generative AI applications
- How Japan balances AI-driven opportunities with cybersecurity needs
- Deploying SASE: Benchmarking your approach
- Insurance everywhere all at once: the digital transformation of the APAC insurance industry