Yahoo Allegedly Scanned Incoming Emails on Behalf of NSA, FBI

This all happened last year, even after Snowden's revelations and government reforms.


Richard B. Levine/Newscom

When Edward Snowden revealed the existence of several mass surveillance systems by which the National Security Agency (NSA) collected metadata about the communications of all Americans, President Barack Obama and supporters of the NSA from both parties were quick to tell Americans, "Nobody from the government is reading your emails."

It turns out that's because they were dragooning tech companies into doing it for them. Today Reuters, based on information from a couple of former Yahoo employees, is reporting that the tech company built a custom software program to search the content of emails for a particular string of characters or words on the behalf of the NSA and FBI. Reuters notes that this is the first known case where a third party was scanning all incoming emails in real time on behalf of the government. This was not a situation where they were searching stored emails for a particular piece of content or targeted emails from those under suspicion of some sort of crime.

According to Reuters, this all happened last year, after Snowden's leaks, mind you, and Yahoo President Marissa Mayer and the company's legal team kept the order secret from the company's security team. There were consequences for such a decision:

The sources said the program was discovered by Yahoo's security team in May 2015, within weeks of its installation. The security team initially thought hackers had broken in.

When [Alex] Stamos found out that Mayer had authorized the program, he resigned as chief information security officer and told his subordinates that he had been left out of a decision that hurt users' security, the sources said. Due to a programming flaw, he told them hackers could have accessed the stored emails.

In case anybody had forgotten, remember that Yahoo just recently revealed that state-sponsored hackers had somehow gotten access to hundreds of millions of Yahoo accounts back in 2014. So Stamos kind of has a point there.

Read more from Reuters here. And bring on the end-to-end encryption! The kind without back doors. Oh, and this all is yet another reminder about how important it is that we have whistleblowers who aren't willing to just let this stuff go on without the public's knowledge.