IOPList.Org
Yahoo secretly scanned customer emails for U.S. intelligence: sources - Printable Version

+- IOPList.Org (https://www.ioplist.org)
+-- Forum: Off Topic (https://www.ioplist.org/forumdisplay.php?fid=25)
+--- Forum: World News (https://www.ioplist.org/forumdisplay.php?fid=27)
+--- Thread: Yahoo secretly scanned customer emails for U.S. intelligence: sources (/showthread.php?tid=2681)



Yahoo secretly scanned customer emails for U.S. intelligence: sources - Linville - 10-05-2016

So I guess we know who hacked into the yahoo emails and anything else it wanted....
wow, changing passwords , does it matter, not really when it is the g ov 

why would verizon go thru with the merger takeover of yahoo , at this point. tainted and money better spent elsewhere ....

==============

Exclusive - Yahoo secretly scanned customer emails for U.S. intelligence: sources



By Joseph Menn

SAN FRANCISCO (Reuters) - Yahoo Inc last year secretly built a custom software program to search all of its customers' incoming emails for specific information provided by U.S. intelligence officials, according to people familiar with the matter.

The company complied with a classified U.S. government demand, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said three former employees and a fourth person apprised of the events.

Some surveillance experts said this represents the first case to surface of a U.S. Internet company agreeing to an intelligence agency's request by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real time.

It is not known what information intelligence officials were looking for, only that they wanted Yahoo to search for a set of characters. That could mean a phrase in an email or an attachment, said the sources, who did not want to be identified.

Reuters was unable to determine what data Yahoo may have handed over, if any, and if intelligence officials had approached other email providers besides Yahoo with this kind of request.

According to two of the former employees, Yahoo Chief Executive Marissa Mayer's decision to obey the directive roiled some senior executives and led to the June 2015 departure of Chief Information Security Officer Alex Stamos, who now holds the top security job at Facebook Inc .

"Yahoo is a law abiding company, and complies with the laws of the United States," the company said in a brief statement in response to Reuters questions about the demand. Yahoo declined any further comment.

Through a Facebook spokesman, Stamos declined a request for an interview.
The NSA referred questions to the Office of the Director of National Intelligence, which declined to comment.

The request to search Yahoo Mail accounts came in the form of a classified edict sent to the company's legal team, according to the three people familiar with the matter.

U.S. phone and Internet companies are known to have handed over bulk customer data to intelligence agencies. But some former government officials and private surveillance experts said they had not previously seen either such a broad demand for real-time Web collection or one that required the creation of a new computer program.

"I've never seen that, a wiretap in real time on a 'selector,'" said Albert Gidari, a lawyer who represented phone and Internet companies on surveillance issues for 20 years before moving to Stanford University this year. A selector refers to a type of search term used to zero in on specific information.

"It would be really difficult for a provider to do that," he added.

Experts said it was likely that the NSA or FBI had approached other Internet companies with the same demand, since they evidently did not know what email accounts were being used by the target. 

The NSA usually makes requests for domestic surveillance through the FBI, so it is hard to know which agency is seeking the information.

Alphabet Inc's Google and Microsoft Corp , two major U.S. email service providers, separately said on Tuesday that they had not conducted such email searches.

"We've never received such a request, but if we did, our response would be simple: 'No way'," a spokesman for Google said in a statement.

A Microsoft spokesperson said in a statement, "We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo." The company declined to comment on whether it had received such a request.

CHALLENGING THE NSA

Under laws including the 2008 amendments to the Foreign Intelligence Surveillance Act, intelligence agencies can ask U.S. phone and Internet companies to provide customer data to aid foreign intelligence-gathering efforts for a variety of reasons, including prevention of terrorist attacks.
Disclosures by former NSA contractor Edward Snowden and others have exposed the extent of electronic surveillance and led U.S. authorities to modestly scale back some of the programs, in part to protect privacy rights.

Companies including Yahoo have challenged some classified surveillance before the Foreign Intelligence Surveillance Court, a secret tribunal.
Read More

Some FISA experts said Yahoo could have tried to fight last year's demand on at least two grounds: the breadth of the directive and the necessity of writing a special program to search all customers' emails in transit.
Apple Inc made a similar argument earlier this year when it refused to create a special program to break into an encrypted iPhone used in the 2015 San Bernardino massacre. The FBI dropped the case after it unlocked the phone with the help of a third party, so no precedent was set.


"It is deeply disappointing that Yahoo declined to challenge this sweeping surveillance order, because customers are counting on technology companies to stand up to novel spying demands in court," Patrick Toomey, an attorney with the American Civil Liberties Union, said in a statement.


Some FISA experts defended Yahoo's decision to comply, saying nothing prohibited the surveillance court from ordering a search for a specific term instead of a specific account. So-called "upstream" bulk collection from phone carriers based on content was found to be legal, they said, and the same logic could apply to Web companies' mail.


As tech companies become better at encrypting data, they are likely to face more such requests from spy agencies.


Former NSA General Counsel Stewart Baker said email providers "have the power to encrypt it all, and with that comes added responsibility to do some of the work that had been done by the intelligence agencies."


SECRET SIPHONING PROGRAM
Mayer and other executives ultimately decided to comply with the directive last year rather than fight it, in part because they thought they would lose, said the people familiar with the matter.


Yahoo in 2007 had fought a FISA demand that it conduct searches on specific email accounts without a court-approved warrant. Details of the case remain sealed, but a partially redacted published opinion showed Yahoo's challenge was unsuccessful.


Some Yahoo employees were upset about the decision not to contest the more recent edict and thought the company could have prevailed, the sources said.


They were also upset that Mayer and Yahoo General Counsel Ron Bell did not involve the company's security team in the process, instead asking Yahoo's email engineers to write a program to siphon off messages containing the character string the spies sought and store them for remote retrieval, according to the sources.


The sources said the program was discovered by Yahoo's security team in May 2015, within weeks of its installation. The security team initially thought hackers had broken in.
When Stamos found out that Mayer had authorized the program, he resigned as chief information security officer and told his subordinates that he had been left out of a decision that hurt users' security, the sources said. Due to a programming flaw, he told them hackers could have accessed the stored emails.


Stamos's announcement in June 2015 that he had joined Facebook did not mention any problems with Yahoo. (http://bit.ly/2dL003k)


In a separate incident, Yahoo last month said "state-sponsored" hackers had gained access to 500 million customer accounts in 2014. The revelations have brought new scrutiny to Yahoo's security practices as the company tries to complete a deal to sell its core business to Verizon Communications Inc for $4.8 billion.
(Reporting by Joseph Menn; Editing by Jonathan Weber and Tiffany Wu)



RE: Yahoo secretly scanned customer emails for U.S. intelligence: sources - Charon - 10-05-2016

I just had that ready to post, linville. great minds think alike.

unreal. then, in the article i had, google says: oh my, we would never do that. But, we know google goes thru everything.


RE: Yahoo secretly scanned customer emails for U.S. intelligence: sources - Linville - 10-05-2016

Yes indeed Charon.....     Wink


RE: Yahoo secretly scanned customer emails for U.S. intelligence: sources - Grandote - 10-05-2016

I don't trust any of them, least of all our govt. Thats why everyone should learn pgp. Its easy after you download it and use it once or twice. Just put the message on the clipboard, click encrypt or decrypt and enter your password. It does all the heavy lifting for you.

Then use those email services and the only thing they can read is the subject line of your message. Use tor or a vpn and they don't know where you are, but cookies will give away some info. Use tor or vpn to register and they know nothing.

Its really sad the way our govt has intruded itself into every aspect of our lives and spies on us constantly. If you question them they say its to stop terrorists or they say its for the children. Yeah right.


RE: Yahoo secretly scanned customer emails for U.S. intelligence: sources - Raven - 10-06-2016

(10-05-2016, 02:29 PM)Grandote Wrote: I don't trust any of them, least of all our govt. Thats why everyone should learn pgp. Its easy after you download it and use it once or twice. Just put the message on the clipboard, click encrypt or decrypt and enter your password. It does all the heavy lifting for you.

Then use those email services and the only thing they can read is the subject line of your message. Use tor or a vpn and they don't know where you are, but cookies will give away some info. Use tor or vpn to register and they know nothing.

Its really sad the way our govt has intruded itself into every aspect of our lives and spies on us constantly. If you question them they say its to stop terrorists or they say its for the children. Yeah right.
Grandote:

Do you have a link you could either post or send me by PM regarding pgp? I am definitely interested in learning a way to easily use email encryption. I have a yahoo.com email addy used for some sensitive stuff. Too late to do anything about that since this scanning hack has been in place since 2014.

I'm tempted to dump my yahoo email and change to gmail, but I'm sure the snoops have open access to Google as well.

Raven


RE: Yahoo secretly scanned customer emails for U.S. intelligence: sources - G.Elias - 10-06-2016

Search Gpg4win,you should be able to find it quite easily,prob tutorials on how to use it as well,not too hard to use really.


RE: Yahoo secretly scanned customer emails for U.S. intelligence: sources - barq2 - 10-06-2016

(10-06-2016, 01:00 AM)Raven Wrote: I'm tempted to dump my yahoo email and change to gmail, but I'm sure the snoops have open access to Google as well.

Yahoo were one of the last major companies to start encrypting by default. Google are now encrypting their data as it flows between their data centres on their own fiber optic cables, because they are so convinced it is being snooped on. Of course that doesn't change that their whole business model depends on spying/watching your behaviour and selling advertising based upon that.

If you are going to use a regular email account then Gmail is easy to use and well featured. You can switch on 2 factor authentication as well. But without Grandote's advice on PGP, you have to accept that anything you send is essentially public. Email was never designed to be secure, that's simply not how email servers work. So this goes beyond a Yahoo/Google problem and really becomes a general email problem, hence PGP.


RE: Yahoo secretly scanned customer emails for U.S. intelligence: sources - Grandote - 10-06-2016

Yeah, gpg4win is what I use. They also have a mac version so don't despair, you mackies. Kleopatra is another version of the pgp front end but its not as easy to use as gpg4win just google it or duckduckgo it.


RE: Yahoo secretly scanned customer emails for U.S. intelligence: sources - Linville - 10-07-2016

I do need to look into those pGP, yes it does go way beyond.....

use startpage dot com

or duckduckgo dot com

those two do not log what you search like goo goo does

thanks guys additional layers mean something.


[video=youtube]http:/https://www.youtube.com/watch?v=m56dsDc2808[/video]

[video=youtube]http:/https://www.youtube.com/watch?v=yXm0dtYFxZk[/video]


RE: Yahoo secretly scanned customer emails for U.S. intelligence: sources - Linville - 10-18-2016

Yeah ...if "they" want to see, they will, I figure.