Popular Internet company Yahoo Inc collaborated with intelligence agencies in the United States to search through all the incoming emails of its customers for certain specified information, according to a Reuters report.
People who are familiar matter and speaking under condition of anonymity revealed the company had last year built a custom program in compliance with a request from the U.S. government. This tool was secretly used to scan through hundreds of millions of accounts belonging to Yahoo! Mail users.
It is not yet clear what information the American intelligence agencies were particularly interested in. Sources said Yahoo had simply been requested to scan for specific set of characters in emails and attachments. There is uncertainty over whether the Internet company has provided any information to intelligence officials and the nature of such data, if it has.
Three former employees of the company who spoke to Reuters said the request to scan through customers’ email accounts was sent as a classified edict to Yahoo’s legal team.
“Yahoo is a law abiding company, and complies with the laws of the United States,” the company told Reuters in a brief statement.
This is the first known case of an American Internet company acceding to a request by an intelligence agency to scan all of the incoming emails of customers or use purpose-built software to search for information, according to surveillance experts. The more common practice had been to search through stored messages or a small portion of total accounts.
The former Yahoo employees said Chief Executive Marissa Mayer had kept the government’s request to scan customer emails from some key members of the company’s security team. Former Chief Information Security Officer Alex Stamos did not know about the clandestine scan. He and his team reportedly only discovered the custom-built software when testing systems for vulnerabilities. It was even thought to have been installed by hackers.
Stamos, who now works on the security team of Facebook Inc., left his job at Yahoo after finding the email-scanning program had been installed by the company’s own software engineers.
It is not known if similar approach had been made by intelligence agencies to other web-based email providers. But experts said it was possible that similar demand had been made on some other Internet companies by the NSA or FBI since their targets could have been using other email services.
Two of America’s major email service providers Google and Microsoft Corp have denied ever being involved in similar scheme.
“We’ve never received such a request, but if we did, our response would be simple: ‘No way’,” a Google spokesman said in a statement.
It is hard to determine whether the requested information was needed by the FBI or NSA. Domestic surveillance requests by the latter agency are usually made through the former.
An ex-Yahoo executive who spoke to Business Insider said Mayer valued secrecy and did not give significant attention to security issues. She was afraid of cost implication and feared emphasis on security could cause a drop in Yahoo’s user base. Members of the security team were allegedly once told not to inform former CISO Justin Somaini about a particular hacking incident for fear this may be used as justification for increased funding for security.
U.S. intelligence agencies are empowered by federal laws, including the amendments made in 2008 to the Foreign Intelligence Surveillance Act, to request information that can aid intelligence gathering from phone and Internet companies operating in the country.