Yahoo spied on “hundreds of millions” of email accounts on behalf of US spy agencies

Web services provider Yahoo has been secretly scanning the emails of all its users on behalf of the US government, according to a report by Reuters Tuesday. According to the news agency, Yahoo executives received a secret directive in May 2015 requiring the web company to craft a “custom” wire-tapping program with the intent “to search… hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency [NSA] or FBI.”

“This represents the first case to surface of a US Internet company agreeing to an intelligence agency’s request by searching all arriving messages,” the report continues, noting previous instances of service providers agreeing to scan certain accounts on a limited scale.

According to the Reuters account, US intelligence officials supplied Yahoo with “a set of characters” to search for in each incoming communication. “That could mean a phrase in an email or an attachment,” the report states. Reuters did not say what phrases or content the government had been searching for, or whether similar directives had been issued to other internet companies. The Reuters story further reveals the near-seamless collusion of the major web service providers and telecommunications companies with the US intelligence agencies as they conduct mass surveillance of the population.

The revelation of mass data collection lays waste to US officials’ claims to be respecting US citizens’ Fourth Amendment rights. “It’s really staggering in its breadth and seems to go beyond the NSA programs we have known about for awhile,” said Andrew Crocker, chief attorney of the Electronic Freedom Foundation to USA Today of the revelations. “It’s hard to even anticipate what kind of arguments the government could make for the constitutionality or legality of this program,” he said.

The wire-tapping led to the June 2015 resignation of the company’s chief information security officer, Alex Stamos, whose security team had discovered the program and initially believed it to be the work of hackers.

Yahoo responded feebly to the reports of mass spying, stating, “Yahoo is a law abiding company, and complies with the laws of the United States.” On Wednesday, the company declared that the Reuters story had been “misleading” and “the mail scanning described in the article does not exist on our systems.”

The latest revelation of complicity in the US’s surveillance programs against the population has placed Yahoo’s viability as a brand in question. Last week, the company revealed that nearly 500 million email users had their accounts compromised by hackers, which has led to the company’s security protocol being examined by the Federal Bureau of Investigation (FBI). In addition, Yahoo’s $4.8 billion sell-off of its web media division to telecommunications firm Verizon has been placed in question due to the latest revelation.

While other internet corporations released press statements denying any complicity in similar surveillance practices, a report in the Intercept noted that, rather than being attributed to US officials, the Yahoo story had been sourced to former employees of the company itself. This raised “the possibility that similar orders have been issued to other major service providers,” though the latter have not come forward yet. Similarly, Joseph Lorenzo Hall of the Center for Democracy and Technology in Washington, DC told USA Today that he “would be surprised if other large email providers were not also targeted.”

The report Tuesday is not the first time Yahoo and other service providers have been found to be in collusion with US government spying.

The June 2013 revelations of NSA whistleblower Edward Snowden showed that internet companies such as Yahoo, Google, Apple, Microsoft, Skype, YouTube and others had long been complicit in the US government’s PRISM program. Under PRISM, the US government has the ability to record and store all web-based data hosted by the selected companies. According to the NSA at the time, nearly 91 percent of data collected online by the intelligence agency came by way of the PRISM program.

An October 2014 report by the Intercept revealed that the NSA and the Central Security Service (CSS) had struck secret contractual agreements with “specific named US commercial entities to conduct SIGINT [signals intelligence] enabling programs and operations” on private communications.

The latest revelation also exposes the fraud of the misnamed USA Freedom Act, enacted by the Obama administration in June 2015 in an effort to head off popular anger at the NSA spying programs. Billed at the time as having “sharply curtailed” US surveillance, the USA Freedom Act merely placed the task of mass data collection into the hands of private corporations working in close collaboration with the US government, while laying the groundwork for an ever-expanding surveillance of the population.

According to the Guardian, “[T]his Yahoo story seems to be an escalation of this type of… ‘upstream’ surveillance, which was once done by the NSA by secretly wiretapping internet cables.” The comment continues, “[S]ince many email companies have started encrypting their emails… The US government now seems to be moving to force internet companies to do this type of mass surveillance for them, on the companies’ servers, where the data remains accessible.”