Major Email Provider Scanned Customer Emails For FBI
Yahoo Inc last year secretly built a custom software program to search all of its customers' incoming emails for specific information provided by US intelligence officials, according to people familiar with the matter.
The company complied with a classified US government directive, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said two former employees and a third person apprised of the events.
Some surveillance experts said this represents the first case to surface of a US internet company agreeing to a spy agency's demand by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real time.
It is not known what information intelligence officials were looking for, only that they wanted Yahoo to search for a set of characters. That could mean a phrase in an email or an attachment, said the sources, who did not want to be identified.
Reuters was unable to determine what data Yahoo may have handed over, if any, and if intelligence officials had approached other email providers besides Yahoo with this kind of request.
According to the two former employees, Yahoo Chief Executive Marissa Mayer's decision to obey the directive roiled some senior executives and led to the June 2015 departure of Chief Information Security Officer Alex Stamos, who now holds the top security job at Facebook Inc.
"Yahoo is a law abiding company, and complies with the laws of the United States," the company said in a brief statement in response to Reuters questions about the demand. Yahoo declined any further comment.
Through a Facebook spokesman, Stamos declined a request for an interview.
The NSA referred questions to the Office of the Director of National Intelligence, which declined to comment.
The demand to search Yahoo Mail accounts came in the form of a classified directive sent to the company's legal team, according to the three people familiar with the matter.
US phone and internet companies are known to have handed over bulk customer data to intelligence agencies. But some former government officials and private surveillance experts said they had not previously seen either such a broad directive for real-time Web collection or one that required the creation of a new computer program.
"I've never seen that, a wiretap in real time on a 'selector,'" said Albert Gidari, a lawyer who represented phone and internet companies on surveillance issues for 20 years before moving to Stanford University this year. A selector refers to a type of search term used to zero in on specific information.
"It would be really difficult for a provider to do that," he added.
Reuters was unable to confirm whether the 2015 demand went to other companies, or if any complied.
Alphabet Inc's Google and Microsoft Corp, two major U.S. email service providers, did not respond to requests for comment.
Under laws including the 2008 amendments to the Foreign Intelligence Surveillance Act, intelligence agencies can ask U.S. phone and Internet companies to provide customer data to aid foreign intelligence-gathering efforts for a variety of reasons, including prevention of terrorist attacks.
Disclosures by former NSA contractor Edward Snowden and others have exposed the extent of electronic surveillance and led U.S. authorities to modestly scale back some of the programs, in part to protect privacy rights.
Companies including Yahoo have challenged some classified surveillance before the Foreign Intelligence Surveillance Court, a secret tribunal.
As tech companies become better at encrypting data, they are likely to face more such requests from spy agencies.