Re­ported Ya­hoo email scan­ning re­vives surveil­lance con­cerns

Kuwait Times - - TECHNOLOGY -

Ya­hoo’s re­ported will­ing­ness to search user email to as­sist US govern­ment in­ves­ti­ga­tors has re­vived con­cerns about cour­tap­proved surveil­lance pro­grams that com­pa­nies aren’t al­lowed to dis­close to the peo­ple us­ing their ser­vices.

Last year, Ya­hoo mod­i­fied an ex­ist­ing ver­sion of its email se­cu­rity pro­gram to flag the ap­pear­ance of a dig­i­tal “sig­na­ture” the US had linked to a for­eign ter­ror­ist group backed by an­other govern­ment, ac­cord­ing to a re­port pub­lished Wed­nes­day by The New York Times. Copies of any in­com­ing email con­tain­ing the sig­na­ture were stored in Ya­hoo’s sys­tem and made avail­able to the FBI.

The Times quoted an un­named govern­ment of­fi­cial, fol­low­ing up an ear­lier Reuters story that had re­vealed Ya­hoo’s email scan­ning ac­tiv­ity without spec­i­fy­ing what kind of in­for­ma­tion the govern­ment sought.

Seen through a prism

The rev­e­la­tions have con­jured mem­o­ries of a data-col­lec­tion pro­gram set up by the Na­tional Se­cu­rity Agency and ma­jor in­ter­net com­pa­nies a few years ago un­der other court or­ders is­sued in se­cret. That pro­gram, called “Prism,” only be­came pub­lic knowl­edge in 2013 after for­mer NSA con­trac­tor Ed­ward Snow­den leaked slides re­veal­ing that the govern­ment had been au­tho­rized to grab emails, videos and pic­tures stored by Google, Ya­hoo and Face­book, among other com­pa­nies.

As with Prism, the US govern­ment ap­pears to have de­manded Ya­hoo’s co­op­er­a­tion in an ef­fort to sniff out ter­ror­ist threats and pro­tect pub­lic safety. The govern­ment said Prism tar­geted the spe­cific on­line ac­counts of for­eign­ers.

The Ya­hoo hunt may have cut a much broader swath, scan­ning through hun­dreds of mil­lions of in­com­ing emails in search of the sig­na­ture used by the for­eign ter­ror­ist group, said Kurt Op­sahl, gen­eral coun­sel for the Elec­tronic Frontier Foun­da­tion, a dig­i­tal rights group. He likened it to the govern­ment get­ting a court or­der to ri­fle through the doc­u­ments stored in mil­lions of homes in search of a par­tic­u­lar piece of in­for­ma­tion.

Big com­puter is watch­ing you

“This is a trou­bling vi­sion of the fu­ture where there might be mas­sive govern­ment surveil­lance done with com­put­ers,” Op­sahl said. “The govern­ment may well say they were only tar­get­ing a string of char­ac­ters used by a for­eigner, but it just so hap­pened that hun­dreds of mil­lions of in­no­cent peo­ple also had their emails ex­am­ined too.”

Pa­trick Toomey, a staff at­tor­ney with the Amer­i­can Civil Lib­er­ties Union, said in a state­ment that the govern­ment or­der ap­pears to be “un­prece­dented and un­con­sti­tu­tional.”

Odia Ka­gan, a Philadel­phia-based data pri­vacy at­tor­ney, said that it’s im­pos­si­ble to judge the le­gal­ity of the govern­ment’s re­quest, be­cause the facts sur­round­ing it re­main murky.

The Jus­tice De­part­ment didn’t im­me­di­ately re­spond to a re­quest for com­ment late Wed­nes­day. Bulk col­lec­tion of data isn’t al­lowed and the govern­ment can­not in­dis­crim­i­nately re­view the emails or phone calls of or­di­nary peo­ple, Richard Kolko, deputy di­rec­tor of pub­lic af­fairs for the Of­fice of the Di­rec­tor of Na­tional In­tel­li­gence, said in a state­ment. The US govern­ment can gather in­for­ma­tion about non-US cit­i­zens un­der the For­eign In­tel­li­gence and Surveil­lance Act, but those pow­ers are sup­posed to be nar­rowly fo­cused, Kolko said.

Ya­hoo hasn’t ex­plained what it did un­der the govern­ment or­der. It called Reuters’ orig­i­nal story “mis­lead­ing,” but de­clined to com­ment on the Times’ dis­clo­sure about the govern­ment’s quest for the dig­i­tal sig­na­ture.

Gag­ging on se­crecy

The com­pany prob­a­bly wishes it could say more, but can’t be­cause of a court or­der for­bid­ding the com­pany from dis­cussing the surveil- lance, Op­sahl said.Google and Mi­crosoft have is­sued state­ments dis­avow­ing any in­volve­ment in a govern­ment-or­dered surveil­lance pro­gram sim­i­lar to Ya­hoo’s. While com­pa­nies have a duty to abide by the law, they also have a duty to pro­tect the pri­vacy of their users, Ka­gan said. The trick is to bal­ance those two things. And some­times that means putting up a fight when it comes to govern­ment re­quests, even if they ul­ti­mately lose, in or­der to pre­serve their users’ trust in them. Not long ago, Ya­hoo also re­sisted govern­ment de­mands. The Sun­ny­vale, Cal­i­for­nia, com­pany ini­tially chal­lenged the pro­gram that be­came Prism in a bat­tle dat­ing back to 2007, de­spite threats of be­ing fined $250,000 per day if it didn’t com­ply.

Ya­hoo was un­der dif­fer­ent man­age­ment then. It has been run by a for­mer Google ex­ec­u­tive, Marissa Mayer, for the past four years. “The big take­away is that that we re­ally don’t know what is go­ing on be­tween any of th­ese com­pa­nies and the govern­ment,” said For­rester Re­search pri­vacy an­a­lyst Fate­meh Khat­i­bloo. “It sort of a shad­owy world threat­en­ing our Fourth Amend­ment rights” pro­tect­ing against un­rea­son­able search and seizures.

More trou­ble for Ya­hoo

The news is just the lat­est email bomb­shell for Ya­hoo, which was al­ready reel­ing from its re­cent ad­mis­sion that com­puter hack­ers swiped per­sonal in­for­ma­tion from at least 500 mil­lion of its ac­counts. That at­tack is be­lieved to be the big­gest dig­i­tal break-in ever suf­fered by an email provider.

This week’s rev­e­la­tions could also af­fect Ya­hoo’s op­er­a­tions in Europe, Ka­gan said. User data there is pro­tected by a data pri­vacy agree­ment struck this sum­mer be­tween the US and EU reg­u­la­tors known as the Pri­vacy Shield.

Ya­hoo is also in the process of sell­ing its on­line op­er­a­tions to Ver­i­zon for $4.8 bil­lion. Ver­i­zon so far has had no com­ment on the email-scan­ning re­ports. —AP

Newspapers in English

Newspapers from Kuwait

© PressReader. All rights reserved.