Yahoo’s CISO resigned in 2015 over secret e-mail search tool ordered by feds

From ArsTechnica:

According to a new report by Reuters citing anonymous former employees, in 2015, Yahoo covertly built a secret “custom software program to search all of its customers’ incoming emails for specific information.”

Reuters noted that Yahoo “complied with a classified US government directive, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said two former employees and a third person apprised of the events.” It is not clear what data, if any, was handed over.

Presuming that the report is correct, it would represent essentially the digital equivalent of a general warrant—which is forbidden by the Fourth Amendment, as Electronic Frontier Foundation lawyer Andrew Crocker noted on Twitter.

The Fourth Amendment implications are staggering. Yahoo as agent of government scans all email, devoid of probable cause, particularity, etc

— Andrew Crocker (@agcrocker) October 4, 2016

This seems to be the first known case of an American Internet company acting on behalf of the government to search messages in near real time—previous operations captured stored data or intercepted only a handful of target accounts.

As Reuters also reported, Yahoo’s then-Chief Information Security Officer, Alex Stamos, resigned in protest once he found out about the secret program. Stamos now works at Facebook.

Yahoo did not immediately respond to Ars’ request for comment.

UPDATE 5:11pm: Kaitlin Kikalo, a Yahoo spokeswoman, sent Ars the same statement that the …

Continue Reading