Keen on your online security? Value your privacy? Don’t want Government agents reading your communications when you’ve not done anything wrong? Use Yahoo Mail? Oh dear!
If you are a user of Yahoo Mail, it seems the company has not been protecting your privacy as well as some of their rivals. An exclusive report by the news agency Reuters has revealed that last year the company built a programme which searched all incoming mail to all of its accounts for information provided by the US Intelligence Agencies.
The report, which will horrify many Yahoo Mail users, suggest that they took this step at the request of either the National Security Agency or the FBI. It makes Yahoo the first of the big US online companies to agree to search all incoming data for the intelligence agencies rather than the accounts of individual suspects.
The decision to obey the intelligence agency request came from the very top with two former Yahoo employees telling Reuters that it was the decision of Chief Executive Marissa Mayer herself.
It is thought that the company was issued with a classified directive from the US Government and it is possible that the legal advice given to the CEO of the ailing company may have been to follow it. Yahoo’s General Counsel Ron Bell seems to have signed off on the programme.
One team that was not consulted at any point seems to have been Yahoo’s Information Security team. According to a report in the Register, they discovered the programme by accident and initially thought they had been hacked.
They found significant vulnerabilities in the software which would have opened up Yahoo’s email accounts to any hacker who have found them. It is thought that the programme was the reason behind the resignation of Yahoo’s former Chief Information Security Officer Alex Stamos.
Reuters reported that he told his team that he had been left out of a decision which adversely affected the security of Yahoo’s users. He has since moved to Facebook as their Chief of Security.
It is not clear whether this vulnerability was successfully fixed or whether the revelation last month that more than 500 million Yahoo email accounts had been compromised by hackers, in what the company described as “a state-sponsored attack”.
It is also not clear whether the programme remains in place or not. But one thing is for sure, the latest big of bad news comes at a bad time for Yahoo, who are in the process of trying to sell their core business to Verizon for a fee of $4.8bn.
Commenting on the story, Patrick Toomey of the American Civil Liberties Union said the directive issued to Yahoo “appears to be unprecedented and unconstitutional”. He went on to say “It is deeply disappointing that Yahoo declined to challenge this sweeping surveillance order because customers are counting on technology companies to stand up to novel spying demands [like this]”.
Campaigners have said there are at least two grounds on which Yahoo could have opposed the order; the breadth of the directive and the fact that they would have to write a special programme to carry it out.
At the time of writing, the only comment from Yahoo has been to say “Yahoo is a law abiding company.” Google, on the other hand, has put out a statement saying that their response to such a request would have been “No Way.” Microsoft said “”We have never engaged in the secret scanning of email traffic like [this]”.
It is of course down to individual users whether they want to stick with Yahoo Mail after the revelation that their provider has breached their trust and privacy in such a way. In the wake of the recent hack as well, it seems likely that the number of Yahoo Mail users will decline rapidly in the coming weeks and months. And they will have no one to blame but themselves.
It just goes to show that even the biggest of online companies cannot always be trusted to protect their user’s privacy, and the important of users taking steps to protect themselves, such as being sure to use a VPN and other encrypted communications tools has never been more important. Being selective about your providers now also seems to be important too.