Four former Yahoo employees have alleged that Yahoo allowed United States Intelligence bodies to create custom software which was used to covertly search customer emails.

The four employees who wished to remain anonymous told Reuters that in 2015 Yahoo complied with requests from both the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI) to scan all emails for a set of characters. What those characters are exactly is unknown.

Should these allegations be found to have merit, it would represent the first time that a US based internet firm allowed an intelligence agency to conduct surveillance of messages in real-time.

What usually happens is that an intelligence agency would approach a firm and submit a request for information. This is either challenged or complied with (should the relevant processes have been followed) and the outcome is recorded as part of a transparency report.

Between January and July 2015 – the period in which Yahoo allowed this surveillance to be implemented – the firm reported that data from 21 000 – 21 499 user accounts had been requested, a far cry from the millions of accounts that may have been scanned as part of this programme.

Why comply?

While its not easy for a big tech firm to stand up to big intelligence agencies, it isn’t impossible. That having been said, it seems as if Yahoo assumed this was a fight it wouldn’t win according to the four former employees.

In 2008 Yahoo opposed joining the NSA’s PRISM programme which led to threats of a $250 000 fine every day it did not comply. Yahoo did eventually comply.

According to the anonymous sources, Yahoo chief executive officer, Marissa Mayer felt that this fight was another it would lose and as such tasked email engineers with creating the code which would separate emails containing the characters the NSA and FBI were looking for and store them for retrieval later.

This decision was the apparently the reason chief information officer, Alex Stamos left the firm last year. The sources claim that Stamos said the decision hurt user security and a programming flaw left the separated emails vulnerable to attack.

This information is the second shocking Yahoo revelation to come out in as many months. In September it was revealed that data from at least 500 million user accounts had been stolen by hackers.

[Source – Reuters]
Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.