SUBSCRIBE TO OUR FREE NEWSLETTER
Daily news & progressive opinion—funded by the people, not the corporations—delivered straight to your inbox.
5
#000000
#FFFFFF
5
#000000
#FFFFFF
Yahoo May Have Let the Government Spy on Emails. Now Will We Embrace Encryption?
Not only would this likely violate the fourth amendment; giving the NSA or the FBI a backdoor into a tech company’s innards could let hackers in too
Oct 05, 2016
In a blockbuster scoop, Reuters' Joseph Menn is reporting that Yahoo secretly built a software program in 2015 that scanned all its millions of customers' incoming emails at the behest of US intelligence officials, which led to its chief security officer resigning in protest.
We don't know exactly what the US government might have been searching for, but we do know that this is potentially a huge privacy violation that strikes at the heart of the fourth amendment's prohibition on indiscriminate search and seizure. Yahoo's reported secret collaboration with the US government also brings up several points that warrant further investigation. ("Yahoo is a law abiding company, and complies with the laws of the United States," the company said in a statement to Reuters.)
"We don't know exactly what the US government might have been searching for, but we do know that this is potentially a huge privacy violation that strikes at the heart of the fourth amendment's prohibition on indiscriminate search and seizure."
Much of the discussion about Edward Snowden's 2013 revelations has focused on the NSA's mass phone spying program that the courts later ruled illegal. But many people forget that the New York Times also reported, in 2013, based on previously published Snowden documents, that the NSA had been scanning countless emails going into and out of the US for years, looking for certain keywords.
This Yahoo story seems to be an escalation of this type of "about" or "upstream" surveillance, which was once done by the NSA by secretly wiretapping internet cables owned by AT&T and others. Since many email companies have started encrypting their emails in transit since that story came out, the NSA probably can't do that type of surveillance unilaterally (or with the help of AT&T) anymore. The US government now seems to be moving to force internet companies to do this type of mass surveillance for them, on the companies' servers, where the data remains accessible.
Civil liberties groups have been calling this type of "about" mass surveillance - in which the government scans all emails for certain keywords - illegal and unconstitutional for years. But so far, no court has ruled definitively one way or another (mainly because the US has been hiding behind official secrecy to prevent it).
Now the question reporters should be asking is: if Yahoo received this secret order, what about the other tech giants? Did Google, Facebook and Microsoft receive similar demands to wiretap their own systems for searching all emails at the behest of the US government or others?
The Yahoo story, if borne out, would be the quintessential example of how government-mandated backdoors are dangerous for everyone's security, and why end-to-end encryption needs to be standard on all our communications platforms.
Incredibly, Yahoo apparently built this backdoor into its email system without even telling its then security chief, Alex Stamos. "The sources said the program was discovered by Yahoo's security team in May 2015, within weeks of its installation," Menn reported. "The security team initially thought hackers had broken in."
Stamos was reportedly furious and resigned in protest. "Due to a programming flaw [in the software], he told [Yahoo executives] hackers could have accessed the stored emails," Menn explained. Security experts have been highlighting for years how backdoors not only give access to the "good guys" but also could let other criminals or foreign governments into our communications systems.
This is exactly the type of mass surveillance that end-to-end encryption would prevent. Currently, Yahoo emails are encrypted as they travel from one server to another, but can be read by Yahoo at the company's discretion.
Stamos is now the director of security at Facebook, which coincidentally just rolled out end-to-end encryption on its popular Facebook Messenger app, which is used by more than 900 million people around the world. Unfortunately, much like Google's just launched (and much maligned) new chat program Allo, Facebook Messenger's end-to-end encryption is opt-in, and so only a tiny fraction of users are likely to turn it on.
This type of encryption should be standard and turned on by default in all messaging apps (and ideally email as well). Users should consider switching to apps where default end-to-end encryption is already turned on, including WhatsApp, Signal and Apple's iMessage.
Finally, Yahoo's possible betrayal of its users is another example of why whistleblowers and leaks to the press are so important. The US government considers this type of surveillance "legal" even though it shocks the conscience of many ordinary Americans and dozens of civil liberties groups have been attempting to have courts rule it illegal for years. The only reason we know about it is because brave people came forward at the risk of their freedom to tell us. For that, we owe them a great debt.
An Urgent Message From Our Co-Founder
Dear Common Dreams reader, It’s been nearly 30 years since I co-founded Common Dreams with my late wife, Lina Newhouser. We had the radical notion that journalism should serve the public good, not corporate profits. It was clear to us from the outset what it would take to build such a project. No paid advertisements. No corporate sponsors. No millionaire publisher telling us what to think or do. Many people said we wouldn't last a year, but we proved those doubters wrong. Together with a tremendous team of journalists and dedicated staff, we built an independent media outlet free from the constraints of profits and corporate control. Our mission has always been simple: To inform. To inspire. To ignite change for the common good. Building Common Dreams was not easy. Our survival was never guaranteed. When you take on the most powerful forces—Wall Street greed, fossil fuel industry destruction, Big Tech lobbyists, and uber-rich oligarchs who have spent billions upon billions rigging the economy and democracy in their favor—the only bulwark you have is supporters who believe in your work. But here’s the urgent message from me today. It's never been this bad out there. And it's never been this hard to keep us going. At the very moment Common Dreams is most needed, the threats we face are intensifying. We need your support now more than ever. We don't accept corporate advertising and never will. We don't have a paywall because we don't think people should be blocked from critical news based on their ability to pay. Everything we do is funded by the donations of readers like you. When everyone does the little they can afford, we are strong. But if that support retreats or dries up, so do we. Will you donate now to make sure Common Dreams not only survives but thrives? —Craig Brown, Co-founder |
© 2023 The Guardian
Trevor Timm
Trevor Timm is a co-founder and the executive director of the Freedom of the Press Foundation. He is a writer, activist, and legal analyst who specializes in free speech and government transparency issues. He writes a weekly column for The Guardian and has also contributed to The Atlantic, Al Jazeera, Foreign Policy, Harvard Law and Policy Review, PBS MediaShift, and Politico.
In a blockbuster scoop, Reuters' Joseph Menn is reporting that Yahoo secretly built a software program in 2015 that scanned all its millions of customers' incoming emails at the behest of US intelligence officials, which led to its chief security officer resigning in protest.
We don't know exactly what the US government might have been searching for, but we do know that this is potentially a huge privacy violation that strikes at the heart of the fourth amendment's prohibition on indiscriminate search and seizure. Yahoo's reported secret collaboration with the US government also brings up several points that warrant further investigation. ("Yahoo is a law abiding company, and complies with the laws of the United States," the company said in a statement to Reuters.)
"We don't know exactly what the US government might have been searching for, but we do know that this is potentially a huge privacy violation that strikes at the heart of the fourth amendment's prohibition on indiscriminate search and seizure."
Much of the discussion about Edward Snowden's 2013 revelations has focused on the NSA's mass phone spying program that the courts later ruled illegal. But many people forget that the New York Times also reported, in 2013, based on previously published Snowden documents, that the NSA had been scanning countless emails going into and out of the US for years, looking for certain keywords.
This Yahoo story seems to be an escalation of this type of "about" or "upstream" surveillance, which was once done by the NSA by secretly wiretapping internet cables owned by AT&T and others. Since many email companies have started encrypting their emails in transit since that story came out, the NSA probably can't do that type of surveillance unilaterally (or with the help of AT&T) anymore. The US government now seems to be moving to force internet companies to do this type of mass surveillance for them, on the companies' servers, where the data remains accessible.
Civil liberties groups have been calling this type of "about" mass surveillance - in which the government scans all emails for certain keywords - illegal and unconstitutional for years. But so far, no court has ruled definitively one way or another (mainly because the US has been hiding behind official secrecy to prevent it).
Now the question reporters should be asking is: if Yahoo received this secret order, what about the other tech giants? Did Google, Facebook and Microsoft receive similar demands to wiretap their own systems for searching all emails at the behest of the US government or others?
The Yahoo story, if borne out, would be the quintessential example of how government-mandated backdoors are dangerous for everyone's security, and why end-to-end encryption needs to be standard on all our communications platforms.
Incredibly, Yahoo apparently built this backdoor into its email system without even telling its then security chief, Alex Stamos. "The sources said the program was discovered by Yahoo's security team in May 2015, within weeks of its installation," Menn reported. "The security team initially thought hackers had broken in."
Stamos was reportedly furious and resigned in protest. "Due to a programming flaw [in the software], he told [Yahoo executives] hackers could have accessed the stored emails," Menn explained. Security experts have been highlighting for years how backdoors not only give access to the "good guys" but also could let other criminals or foreign governments into our communications systems.
This is exactly the type of mass surveillance that end-to-end encryption would prevent. Currently, Yahoo emails are encrypted as they travel from one server to another, but can be read by Yahoo at the company's discretion.
Stamos is now the director of security at Facebook, which coincidentally just rolled out end-to-end encryption on its popular Facebook Messenger app, which is used by more than 900 million people around the world. Unfortunately, much like Google's just launched (and much maligned) new chat program Allo, Facebook Messenger's end-to-end encryption is opt-in, and so only a tiny fraction of users are likely to turn it on.
This type of encryption should be standard and turned on by default in all messaging apps (and ideally email as well). Users should consider switching to apps where default end-to-end encryption is already turned on, including WhatsApp, Signal and Apple's iMessage.
Finally, Yahoo's possible betrayal of its users is another example of why whistleblowers and leaks to the press are so important. The US government considers this type of surveillance "legal" even though it shocks the conscience of many ordinary Americans and dozens of civil liberties groups have been attempting to have courts rule it illegal for years. The only reason we know about it is because brave people came forward at the risk of their freedom to tell us. For that, we owe them a great debt.
Trevor Timm
Trevor Timm is a co-founder and the executive director of the Freedom of the Press Foundation. He is a writer, activist, and legal analyst who specializes in free speech and government transparency issues. He writes a weekly column for The Guardian and has also contributed to The Atlantic, Al Jazeera, Foreign Policy, Harvard Law and Policy Review, PBS MediaShift, and Politico.
In a blockbuster scoop, Reuters' Joseph Menn is reporting that Yahoo secretly built a software program in 2015 that scanned all its millions of customers' incoming emails at the behest of US intelligence officials, which led to its chief security officer resigning in protest.
We don't know exactly what the US government might have been searching for, but we do know that this is potentially a huge privacy violation that strikes at the heart of the fourth amendment's prohibition on indiscriminate search and seizure. Yahoo's reported secret collaboration with the US government also brings up several points that warrant further investigation. ("Yahoo is a law abiding company, and complies with the laws of the United States," the company said in a statement to Reuters.)
"We don't know exactly what the US government might have been searching for, but we do know that this is potentially a huge privacy violation that strikes at the heart of the fourth amendment's prohibition on indiscriminate search and seizure."
Much of the discussion about Edward Snowden's 2013 revelations has focused on the NSA's mass phone spying program that the courts later ruled illegal. But many people forget that the New York Times also reported, in 2013, based on previously published Snowden documents, that the NSA had been scanning countless emails going into and out of the US for years, looking for certain keywords.
This Yahoo story seems to be an escalation of this type of "about" or "upstream" surveillance, which was once done by the NSA by secretly wiretapping internet cables owned by AT&T and others. Since many email companies have started encrypting their emails in transit since that story came out, the NSA probably can't do that type of surveillance unilaterally (or with the help of AT&T) anymore. The US government now seems to be moving to force internet companies to do this type of mass surveillance for them, on the companies' servers, where the data remains accessible.
Civil liberties groups have been calling this type of "about" mass surveillance - in which the government scans all emails for certain keywords - illegal and unconstitutional for years. But so far, no court has ruled definitively one way or another (mainly because the US has been hiding behind official secrecy to prevent it).
Now the question reporters should be asking is: if Yahoo received this secret order, what about the other tech giants? Did Google, Facebook and Microsoft receive similar demands to wiretap their own systems for searching all emails at the behest of the US government or others?
The Yahoo story, if borne out, would be the quintessential example of how government-mandated backdoors are dangerous for everyone's security, and why end-to-end encryption needs to be standard on all our communications platforms.
Incredibly, Yahoo apparently built this backdoor into its email system without even telling its then security chief, Alex Stamos. "The sources said the program was discovered by Yahoo's security team in May 2015, within weeks of its installation," Menn reported. "The security team initially thought hackers had broken in."
Stamos was reportedly furious and resigned in protest. "Due to a programming flaw [in the software], he told [Yahoo executives] hackers could have accessed the stored emails," Menn explained. Security experts have been highlighting for years how backdoors not only give access to the "good guys" but also could let other criminals or foreign governments into our communications systems.
This is exactly the type of mass surveillance that end-to-end encryption would prevent. Currently, Yahoo emails are encrypted as they travel from one server to another, but can be read by Yahoo at the company's discretion.
Stamos is now the director of security at Facebook, which coincidentally just rolled out end-to-end encryption on its popular Facebook Messenger app, which is used by more than 900 million people around the world. Unfortunately, much like Google's just launched (and much maligned) new chat program Allo, Facebook Messenger's end-to-end encryption is opt-in, and so only a tiny fraction of users are likely to turn it on.
This type of encryption should be standard and turned on by default in all messaging apps (and ideally email as well). Users should consider switching to apps where default end-to-end encryption is already turned on, including WhatsApp, Signal and Apple's iMessage.
Finally, Yahoo's possible betrayal of its users is another example of why whistleblowers and leaks to the press are so important. The US government considers this type of surveillance "legal" even though it shocks the conscience of many ordinary Americans and dozens of civil liberties groups have been attempting to have courts rule it illegal for years. The only reason we know about it is because brave people came forward at the risk of their freedom to tell us. For that, we owe them a great debt.
We've had enough. The 1% own and operate the corporate media. They are doing everything they can to defend the status quo, squash dissent and protect the wealthy and the powerful. The Common Dreams media model is different. We cover the news that matters to the 99%. Our mission? To inform. To inspire. To ignite change for the common good. How? Nonprofit. Independent. Reader-supported. Free to read. Free to republish. Free to share. With no advertising. No paywalls. No selling of your data. Thousands of small donations fund our newsroom and allow us to continue publishing. Can you chip in? We can't do it without you. Thank you.