Yahoo Adapted Email-Scanning Spam Filter to Satisfy 'Secret Court Order' Related to Terrorist Hunt

[MacRumors]

Following a report yesterday that cited three former Yahoo employees who claimed the company built a program to scan every customer's email for specific information at the order of the United States government, new pieces of information have surfaced in a separate article from The New York Times. Specifically, anonymous sources close to the matter said that Yahoo built the program by adapting a filter meant to scan email inboxes for child pornography, malware, and basic spam content.

Yahoo was said to have done this in order to "satisfy a secret court order," created to require the company to search for content containing a specific computer signature related to online communications of an unspecified state-sponsored terrorist group. Two of the anonymous sources -- referred to as "government officials" -- mentioned the Justice Department received the order from a judge of the Foreign Intelligence Surveillance Court sometime last year, an order that Yahoo was "barred from disclosing" to the public.

Through its modifications to the spam filter program, Yahoo complied with the Justice Department's order and made available any email that contained the signature, but as of now that collection method "is no longer taking place." The order was described as "unusual" because it required the scanning of individual emails instead of user accounts as a whole, and was allegedly only given to Yahoo as other tech companies, including Apple, have said they never encountered such a demand.

In response to a request for comment, an Apple spokesperson told BuzzFeed News, "We have never received a request of this type. If we were to receive one, we would oppose it in court."

A Microsoft spokesperson said, "We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo."

A Google spokesperson told BuzzFeed News, "We've never received such a request, but if we did, our response would be simple: no way."

According to the sources, federal investigators learned last year that members of a foreign terrorist organization were communicating using Yahoo's email service, through a method that used a "highly unique" designator, or signature, in each communication. Although built to look for specific content, the modified program's far-reaching scanning of each user on the service brought about unrest in the user base when the original report came out yesterday. Yahoo's compliance is also being contrasted to Apple's obstinate response in its battle with the FBI earlier in the year.

After the news broke, Yahoo said that the Reuters story was "misleading" and that the email scanning outlined in the report "does not exist on our systems." Compounding the company's woes, last month Yahoo confirmed that "at least" 500 million user accounts were compromised during an attack in late 2014, leaking customer information like names, email addresses, telephone numbers, birthdates, hashed passwords, and both encrypted and unencrypted security questions and answers. In the midst of all of this, Yahoo's pending acquisition by Verizon could potentially face negative effects.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Article Link: Yahoo Adapted Email-Scanning Spam Filter to Satisfy 'Secret Court Order' Related to Terrorist Hunt

 

[thasan]

surely google, fb etc are doing the same then... since they cant 'discuss' it?

 

[Black Belt]

Sellouts to The Man

 

[merkinmuffley]

Keeping the Homeland strong, one email at a time.

 

[840quadra]

I have a hard time believing that the government hasn't approached Google, or Microsoft with such questions. I could see them not asking Apple, simply due to their overall lack of marketshare.

 

[ptb42]

It's unlikely they just scanned "inboxes". That could have been accomplished by scanning incoming mail with a network sniffer, and Yahoo's cooperation wasn't needed for that.

This was most likely to look in folders OTHER than the inbox, particularly the Drafts folder.

A well-known circumvention of incoming email sniffing is to use the same account: composing a message and saving it in the Drafts folder. The recipient logs into the same account and reads the draft message, replying to it or deleting it.

 

[Nunyabinez]

I actually believe that this was only directed at Yahoo!. Could you imagine the backlash that would come if it now came to light that Google had done this after they just said they have never been asked? Better to say nothing than be caught in a lie. If one of these companies had been approached the smart thing would be to say nothing.

 

[keysofanxiety]

It goes from bad to worse. Both hacked and spying government shills.

It's over, Yahoo!

 

[unlinked]

Not sure secret court orders are the best idea unless they have a fixed term limiting how long they are secret for.

 

[CrickettGrrrl]

I have a hard time believing the efficacy of this secret email filter, as Yahoo has been notoriously bad at filtering malware & spam. It must have been super porous.

I also have a hard time believing anybody who has their life or super secret plans on the line would even think of using Yahoo email in the first place. So wouldn't it be a really stupid terrorist gang?

 

[Sedulous]

If the supposed filter works as well as Yahoo's spam filter then the terrorists have nothing to worry about.

 

[sofila]

"Yahoo Adapted Email-Scanning Spam Filter to Satisfy 'Secret Court Order' Related to Terrorist Hunt"

Yes, and Santa Claus is my father

 

[DrewDaHilp1]

I actually believe that this was only directed at Yahoo!. Could you imagine the backlash that would come if it now came to light that Google had done this after they just said they have never been asked? Better to say nothing than be caught in a lie. If one of these companies had been approached the smart thing would be to say nothing.

Ever hear of this guy named Edward Snowden and a little thing called PRISM?

 

[i5pro]

Everyone should just assume that they(google, apple, msft, etc) are all doing the same thing, just not actually disclosing they are all cooperating for better or worse.

 

[coolfactor]

It goes from bad to worse. Both hacked and spying government shills.

It's over, Yahoo!

But most people won't care. Brand loyalty, or can't be bothered to change the email account.

 

[keysofanxiety]

But most people won't care. Brand loyalty, or can't be bothered to change the email account.

Probably the latter. Even when Yahoo was at its peak, I don't think anybody ever respected them. It was crap then too — it was just crap that everybody used.

 

[Robert.Walter]

So after rifling through everyon's private Communications, did they catch their suspect terrorist(s)?

Or did they, as in all the surveillance to date, get bupkis?

 

[69Mustang]

I have a hard time believing that the government hasn't approached Google, or Microsoft with such questions. I could see them not asking Apple, simply due to their overall lack of marketshare.

I don't understand the logic you're using. I hope you're not conflating phone marketshare with email client marketshare. There are several metrics showing the iPhone email client is the largest by a wide margin. To be fair, that could be a focus on mobile. To be even more fair, I didn't dig into how those metrics were obtained. Desktop and business client email may paint a different picture but I seriously doubt those would be the vector for terrorists. Regardless, you can't use phone marketshare as a reason for not asking Apple. It doesn't make sense.

Apple, Microsoft, and Google all state they haven't been approached with a request like this. Apple and Google were both pretty emphatic in their response. Hell no. Microsoft on the other hand, their response was a bit more vague and non-commital regarding their response if requested to do something similar.
"We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo." - Microsoft. If someone gave me a response like that, my first question would be "Well what kind of secret email scanning have you done?"

 

[usarioclave]

Email address list
isis_hr@yahoo.com
isis_support@yahoo.com
isis_tech@yahoo.com
isis_operations@yahoo.com
isis_singles@yahoo.com
isis_help@yahoo.com

Specific Signatures
Today the Iraq, Tomorrow the World!
Today is the first day of the Caliphate!
Islam is our co-pilot.
Caliphate starts with you!

 

[citysnaps]

I have a hard time believing that the government hasn't approached Google, or Microsoft with such questions. I could see them not asking Apple, simply due to their overall lack of marketshare.

Up until 2014 they didn't have to ask Google as gmail traffic between its data centers was transmitted without encryption and subject to easy bulk interception. For many many years. Astonishing Google was so lax.

 

[now i see it]

Actually I think it's better this way. Let's everyone know that email is not private at all and everything you type can be used against you.

That being the case.... Just use email accordingly.

 

[840quadra]

I don't understand the logic you're using. I hope you're not conflating phone marketshare with email client marketshare. There are several metrics showing the iPhone email client is the largest by a wide margin. To be fair, that could be a focus on mobile. To be even more fair, I didn't dig into how those metrics were obtained. Desktop and business client email may paint a different picture but I seriously doubt those would be the vector for terrorists. Regardless, you can't use phone marketshare as a reason for not asking Apple. It doesn't make sense.

Apple, Microsoft, and Google all state they haven't been approached with a request like this. Apple and Google were both pretty emphatic in their response. Hell no. Microsoft on the other hand, their response was a bit more vague and non-commital regarding their response if requested to do something similar.
"We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo." - Microsoft. If someone gave me a response like that, my first question would be "Well what kind of secret email scanning have you done?"

Installed versus used?

I doubt that the quantity of people using Apples services come close to being a rival for the big 3. I have no definitive metrics to give, so I will Yield to whatever metrics people care to look up. I agree that the Apple email client is used widely, however most people ( in my experience in it / marketing / personal life) retain their pre-existing email, being Yahoo!, Microsoft, aol, or google, and link mail to those.

Edit:::

I maybe understand it incorrectly, but the topic is email data which despite .me, .icloud, .mac, etc, I would imagine apple is much smaller than the others.

 

[Swift]

I guess I must be an enemy of freedom. The secrecy isn't great, but look. What was the greatest risk involved with Yahoo Mail? You were going to a very low-rent neighborhood of the Internet. The equivalent of a truck stop. Crummy design, intrusive ads eating up your bandwidth, crazy people trying to convince you of nonsense. Think of it as a neighborhood. How would you feel if some militants are being organized for violence in that neighborhood? If they develop evidence that they MIGHT be hiding child porn, cash for weapons, directions for bombs, and yes, child porn, such that a judge would grant a warrant. When did the Internet get to be outside of the real world? Not talking intrusive, but if the guy next door was torturing kids, what are his privacy rights worth in the scheme of things? How about a native ISIS cell? Neo-Nazis? Our police, in a democracy, do have a real job. I'm not saying I've worked out all these questions, but the Internet giveth and the Internet taketh away. If you're on the web you can see the world. And the world sees you.

 

[840quadra]

I guess I must be an enemy of freedom. The secrecy isn't great, but look. What was the greatest risk involved with Yahoo Mail? You were going to a very low-rent neighborhood of the Internet. The equivalent of a truck stop. Crummy design, intrusive ads eating up your bandwidth, crazy people trying to convince you of nonsense. Think of it as a neighborhood. How would you feel if some militants are being organized for violence in that neighborhood? If they develop evidence that they MIGHT be hiding child porn, cash for weapons, directions for bombs, and yes, child porn, such that a judge would grant a warrant. When did the Internet get to be outside of the real world? Not talking intrusive, but if the guy next door was torturing kids, what are his privacy rights worth in the scheme of things? How about a native ISIS cell? Neo-Nazis? Our police, in a democracy, do have a real job. I'm not saying I've worked out all these questions, but the Internet giveth and the Internet taketh away. If you're on the web you can see the world. And the world sees you.

Email itself is Sticky, many people with Yahoo addresses come from a time before Google's popularity. I try not to make character judgments based on whatever domain they email me from.

Child porn? That has commonly been the trump card used to take away, or limit the privacy of people who have absolute detest, and nothing to do with such a vile activity. Fear mongering of terroristic activity is slowly replacing it as the new ultimate argument against privacy.

 

[69650]

surely google, fb etc are doing the same then... since they cant 'discuss' it?

Yes they probably are. Yahoo is not at fault here, the US government should not be allowed to make such outrageous requests in the first place.