News article written by Corbett Communications. The statements made or opinions expressed do not necessarily reflect the views of Engineers Australia.
As if the recent revelation that hackers had allegedly stolen the data of 500,000 of Yahoo’s users in 2014 wasn’t enough to raise eyebrows, it has been revealed that the worldwide email platform secretly scanned millions of its users email accounts in 2015 on behalf of the US government.
Telecommunications giant Verizon Communications is in the process of acquiring Yahoo for US$4.83 billion and has asked for a $ 1 billion discount, according to The New York Post. Its execs must be scratching their heads at the decision made some time ago to buy the email giant as more about its actions come to light. Verizon said it only became aware of the 2014 data breach two days after the agreement with Yahoo, dated 23 July, was signed and announced. And the public was informed not long after.
Democratic senators in the US are pressuring Yahoo to reveal who knew what and when about the data breach. A letter to chief exec Marissa Mayer from the six politicians said the hack was “unacceptable” which Yahoo had said it had only uncovered a few months ago, according to BBC News. Mayer has been asked for a timeline of the hacking and how such a huge breach of its system went undetected for two years.
Another senator has called on the US Securities and Exchange Commission to investigate whether Yahoo and its senior executives have fulfilled their obligations to their investors and the public in relation to the data breach.
If that wasn’t enough hot water to heat up the Yahoo boardroom, in the latest revelation about the email platform, news agency Reuters said Yahoo had been scanning of all its emails as requested via an unusual and secret court order by the FBI. This was according to three sources, two of whom are ex-Yahoo employees. A system designed to scan emails for child pornography, spam and malware was customised by Yahoo to comply with the court order that required it to search for messages in incoming email traffic. The search included a computer signature tied to communications of a state-sponsored terrorist organisation, The New York Times reported. The order was unusual as it involved systematic scanning of all Yahoo users’ emails rather than individual accounts.
“There is no engineering limitation preventing technology companies from using their spam and child pornography filtering systems to search email traffic for other sorts of digital signatures,” The New York Times quoted Professor Hany Farid as saying. Farid, of the computer science department at Dartmouth College in the US, helped develop the child pornography scanning system with Microsoft.
Former cyber intelligence developer and whistle-blower Edward Snowden, has detailed to what extent the US is involved in internet surveillance and commented on Twitter about the Yahoo revelations: “"Use @Yahoo? They secretly scanned everything you ever wrote ... close your account today."
Yahoo complied with the secret court order, leaving senior employees upset by the decision, which allegedly led to the departure of chief information security officer Alex Stamos for Facebook in June 2015. Other digital behemoths such as Facebook, Google and Microsoft have said they have not been contacted by the FBI to conduct surveillance or provide data. But if Yahoo was gagged by the secret court order how do we know that is true?
Author: Desi Corbett
Image: Glen Greenwald with Edward Snowden with journalist Glen Greenwald in the Oscar-winning documentary Citizen Four.