If you have been using Yahoo Mail for over a year, your emails have been available to more eyes than you might think. Yahoo has scanned all incoming emails since 2015 for a U.S. intelligence agency.
Email scans are not new, nor are they typically used for malicious purposes. Since 2013, the Sunnyvale-based internet company has been scanning email traffic for spam, malware, and child pornography. While some critics initially balked at this, most users were content with the change.
However, many more critics are reaching for their pitchforks after hearing the news this month: Reuters revealed that Yahoo secretly scanned customer emails on behalf of the FBI for over a year. This is the first case of a U.S. company complying with an intelligence agency’s request to scan all arriving messages.
This raises two questions: what did the FBI want, and why did Yahoo comply?
Since the FBI makes information requests on behalf of the NSA, it is unclear which intelligence branch requested surveillance. Furthermore, the exact nature of what the intelligence agency was looking for is unknown, and Yahoo is forbidden from giving any specifics. Yahoo officials only commented that the data collection is not currently ongoing.
A reasonable assumption is that the scans were made to identify potential terrorist threats. According to the New York Times, Yahoo searched emails for a certain digital signature — one that is allegedly unique to an undisclosed foreign terrorist organization. However, the scale of this surveillance is disproportionate to usual procedure. Surveillance for terrorists is usually limited to targeted individuals. Yahoo scanned all incoming emails.
Yahoo officials have characterized news reports as “misleading”, but did not deny that they complied with FBI demands. Yahoo will have a difficult time reconciling this compliance with their purported respect for customer privacy.
In the broader discussion of digital privacy, this surveillance raises some concerns. Compare the scans that started in 2013 with these recent scans: Yahoo was transparent in its implementation of new scanning systems, and they explained what the purpose of the scans were. The recent scans were done in secret, and for nebulous purposes. It is likely that not everyone in the organization was happy with this choice. It would explain the exodus of employees from Yahoo last year. Reporters now speculate that many employees left in order to protest the invasion of privacy of Yahoo customers.
Our expectation of privacy is rapidly changing. As whistleblower Edward Snowden said, “a child born today will grow up with no concept of privacy at all”. Consider the ways in which our behavior is studied without our consent: Search engines track users. Many smartphone owners are savvy to the fact that nearly everything they do on a smartphone can be snooped on. Service providers are not transparent about data retention policies. Even data collected by health apps can be sold to the highest bidder. Consumers seem to have little say in what information about them is shared or saved. For now, those who are interested in maintaining their digital privacy are deleting their Yahoo Mail accounts.
Consumers should continue to hold companies to higher standards in regards to privacy and digital rights. It was only half a year ago that the FBI demanded that Apple create a security bypass for the iPhone. Apple refused, and the corporation was commended for its commitment to privacy. Most other big tech companies can’t be applauded for their track records on privacy.
To keep up with the latest news on digital privacy, follow advocacy groups like the Electronic Privacy Information Center.