Yahoo, ACLU press US feds to disclose email snooping orders, surveillance laws

Yahoo came under fire after scanning millions of customer emails on behalf of the police and now wants these orders made public.
Written by Charlie Osborne, Contributing Writer

Yahoo has asked the US Director of National Intelligence James Clapper to declassify a surveillance demand the company received which resulted in a special program being set up to monitor customer emails for certain keywords.

The program, which operated in early 2015, forced Yahoo to build a tool which automatically scanned Yahoo Mail user messages for key words and phrases -- a general order from either the NSA or FBI, rather than a targeted spying mission on particular users.

According to Reuters sources, Yahoo ran the software secretly before the firm's engineers and security teams discovered the tool. Believing that the software was the work of external cyberattackers, they took the software down.

This secret data collection and Yahoo CEO Marissa Mayer's decision not to appeal the order have thrown the company into a quagmire of criticism, of which Yahoo is unable to respond "in detail" due to the order, according to a letter sent by Yahoo general counsel Ron Bell to Clapper, which has now been posted online.

The letter (.PDF), revealed on Wednesday, asks Clapper to release the Yahoo order from classified status. The request reads:

"We urge your office to consider the following actions to provide clarity on the matter; (i) to confirm if such an order, as described in these media reports, was issued; (ii) declassify in whole or in part such order, if it exists; and (iii) make a sufficiently detailed public and contextual comment to clarify the alleged facts and circumstances."

Yahoo previously called Reuter's report "misleading" and denied the email scanning tool was present on the company's systems, but declined to comment further. If Clapper agrees to Yahoo's request, however, the tech giant will be at greater liberty to explain itself.

The letter comes as Yahoo deals with the aftermath of revelations concerning a security breach which took place in 2014, leading to the theft of at least 500 million user accounts.

See also: Yahoo Mail doesn't want you to leave, disables auto-email forwarding

With the impending sale of Yahoo to Verizon for $4.8 billion and both the data breach and the exposure of the US government's order hanging over its head, Yahoo chose not to conduct the traditional investor relations call after the firm's Q3 2016 earnings.

Separately, the American Civil Liberties Union (ACLU) has filed a motion (.PDF) in the US Foreign Intelligence Surveillance Court asking judges not only to release Yahoo's spying order, but over 20 additional rulings made over the last 10 years.

These rulings, based on the court's opinion, affect everything from how the US government uses malware, bulk data collection, and the constant battle between technology firms and law enforcement when it comes to encryption standards and how far vendors must go to assist the police in accessing mobile devices. As these court opinions are secret, there is no right of appeal and they are kept out of the public arena -- despite their far-reaching implications.

In a post-Snowden era, it seems that tolerance for such practices and a lack of transparency is wearing thin.

Top tips to stay safe on public Wi-Fi networks

Editorial standards