Yahoo compromised the security and privacy of hundreds of millions of users and all the people they communicate with by installing a secret software program that searched all incoming emails at the request of US intelligence officials.
Signing this petition will ensure that we are able to stay in touch with you at your non-Yahoo address about this and other issues that affect your security and digital rights.
Share this Tweet this Donate $5
Yahoo was just revealed to be the very first US internet company to build a program, at the request of US Intelligence Services, to search every single incoming message of every single user in real time.
There have been conflicting reports about exactly what kind of program was installed, with initial reports stating it was probably just a modified version of Yahoo’s existing scanning system that searches all incoming email for malware, spam and images of child pornography. But sources have since told Motherboard that the program was more like a “rootkit.”
Rootkits generally allow an attacker—or in this case the government—to take complete control over a computer or network in a manner that is difficult to detect. This also suggests that the government had much greater access to Yahoo's data than was previously reported. A rootkit could grant total surveillance capability over all data coming into or out of Yahoo's servers.
This is an absolutely unprecedented privacy violation. Surveillance experts and former government officials are saying they have never seen such a broad demand for real-time digital surveillance, nevermind one that calls for the creation of a new computer program. This program, essentially a wire-tap on the web, is beyond the scope of any of the already overreaching surveillance laws currently on the books.
“The order issued to Yahoo appears to be unprecedented and unconstitutional. The government appears to have compelled Yahoo to conduct precisely the type of general, suspicionless search that the Fourth Amendment was intended to prohibit,” said ACLU Staff Attorney Patrick Toomey.
Communication giants Microsoft, Twitter, Google, Facebook, and Apple have all rushed to put out statements assuring users that they had not received or complied with similar directives, some going so far as to say that if they had they would challenge it in court. Apple pointed to a recent statement by CEO Tim Cook, which reads, “I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will.”
Meanwhile, Yahoo issued a statement that does not outright deny that the program existed, nor address the myriad of privacy and security concerns that have been raised.
Even former Yahoo Chief Information Security Officer, Alex Stamos, is appalled by the program. When he found out about it in 2015 he immediately resigned his position, telling coworkers that he had been excluded from the decision to implement the program. He also cited flaws that seriously endangered the security of user data and left the program vulnerable to hackers.
Yahoo is a sinking ship. This is not the first security problem Yahoo has struggled with. Just last month it was revealed that over 500 million (and possibly many many millions more) Yahoo user accounts were compromised by “state sponsored actors.” This hack was almost certainly a result of Yahoo consistently refusing to invest in the necessary and standard security practices adopted by their competitors after a massive hack six years ago, to which Yahoo also fell victim.
And their security is not going to get any better. Yahoo was recently sold to Verizon for 4.8 billion dollars. Telecom companies including Verizon have been colluding with the NSA for years to gather information on billions of people worldwide, as Edward Snowden’s 2013 revelations have shown. Beyond handing your data to a prying NSA, Verizon also notoriously created an innovative way to track your online habits on both your phone and on your non-Verizon devices like personal laptops. They then sell your information to marketers. The Verizon-Yahoo merger is going to compound the security issues these two companies have created, resulting in a service where your communication becomes nothing more than a piece of data to be rifled through by the government and sold to the highest bidder.
Other inquiries: firstname.lastname@example.org