The latest Yahoo revelations once again raise the question: Who reads all our digital communication?
Former Yahoo employees claim that the internet giant has been monitoring hundreds of millions of customer mails. Yahoo apparently received a classified directive from a national intelligence agency demanding that incoming customer mails be scanned in real time. The former employees stated that the directive was sent by either the NSA or the FBI.
The first reported case of this kind
To comply with the request, Yahoo built a special software program that has been in use since April, reports the "Washington Post" newspaper. The software searches for a specific character string. This is probably the first time the industry has confirmed a nationwide screening and monitoring of information in real time performed by a provider itself and not a US authority. Until now, authorities have regularly viewed information saved in individual email boxes or have monitored mailboxes. The fact that a program was developed for the US government adds a new dimension to surveillance methods. In response to questions, Yahoo merely stated, "Yahoo is a law abiding company and complies with the laws of the United States."
Requests from different US authorities
In its 2015 transparency report, Yahoo did not disclose its cooperation with any US intelligence agencies. The corporation listed the requests filed by different US authorities that demanded the surveillance of specific email accounts. According to this list, over 39,000 accounts were affected.
"Since [Edward] Snowden we've known that US corporations pass on information. The Yahoo case sounds similar," said the German internet policy activist Markus Beckedahl in an interview with DW. "Google and the other providers deny such procedures as it has in the past but it is questionable whether it is true."
Google, Microsoft and Apple distance themselves
In June 2013, whistleblower Edward Snowden reported that the US monitoring service had wide-ranging access to information from internet companies. Once again, companies repeatedly stressed that there is no general access and that they only release information if ordered by a court. Other internet giants like Microsoft, Google and Twitter quickly distanced themselves and maintained that they never complied with intelligence demands.
A Google spokesperson said, "We've never received such a request, but if we did, our response would be simple: 'no way.'" Apple told the "Washington Post" that the company was never asked to develop surveillance software. "We have never received a request of this type. If we were to receive one, we would oppose it in court," said an Apple employee. Microsoft also claimed that the company never secretly scanned email traffic.
In February of this year, Apple refused to unlock a phone used by the gunman in the San Bernardino shooting. In order to get around the phone's lock mechanism, Apple explained that it would have to develop new software. Nonetheless, Beckedahl sees similarities in the two cases and believes that the Yahoo allegations can be applied to all US providers.
Protection from email surveillance
Yet how can users evade this kind of surveillance? Beckedahl, a journalist who works for Netpolitik.org, a German blog on digital rights and digital culture, says he is not aware of real time monitoring in Germany. "There are actually monitoring interfaces called SINA boxes (short for secure inter-network architecture) that providers set up for Germany's Federal Intelligence Service (BND). "SINA is hardware and software architecture that was developed by the German Federal Office for Information (BSI) to process sensitive data in non-secure networks. It is supposed to protect communication between businesses and authorities. "Users have no influence on what is stored there and what is not," said Beckedahl. The new BND law apparently allows the surveillance of all internet connections and even the retention of data will be extended to six months instead of the current three.
German mail providers such as Mailbox.org or posteo.de are safe alternatives to US rivals, said the Internet policy blogger. They offer strong encryption, are ad-free and subject to German data protection laws. "German providers may be protected better by our laws but they cannot prevent their customers from being monitored by French or British intelligence agencies." The only reliable protection from secret surveillance is still email encryption, as email content cannot be read by authorities.