Media report that Yahoo scanned millions of emails at the behest of US intelligence. The spying occurred in 2015, according to the news agency Reuters.
In 2015, Yahoo built a program to search customers' emails for phrases, numbers and characters provided by intelligence officials, according to Reuters. Three former Yahoo employees and another unidentified person told the news agency that the spying could involve hundreds of millions of email accounts.
Yahoo did not deny Tuesday's report. The company "complies with the laws of the United States," according to a statement.
The sources said some employees protested the fact that CEO Marissa Mayer and general counsel Ron Bell did not involve the company's security team in the process. Instead, Reuters reported, Yahoo asked email engineers to write a program to siphon off messages containing the character string the spies sought and store them for remote retrieval.
Yahoo's security team discovered the program in May 2015. Employees initially thought hackers broke in, Reuters reported.
The spying created a rift between CEO Mayer and head of security Alex Stamos, who said hackers could have exploited the emails. Stamos left for Facebook in June 2015.
"It is deeply disappointing that Yahoo declined to challenge this sweeping surveillance order, because customers are counting on technology companies to stand up to novel spying demands in court," said Patrick Toomey, of the American Civil Liberties Union.
Nothing is private
The FBI did not immediately respond to requests for comment. The NSA, too, declined to respond to the report. Reuters could not determine what data Yahoo might have handed over, if any, and whether intelligence officials had approached other email providers with this kind of request.
Under the 2008 amendments to the Foreign Intelligence Surveillance Act (FISA), intelligence agencies can ask US telephone and internet companies to provide customer data to aid espionage efforts for a variety of reasons, including preventing terrorist attacks. US telephone and internet companies have previously handed over bulk customer data to intelligence agencies.
NSA contractor Edward Snowden's 2013 disclosure of US surveillance led authorities to scale back some of the programs, in part to protect privacy rights. However, as tech companies become better at encrypting data, they will likely face more such requests. In an email, former NSA General Counsel Stewart Baker told Reuters that email providers "have the power to encrypt it all, and with that comes added responsibility to do some of the work that had been done by the intelligence agencies."
mkg/bw (Reuters, AP)