Following the Snowden revelations about the US' secret surveillance programs courtesy of PRISM, the relation between technology companies and intelligence agencies has been under great scrutiny for the past few years, with many relevant questions regarding privacy and individual rights being raised. While many companies have publicly opposed, and legally challenged such requests, others have had to comply.
A recent Reuters report suggests that Yahoo may have been one such company, which, last year chose to comply with a request from the FBI (purportedly at the behest of the NSA) to search all incoming mail for specific information. This blanket search of million of Yahoo users' accounts for a 'selector' required the company to create custom software to search all incoming mail and subsequently resulted in the resignation of then Chief Information Security Officer Alex Stamos, Reuters' sources report.
The company received the request from the FBI in 2015 and CEO Marissa Mayer and General Counsel Ron Bell decided to comply with the demand without challenging it in a FISA court, a decision that many security experts and those within the company have lamented. It seems that Mayer's decision may have resulted from a lack of confidence in a legal appeal, especially given Yahoo's loss in a similar appeal in 2007. As a result, the executive contacted the company's engineers to write the custom software required to search all incoming mail for the specific string that the intelligence agencies were looking for and then store them for remote retrieval.
As the executives chose to bypass the company's own security team, the discovery of the program by Yahoo's own employees led to internal tension and apparently resulted in the departure of Stamos from the company, who has since joined Facebook as its top security expert.
While both Stamos and the NSA have refused to comment, Yahoo offered a simple statement: "Yahoo is a law abiding company, and complies with the laws of the United States."
While this may not be the first time that a tech company has complied with an intelligence request - it is known that phone companies already do - what makes this case so significant is that this is the first public instance of a US company complying with such a broad request and the fact that compliance required writing a special program, something Apple vehemently fought when asked to decrypt the San Bernadino killer's phone.
It is also unknown at this time whether other email providers were also given such a request, though experts claim that it is likely that the intelligence agencies did contact other providers as they were unsure as to which email provider their targets were using. Both Google and Microsoft have refused to comment on the story.
Update: Both Microsoft and Google have now responded to requests for comment. While Google categorically denied receiving such a request, Microsoft had the following statement:
We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo.