According to Reuters, Yahoo provided US intelligence officials access to all of its customers incoming emails last year. The publication's sources claim that the company had to comply with a classified request from the government, which allowed the National Security Agency and FBI to scan "hundreds of millions" of Yahoo Mail accounts.
To do so, Yahoo secretly built a custom software that officials could use to search emails for specific information, although it's not known what exactly they were looking for. As Reuters notes, based on comments from surveillance experts, this marks the first time that an American internet firm has agreed to meet the demands from a US spy agency en mass.
Even if it was handed a classified directive, Yahoo seems to have opened the floodgates to the NSA and FBI, rather than offer access to clear-cut materials -- like stored messages or specific accounts. And that could set a bad precedent. Since the Edward Snowden leaks, the relationship between tech companies and the US government has been rocky, with the likes of Apple, Google and Microsoft fighting hard to keep people's private information secure.
Per today's report, the decision to adhere to this request falls on CEO Marissa Mayer, and was apparently the reason Chief Security Officer Alex Stamos left Yahoo in 2015. The news comes only days after The New York Times published a story claiming that Yahoo downplayed security for years, hot on the heels of that massive 2014 breach the company took two years to make public.
We've reached out to Yahoo for comment and will update our story as soon as we hear back.
Update: In a statement sent to Engadget, a Yahoo spokesperson said, "Yahoo is a law abiding company, and complies with the laws of the United States." Nothing else beyond that. Meanwhile, Snowden's taken to Twitter to share his thoughts about the situation.
I wonder how the candidates feel about Yahoo spying on every single customer's emails for NSA/FBI. Will they defend this shameful practice?— Edward Snowden (@Snowden) October 4, 2016
Update 2: In responses sent to The Information, Google said it has never received such a request and would respond "no way" if it did, while Microsoft's statement reads, "We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo." On the other hand, Twitter said that it was prohibited by federal law from answering. (Update: In a statement to New York Times reporter Mike Isaac, Twitter clearly stated the following: "We've never received a request like this, and were we to receive it we'd challenge it in court.")
Separately, in a statement provided to Engadget, Amnesty International Head of Technology Sherif Elsayed-Ali said, "If true, this news will greatly undermine trust in the internet. He added, "For a company to secretly search all incoming emails of all its customers in response to a broad government directive would be a blow to privacy and a serious threat to freedom of expression."
Update 3: Nearly a day after the story broke, a Yahoo spokesperson sent another statement to Engadget, claiming that the Reuters article isn't accurate. "The article is misleading," it reads. "We narrowly interpret every government request for user data to minimize disclosure. The mail scanning described in the article does not exist on our systems."