NYT: Yahoo reworked its malware scanner for email surveillance

Email providers can scan for matching signatures to known malware, child porn... or something else.

Following a Reuters report that in 2015 Yahoo scanned customer emails for US surveillance, the New York Times has followed up with details from anonymous sources of its own. Although Yahoo responded a day later claiming the initial report was "misleading," the NYT sourced unnamed government officials claiming the company modified a system used to scan all incoming email for malware that stored matching messages and made them available to the FBI.

In this version of the events, Yahoo was responding to a court order under section 702 of the Foreign Intelligence Surveillance Act (FISA) that governs the PRISM program exposed by Edward Snowden's leaks. Although it's unclear exactly what they were looking for, the court order targeted code believed to be used "uniquely" by a foreign terrorist organization.

Reuters has followed up with another report of its own covering similar details. Citing unnamed former Yahoo employees, it says security staff disabled the program when they found it, and it had not been re-enabled before former top security officer Alex Stamos left the company for Facebook last year. It also noted a statement from Senator Ron Wyden, expressing concern that the NSA may have expanded its targeting under Section 702 from email addresses and other identifiers to other content without notifying the public.

Yahoo declined to provide further details on the program or what details of the initial report were misleading, but between these revelations and news of a massive 2014 security breach, this probably isn't over yet.