Technology

Yahoo says email scanning report is 'misleading'

Yahoo Image copyright EPA
Image caption Reuters reported that Yahoo had scanned all incoming emails to its users

Yahoo has downplayed a report that said it had scanned millions of its users' emails on behalf of the US government.

Reuters made the allegation on Tuesday, saying Yahoo had created special software to comply with a classified directive.

The tech firm said the article was "misleading" but did not explicitly deny that it had carried out such an order in the past.

Privacy rights campaigners have raised concerns about its alleged behaviour.

The EU's lead data regulator is also looking into the matter.

"The article is misleading," said Yahoo's statement.

"We narrowly interpret every government request for user data to minimise disclosure.

"The mail scanning described in the article does not exist on our systems."

Yahoo is in the process of selling its main business to Verizon Communications in a $4.8bn (£3.8bn) deal.

Some analysts have suggested the telecoms firm might seek to pay less in light of the news agency's article and an earlier revelation that about 500 million Yahoo accounts had been hacked in 2014.

'Law-abiding'

Reuters reported on Tuesday that three sources had told it that Yahoo had scanned all incoming emails for a string of characters on behalf of either the FBI or the National Security Agency (NSA).

Although Yahoo had previously challenged other requests for data, Reuters said it had decided to comply this time as it thought it would lose.

Image copyright Getty Images
Image caption Yahoo chief executive Marissa Mayer is in the process of selling the firm's core business to Verizon

The report said the firm had installed a program to carry out the task in early 2015, but Reuters was unclear about what information was actually handed over and did not say if the software was still in use.

The report appeared to contradict Yahoo's transparency report, which said that the US had requested data from tens of thousands of its members' accounts in 2015, rather than hundreds of millions.

Yahoo initially said only that it was a "law-abiding firm" that complied with US laws.

Other tech firms were more explicit.

"We've never received such a request, but if we did, our response would be simple: 'no way'," said Google.

Facebook said it had "never received a request like the one described in these news reports from any government and if we did we would fight it".

Microsoft added it had "never engaged in the secret scanning of email traffic".

And Twitter said: "We've never received a request like this and were we to receive it we'd challenge it in a court."

'Real-time surveillance'

Neither the NSA nor the US Department of Justice has commented on the claims.

But the office of Ireland's data protection commissioner said it was making enquiries.

"Any form of mass surveillance infringing on the fundamental privacy rights of EU citizens would be viewed as a matter of considerable concern," it said in a statement.

Internet rights campaigners also raised concerns.

"This is the first public indication that the government has compelled a US-based email provider - as opposed to an internet-backbone provider - to conduct surveillance against all its customers in real time," blogged the Electronic Frontiers Foundation.

"The story explains that Yahoo had to build new capabilities to comply with the government's demands, and that new code may have, itself, opened up new security vulnerabilities for Yahoo and its users.

"We read about new data breaches and attempts to compromise the security of internet-connected systems on a seemingly daily basis.

"Yet this story is another example of how the government continues to take actions that have serious potential for collateral effects on everyday users."

Amnesty International has also been critical.

"For a company to secretly search all incoming emails of all its customers in response to a broad government directive would be a blow to privacy and a serious threat to freedom of expression," said Sherif Elsayed-Ali, the organisation's head of technology and human rights.

He added that citizens should only trust services that provide end-to-end encryption, a technology that scrambles the contents of a message so that only its sender and intended recipient can return it to its original state.

Related Topics

More on this story

Related Internet links

The BBC is not responsible for the content of external Internet sites