Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
65,262
33,543



Following a report yesterday that cited three former Yahoo employees who claimed the company built a program to scan every customer's email for specific information at the order of the United States government, new pieces of information have surfaced in a separate article from The New York Times. Specifically, anonymous sources close to the matter said that Yahoo built the program by adapting a filter meant to scan email inboxes for child pornography, malware, and basic spam content.

Yahoo was said to have done this in order to "satisfy a secret court order," created to require the company to search for content containing a specific computer signature related to online communications of an unspecified state-sponsored terrorist group. Two of the anonymous sources -- referred to as "government officials" -- mentioned the Justice Department received the order from a judge of the Foreign Intelligence Surveillance Court sometime last year, an order that Yahoo was "barred from disclosing" to the public.

yahoo.jpg

Through its modifications to the spam filter program, Yahoo complied with the Justice Department's order and made available any email that contained the signature, but as of now that collection method "is no longer taking place." The order was described as "unusual" because it required the scanning of individual emails instead of user accounts as a whole, and was allegedly only given to Yahoo as other tech companies, including Apple, have said they never encountered such a demand.
In response to a request for comment, an Apple spokesperson told BuzzFeed News, "We have never received a request of this type. If we were to receive one, we would oppose it in court."

A Microsoft spokesperson said, "We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo."

A Google spokesperson told BuzzFeed News, "We've never received such a request, but if we did, our response would be simple: no way."
According to the sources, federal investigators learned last year that members of a foreign terrorist organization were communicating using Yahoo's email service, through a method that used a "highly unique" designator, or signature, in each communication. Although built to look for specific content, the modified program's far-reaching scanning of each user on the service brought about unrest in the user base when the original report came out yesterday. Yahoo's compliance is also being contrasted to Apple's obstinate response in its battle with the FBI earlier in the year.

After the news broke, Yahoo said that the Reuters story was "misleading" and that the email scanning outlined in the report "does not exist on our systems." Compounding the company's woes, last month Yahoo confirmed that "at least" 500 million user accounts were compromised during an attack in late 2014, leaking customer information like names, email addresses, telephone numbers, birthdates, hashed passwords, and both encrypted and unencrypted security questions and answers. In the midst of all of this, Yahoo's pending acquisition by Verizon could potentially face negative effects.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Article Link: Yahoo Adapted Email-Scanning Spam Filter to Satisfy 'Secret Court Order' Related to Terrorist Hunt
 

ptb42

macrumors 6502a
Oct 14, 2011
703
184
It's unlikely they just scanned "inboxes". That could have been accomplished by scanning incoming mail with a network sniffer, and Yahoo's cooperation wasn't needed for that.

This was most likely to look in folders OTHER than the inbox, particularly the Drafts folder.

A well-known circumvention of incoming email sniffing is to use the same account: composing a message and saving it in the Drafts folder. The recipient logs into the same account and reads the draft message, replying to it or deleting it.
 
Last edited:

Nunyabinez

macrumors 68000
Apr 27, 2010
1,758
2,230
Provo, UT
I actually believe that this was only directed at Yahoo!. Could you imagine the backlash that would come if it now came to light that Google had done this after they just said they have never been asked? Better to say nothing than be caught in a lie. If one of these companies had been approached the smart thing would be to say nothing.
 

CrickettGrrrl

macrumors 6502a
Feb 10, 2012
985
274
B'more or Less
I have a hard time believing the efficacy of this secret email filter, as Yahoo has been notoriously bad at filtering malware & spam. :rolleyes: It must have been super porous.

I also have a hard time believing anybody who has their life or super secret plans on the line would even think of using Yahoo email in the first place. So wouldn't it be a really stupid terrorist gang?
 

sofila

macrumors 65816
Jan 19, 2006
1,144
1,329
Ramtop Mountains
"Yahoo Adapted Email-Scanning Spam Filter to Satisfy 'Secret Court Order' Related to Terrorist Hunt"

Yes, and Santa Claus is my father
 

DrewDaHilp1

macrumors 6502a
Mar 29, 2009
604
11,794
All Your Memes Are Belong to US
I actually believe that this was only directed at Yahoo!. Could you imagine the backlash that would come if it now came to light that Google had done this after they just said they have never been asked? Better to say nothing than be caught in a lie. If one of these companies had been approached the smart thing would be to say nothing.

Ever hear of this guy named Edward Snowden and a little thing called PRISM?
 
  • Like
Reactions: OttawaGuy and 69650

i5pro

macrumors regular
Jun 17, 2010
165
234
NNJ
Everyone should just assume that they(google, apple, msft, etc) are all doing the same thing, just not actually disclosing they are all cooperating for better or worse.
 
  • Like
Reactions: OttawaGuy and 69650

keysofanxiety

macrumors G3
Nov 23, 2011
9,539
25,302
But most people won't care. Brand loyalty, or can't be bothered to change the email account.

Probably the latter. Even when Yahoo was at its peak, I don't think anybody ever respected them. It was crap then too — it was just crap that everybody used. :D
 

Robert.Walter

macrumors 68040
Jul 10, 2012
3,191
4,594
So after rifling through everyon's private Communications, did they catch their suspect terrorist(s)?

Or did they, as in all the surveillance to date, get bupkis?
 

69Mustang

macrumors 604
Jan 7, 2014
7,895
15,045
In between a rock and a hard place
I have a hard time believing that the government hasn't approached Google, or Microsoft with such questions. I could see them not asking Apple, simply due to their overall lack of marketshare.
I don't understand the logic you're using. I hope you're not conflating phone marketshare with email client marketshare. There are several metrics showing the iPhone email client is the largest by a wide margin. To be fair, that could be a focus on mobile. To be even more fair, I didn't dig into how those metrics were obtained. Desktop and business client email may paint a different picture but I seriously doubt those would be the vector for terrorists. Regardless, you can't use phone marketshare as a reason for not asking Apple. It doesn't make sense.

Apple, Microsoft, and Google all state they haven't been approached with a request like this. Apple and Google were both pretty emphatic in their response. Hell no. Microsoft on the other hand, their response was a bit more vague and non-commital regarding their response if requested to do something similar.
"We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo." - Microsoft. If someone gave me a response like that, my first question would be "Well what kind of secret email scanning have you done?"
 

citysnaps

macrumors G5
Oct 10, 2011
12,587
27,173
I have a hard time believing that the government hasn't approached Google, or Microsoft with such questions. I could see them not asking Apple, simply due to their overall lack of marketshare.

Up until 2014 they didn't have to ask Google as gmail traffic between its data centers was transmitted without encryption and subject to easy bulk interception. For many many years. Astonishing Google was so lax.
 

now i see it

macrumors G4
Jan 2, 2002
11,222
24,152
Actually I think it's better this way. Let's everyone know that email is not private at all and everything you type can be used against you.

That being the case.... Just use email accordingly.
 

840quadra

Moderator
Staff member
Feb 1, 2005
9,351
6,147
Twin Cities Minnesota
I don't understand the logic you're using. I hope you're not conflating phone marketshare with email client marketshare. There are several metrics showing the iPhone email client is the largest by a wide margin. To be fair, that could be a focus on mobile. To be even more fair, I didn't dig into how those metrics were obtained. Desktop and business client email may paint a different picture but I seriously doubt those would be the vector for terrorists. Regardless, you can't use phone marketshare as a reason for not asking Apple. It doesn't make sense.

Apple, Microsoft, and Google all state they haven't been approached with a request like this. Apple and Google were both pretty emphatic in their response. Hell no. Microsoft on the other hand, their response was a bit more vague and non-commital regarding their response if requested to do something similar.
"We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo." - Microsoft. If someone gave me a response like that, my first question would be "Well what kind of secret email scanning have you done?"
Installed versus used?

I doubt that the quantity of people using Apples services come close to being a rival for the big 3. I have no definitive metrics to give, so I will Yield to whatever metrics people care to look up. I agree that the Apple email client is used widely, however most people ( in my experience in it / marketing / personal life) retain their pre-existing email, being Yahoo!, Microsoft, aol, or google, and link mail to those.

Edit:::

I maybe understand it incorrectly, but the topic is email data which despite .me, .icloud, .mac, etc, I would imagine apple is much smaller than the others.
 
Last edited:

Swift

macrumors 68000
Feb 18, 2003
1,828
964
Los Angeles
I guess I must be an enemy of freedom. The secrecy isn't great, but look. What was the greatest risk involved with Yahoo Mail? You were going to a very low-rent neighborhood of the Internet. The equivalent of a truck stop. Crummy design, intrusive ads eating up your bandwidth, crazy people trying to convince you of nonsense. Think of it as a neighborhood. How would you feel if some militants are being organized for violence in that neighborhood? If they develop evidence that they MIGHT be hiding child porn, cash for weapons, directions for bombs, and yes, child porn, such that a judge would grant a warrant. When did the Internet get to be outside of the real world? Not talking intrusive, but if the guy next door was torturing kids, what are his privacy rights worth in the scheme of things? How about a native ISIS cell? Neo-Nazis? Our police, in a democracy, do have a real job. I'm not saying I've worked out all these questions, but the Internet giveth and the Internet taketh away. If you're on the web you can see the world. And the world sees you.
 

840quadra

Moderator
Staff member
Feb 1, 2005
9,351
6,147
Twin Cities Minnesota
I guess I must be an enemy of freedom. The secrecy isn't great, but look. What was the greatest risk involved with Yahoo Mail? You were going to a very low-rent neighborhood of the Internet. The equivalent of a truck stop. Crummy design, intrusive ads eating up your bandwidth, crazy people trying to convince you of nonsense. Think of it as a neighborhood. How would you feel if some militants are being organized for violence in that neighborhood? If they develop evidence that they MIGHT be hiding child porn, cash for weapons, directions for bombs, and yes, child porn, such that a judge would grant a warrant. When did the Internet get to be outside of the real world? Not talking intrusive, but if the guy next door was torturing kids, what are his privacy rights worth in the scheme of things? How about a native ISIS cell? Neo-Nazis? Our police, in a democracy, do have a real job. I'm not saying I've worked out all these questions, but the Internet giveth and the Internet taketh away. If you're on the web you can see the world. And the world sees you.

Email itself is Sticky, many people with Yahoo addresses come from a time before Google's popularity. I try not to make character judgments based on whatever domain they email me from.

Child porn? That has commonly been the trump card used to take away, or limit the privacy of people who have absolute detest, and nothing to do with such a vile activity. Fear mongering of terroristic activity is slowly replacing it as the new ultimate argument against privacy.
 

69650

Suspended
Mar 23, 2006
3,367
1,876
England
surely google, fb etc are doing the same then... since they cant 'discuss' it?

Yes they probably are. Yahoo is not at fault here, the US government should not be allowed to make such outrageous requests in the first place.
 
Last edited:
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.