Yesterday, a report claimed Yahoo had built a program to scan every customer’s email for specific information, by order of the U.S. government. Today, The New York Times reports Yahoo built the program by adapting a filter meant to scan for child porn, malware, and spam content.
Two government officials who spoke on the condition of anonymity said the Justice Department obtained an individualized order from a judge of the Foreign Intelligence Surveillance Court last year. Yahoo was barred from disclosing the matter.
To comply, Yahoo customized an existing scanning system for all incoming email traffic, which also looks for malware, according to one of the officials and to a third person familiar with Yahoo’s response, who also spoke on the condition of anonymity.
The customized system stored and made available to the Federal Bureau of Investigation a copy of any emails that contained “a computer “signature” tied to the communications of a state-sponsored terrorist organization.” The Times’ sources say the collection of emails is no longer taking place.
Technology companies like Yahoo, Google and Microsoft scan for child pornography and are required to report any discoveries to the National Center for Missing and Exploited Children. They similarly search traffic for malware and spam, which companies disclose in their terms of service.
Yesterday, a Reuters report broke the news that the company had built a custom program to scan all of its customers incoming emails, due to a government order. Suzanne Philion, a Yahoo spokeswoman, said the Reuters article was “misleading.”
“We narrowly interpret every government request for user data to minimize disclosure,” Philion said. “The mail scanning described in the article does not exist on our systems.”
Yahoo is currently in the process of trying to close a deal to sell its core business to Verizon in a $4.8 billion deal. Last month, the company revealed hackers had gained access to 500 million customer accounts in 2014.