Reuters reports Yahoo had secretly built a custom bit of software that scanned all of its members’ incoming emails for specific information, to comply with requests from U.S. intelligence authorities.
The company complied with a classified U.S. government demand, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said three former employees and a fourth person apprised of the events.
Surveillance experts say this marks the first time a case has surfaced where a U.S. internet company has agreed to a government agencies request to search all incoming messages, and not just to examine stored messages, or to scan a limited number of email accounts in real time.
According to two of the former employees, Yahoo Chief Executive Marissa Mayer’s decision to obey the directive roiled some senior executives and led to the June 2015 departure of Chief Information Security Officer Alex Stamos, who now holds the top security job at Facebook Inc.
“Yahoo is a law abiding company, and complies with the laws of the United States,” the Yahoo said in response to Reuters inquiries about the demand. The company declined to comment any further. Inquiries to the NSA were referred to the Office of the Director of National Intelligence, which declined to comment.
It isn’t known at this time what, if any, data Yahoo may have given to authorities, or if other email providers have been approached with similar requests.
An Apple spokesperson, responding to an inquiry by The Intercept, said: “We have never received a request of this type, and if we were to receive one, we would oppose it in court,” and referred The Intercept to a portion of a recent public letter from Apple CEO Tim Cook, which the person said, was still accurate:
Finally, I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will.
Facebook, Google, Microsoft, and Twitter all separately noted that they had not conducted any similar mail searches.
Today’s revelation continues a streak of bad news for Yahoo, as the firm is in the process of trying to close a deal to sell its core business to Verizon in a $4.8 billion deal. Last month, Yahoo revealed hackers had gained access to 500 million customer accounts in 2014.