There’s a lot of noise on the net and it’s easy to miss newsworthy items, like the fact that Yahoo scans your email messages looking for god-only-knows-what.
The event I’m describing occurred back in 2015, according to Reuters, but not much stands in the way of it happening again. There’s no law, regulation, corporate policy or safeguard to stop Yahoo from rolling over on their customers and handing Uncle Sugar all of our email messages once more.
When the government came calling with a “muy hush hush” ultra-secretish classified disclosure order, Yahoo’s Chief Executive Marissa Mayer answered the call. She authorized the bulk collection, going so far as tasking engineers with writing a special program that filtered emails for a predefined string of characters and then stored all the matching messages for remote retrieval.
Speculatively, the whole thing was an embarrassment and an affront to her Chief Information Security Officer Alex Stamos, who failed to get the memo. His security team found out about the spying after the fact. Let that sink in: The CEO did an end run around the CISO!
Stamos’ initial assessment was that hackers had breached the network. Upon discovering his boss was behind it all, he left. Reportedly, Stamos esteems user privacy (because he esteems end-to-end encryption) so his decision then to resign his office at Yahoo and join Facebook, where things like user data and privacy are held in very high regard by everyone except the people working there, seems interesting on its face, but I digress.
Mayer claimed “Yahoo is a law abiding company, and complies with the laws of the United States.” But whether federal law or a federal whim, Yahoo caved. When the FBI—or the NSA; it’s not clear which—made its demands, Yahoo folded. Just like Apple did.
All that prevents Yahoo from yet again giving the goods to the government is to spoil the goods. With encryption. In other words, if an email message itself is encrypted then the government can’t glean anything useful from the contents. It doesn’t matter much that Yahoo implemented end-to-end encryption for its network when, under pressure, they can readily divulge the contents of any message.
Where’s our privacy in that?
It’s time for a game changer. It’s time to encrypt our messages with PrismCipher in our browsers before we send them through Yahoo’s email network (or anybody’s network). The government can approach an enterprise class service provider like Yahoo and demand information—it’s easy, they’re just a single company—but the government can’t approach every single user of home-based encryption and demand anything: There’s too many of us.
At least, there ought to be.
This post was based in part on information reported from Reuters.