Did they, or didn’t they? That seems to be the central question surrounding the recent revelation reported by Reuters.
According to the news story, Yahoo complied with a Federal government request to track and monitor all incoming messages, forwarding any that contained a certain set of keywords to government agents. If the allegation is true, it certainly would not be the first time that a technology company complied with a government request for information. What makes this particular case different, however, is the fact that the search was reportedly done in real time.
Security analysists were quick to chime in that the allegations did not seem technically feasible, given the sheer volume of incoming mail, and Yahoo later responded by saying that the Reuter’s story was inaccurate. The company claims that they always narrowly interpret such information requests, and a real time search, regardless of how small the targeted keywords, would be an incredibly broad mandate.
It has been suggested that last year, when this request was being made, Yahoo’s CIO left the company as a protest over the CEO’s decision to comply with the request. He could not be reached for comment, and so the mystery remains.
Did Yahoo comply with the request and monitor all incoming emails for a set of targeted keywords? If so, what were the keywords? How many were there? How many emails were caught up in the sweep? Does Yahoo even have the capability to conduct such a real time “email wiretap?”
These are questions we may never know the answer to, but it brings one thing in to sharp relief. If you’re using a free email service, your communications are not nearly as secure as you think they are. Remember, it wasn’t long ago that we learned that personal account information belonging to literally hundreds of millions of Gmail, Yahoo and Hotmail users wound up for sale on the Dark Web. If that didn’t convince you about the relative lack of security, then this latest report certainly should.