National Security

Yahoo and the Eyes on Your Email

Are there limits to what can be done in the name of national security?

Michael Swartz · Oct. 7, 2016
When looking for a needle...

This week we learned that people with Yahoo email accounts had their messages subject to scrutiny at the behest of the federal government — all in the name of national security. The story, as told by “people familiar with the matter,” is that Yahoo complied with a classified government directive to search for specific information, termed in the Reuters story as a “set of characters” in any emails.

This eavesdropping began in April 2015 and was facilitated once Yahoo engineers created a software program intended to flag emails with these strings of characters. The program was kept so secret within Yahoo that weeks after it went online, Yahoo security engineers, who had been excluded from the process, believed their servers had been hacked. Eventually, Yahoo’s Chief Information Security Officer, Alex Stamos, resigned over being left out of the loop on the decision by Chief Executive Marissa Mayer and General Counsel Ron Bell.

Given these allegations, Yahoo has been roundly criticized by privacy advocates who believe the company could have fought the directive — in fact, Yahoo called the original Reuters story “misleading” and denied the existence of the government-requested software program on its systems.

However, Yahoo may have cooperated because they recalled the prospect of $250,000 per day fines threatened by the federal government back in 2008 when the PRISM program to spy on online communications was introduced. While Microsoft, Google, and other online providers refused to comply with this more recent government directive — with many of these companies now exhibiting a holier-than-thou attitude — it’s worth remembering that they all knuckled under to the PRISM program, so we know they can be bought, too.

Some, though, may agree there’s a legitimate point to be made about the trifling and infrequent loss of privacy an average law-abiding citizen could reasonably expect from a program looking for specific indicators and character strings when compared to its usefulness to national security. We may want and still expect our conversations to be private, but we also have to ponder just how much privacy can be expected with email at all given the ease and frequency at which servers are hacked these days — including Yahoo’s. And it may not just be email. Consider the fact that Yahoo’s Internet operations are being bought out by Verizon, which adds millions of consumers to the mix.

Yet there is the overarching civil liberty question to consider as well: When does the spying transcend national security and become a tool for harassment of certain groups? Recall that this administration has used the IRS to target certain political entities, but looked the other way when a former secretary of state subjected herself to multiple security breaches by using her own email server.

In short, we have a situation full of what former Defense Secretary Donald Rumsfeld termed “known unknowns”: We’re certain that the federal government is keeping tabs on our electronic communications, but we’re generally clueless to the extent of that intrusion. We may or may not be affected directly, but indirectly we’re either benefiting from the additional security we receive against the risk of terrorism and/or we’re suffering from the loss of the expectation of privacy, a phenomenon that is doubly severe when the current climate of political intolerance is factored in.

Perhaps the best way to proceed in these times is with the common sense to know that once something is on the Internet or in an email, it’s going to be there forever — so think before you write. You never know who might be reading it.

Click here to show comments

Subscribe! It's Right. It's Free.