Yahoo this week published its transparency report for the first six months of the year and the numbers indicate that government requests for data on its users are up slightly after sharp dropoff for the report covering the last six months of 2014.
Yahoo said that it received 5,221 government data requests, and disclosed content on 1,258 of those requests, or on 24 percent of requests.
The company also said that it received between 0 and 999 National Security Letters between January and the end of June, affected the same range of accounts. Companies, by U.S. law, are allowed to report the number of NSLs and the number of accounts specified in those requests in bands of 1,000.
In March, Yahoo reported on its numbers for the last six months of 2014, and said 4,865 total requests were made from the U.S. during that period. Those requests covered a total of 9,752 user accounts and the company disclosed some content in 1,157 of those cases.
Yahoo rejected six percent of the government requests (304) and provided only non-content data for 3,174 of the cases. Non-content data is information provided by users when they register an account with Yahoo. That data includes the user’s name, location, IP address, alternate email addresses, billing information and more.
“As always, we will continue our efforts to protect our users’ information from unclear, improper, overbroad or unlawful government requests,” said Aaron Altschuler, Yahoo associate general counsel.
Yahoo was recognized this summer by the Electronic Frontier Foundation for its security and privacy practices, garnering five stars in the EFF’s Who Has Your Back program. The EFF singled out Yahoo’s publication of a transparency report, its requirement of a warrant before providing user-related content to the government, and its promise to inform users in advance about government data demands.
Yahoo has also been public about its support for legislation opposing mass surveillance and has aggressively rolled out encryption across most of its web-based services, including Yahoo Mail and encrypting traffic between its data centers. Much of that work was pushed forward by former CSO Alex Stamos, who joined Facebook this summer in the same role.
A month after arriving at Yahoo, Stamos announced that the company was enabling encryption between its mail servers and other email providers, and earlier this year the company released an extension that enabled end-to-end encryption for all Yahoo email users. All search queries and traffic to the Yahoo home page also run over HTTPS by default now.
During his time at Yahoo, Stamos also built an enviable roster of security talent in a group known internally as the Yahoo Paranoids. Among his hires was Chris Rohlf, a respected researcher, who is head of penetration testing at the company now.
