Yahoo continues to seek high ground with regard to public reports that last year it scanned user email messages in compliance with a classified government order.
General counsel Ron Bell yesterday sent a letter to Director of National Intelligence James R. Clapper asking the government to confirm Yahoo was ordered to conduct surveillance on the intelligence community’s behalf, as well as declassify the order and publicly clarify the circumstances.
Yahoo’s actions were described in an Oct. 4 Reuters exclusive article that said Yahoo complied with the order by building a specialized system that would scan messages looking for an unknown specific set of characters. The company’s security team found the activity in May 2015 not long after it was deployed, and believed hackers had penetrated the Yahoo network. The Reuters article suggests that CEO Marissa Mayer bypassed the security team, asking engineers to build the system, a situation that led to the resignation of CISO Alex Stamos.
The New York Times, the next day, said that Yahoo had adapted an internal scanner designed to ferret out child pornography and spam to search for a particular “signature” aligned with terrorist organizations. The Times also said that the Justice Department obtained the custom order from the Foreign Intelligence Surveillance Court early in 2015, along with it a gag order preventing Yahoo from disclosing.
Yesterday’s letter to Clapper is an attempt by Yahoo to maintain openness with its users in defense of their privacy.
“We appreciate the need for confidentiality in certain aspects of investigations involving public safety or national security; however, transparency is critical to ensure accountability and in this context must including disclosing how and under what set of circumstances the U.S. government uses specific legal authorities, including the Foreign Intelligence Surveillance Act, to obtain private information about individuals’ online activities or communications,” Bell wrote. “Citizens in a democracy require such information to understand and debate the appropriateness of such authorities and how the government employs them.”
In the weeks since the disclosure, civil libertarians have made similar calls for transparency, with the Electronic Frontier Foundation making the case that the Yahoo order should be declassified under the USA FREEDOM Act. Aaron Mackey, a Frank Stanton Legal Fellow at the EFF, wrote in an opinion that the Yahoo order falls under Section 402 of the act requiring a declassification review.
“If the reports about the Yahoo order are accurate–including requiring the company to custom build new software to accomplish the scanning–it’s hard to imagine a better candidate for declassification and disclosure under Section 402,” Mackey wrote. “Given the divergent media reports about what the FISC required Yahoo to do, it is crucial for the public to see the order.”
The catch, however, is that since Section 402 was passed in June 2015, the DOJ does not believe it is retroactive, and applies only to opinions issued by FISC after June 2015.
Lawmakers from 27 states last Friday also petitioned Clapper and Attorney General Loretta Lynch to declassify the order and share any details in a Congressional briefing.
“As legislators, it is our responsibility to have accurate information about the intelligence activities conducted by the federal government,” wrote Rep. Ted Lieu of California and Rep. Justin Amash of Michigan.
Yahoo, meanwhile, renewed calls for increased transparency around government requests for data.
“But transparency is not merely a Yahoo issue; transparency underpins the ability of any company in the information and communications technology sector to earn and preserve the trust of its customers,” Bell wrote. “Erosion of that trust online implicates the safety and security of people around the world and diminishes the confidence and trust in U.S. businesses at home and beyond our borders.”