A Yahoo operation in 2015 to scan the incoming email of its customers for specific information identified by the US government was authorized under a foreign intelligence law, US government officials familiar with the matter said. Reuters on Tuesday reported that the Yahoo program was in response to a classified US government request to scan emails belonging to hundreds of millions of Yahoo users.
The revelation rekindled a long-running debate in the United States over the proper balance between digital privacy and national security. The Department of Justice obtained the order from the Foreign Intelligence Surveillance Court, said the sources, who requested anonymity to speak freely. The order came under the Foreign Intelligence Surveillance Act and related specifically to Yahoo, but it is possible similar such orders have been issued to other telecom and internet companies, the sources said.
Two government sources previously said the request was issued under a provision of the law known as Section 702, but Reuters subsequently learned the information was incorrect. Section 702 will expire on Dec. 31, 2017, unless lawmakers act to renew it.
In a statement on Wednesday, Yahoo said Tuesday’s report by Reuters was “misleading” and that the “mail scanning described in the article does not exist on our systems.” When asked to identify any specific way in which the story was misleading, or whether the operation described by Reuters had previously existed, Yahoo declined to comment. Former Yahoo employees told Reuters that security staff disabled the scan program after they discovered it, and that it had not been reinstalled before Alex Stamos, the company’s former top security officer, left the company for Facebook last year.
The intelligence committees of both houses of Congress, which are given oversight of US spy agencies, are now investigating the exact nature of the Yahoo order, sources said. Privacy advocates expressed alarm at the reported Yahoo program, saying it may amount to an unprecedented use of the authorities granted to the National Security Agency by Congress. Speaking to students at Georgetown University on Tuesday, former NSA contractor Edward Snowden, who leaked a trove of classified documents to journalists in 2013 exposing NSA surveillance programs, said the Yahoo report renewed questions about whether government surveillance programs are subject to sufficient congressional oversight and public scrutiny.
“That’s not to say that this Yahoo program is sinister,” Snowden said via satellite: “It could be related to cyber security, where it is related to known malware actors.” Government officials on Wednesday sought to defend US surveillance operations as appropriately balanced and transparent, though they did not deny the Reuters report. “The United States only uses signals intelligence for national security purposes, and not for the purpose of indiscriminately reviewing the emails or phone calls of ordinary people,” Richard Kolko, a spokesman for the US Office of the Director of National Intelligence, said in a statement.
White House spokesman Josh Earnest told reporters Tuesday that he could not confirm the existence of specific intelligence programs or intelligence tools, but defended the checks and balances placed on what information or methods the intelligence community can seek.