[Was, and still is: yahoo sux] Security experts urge clients to stop using Yahoo Mail

Razer rayzer at riseup.net
Tue Oct 4 18:46:45 PDT 2016 

On 10/04/2016 02:30 PM, jim bell wrote:

> Yahoo secretly scanned customer emails for US intelligence-sources
http://dailym.ai/2dOI1gj via http://dailym.ai/android
>


I wonder if the execs who approved this or someone on Y!'s legal team
who advised them to comply is secretly on Google's payroll or plans to
'jump ship' into a BIG raise.

Rr


With links:
http://www.mcclatchydc.com/news/nation-world/national/national-security/article105936487.html#emlnl=Evening_Newsletter


By Tim Johnson [email redacted]

Civil and human rights groups issued denunciations and some
cybersecurity experts urged their clients to stop using the popular
Yahoo Mail service after a news agency reported Tuesday that the
internet service provider had secretly scanned hundreds of millions of
clients’ emails at the behest of U.S. intelligence agencies.

The report by the Reuters news service said Yahoo complied with a
classified U.S. government directive last year that demanded that it
scan all incoming emails of its users for certain phrases. The report
said Yahoo’s engineers wrote a program that complied with the blanket
spying request.

“Enough is enough. It’s time to close your Yahoo account,” Graham
Cluley, a British cybersecurity expert, tweeted following the report.

The report was the second piece of challenging news in recent days for
the Sunnyvale, California, company as it attempts to finalize a $4.8
billion sale of its core business to Verizon. On Sept. 22, Yahoo
acknowledged that the passwords of 500 million Yahoo account holders had
been stolen.

Yahoo did not immediately respond to the Reuters report. A chief rival
for global email, Alphabet Inc.’s Google, said it had not been
approached by the intelligence agencies.

“We’ve never received such a request, but if we did, our response would
be simple: ‘No way,’ ” Aaron Stein, a Google spokesman, said in a
statement posted online.

Another large tech firm, Twitter, also weighed in, but without
clarifying whether it had received a directive aimed at intercepting
communications.

“Federal law prohibits us from answering your question, and we’re
currently suing the Justice Department for the ability to disclose more
information about government requests,” Twitter spokesman Nu Wexler said
in a statement.

Civil and human rights groups directed their criticism not at Yahoo but
at the U.S. government, saying its request had undermined trust in the
internet.

“The government appears to have compelled Yahoo to conduct precisely the
type of general, suspicionless search that the Fourth Amendment was
intended to prohibit,” said Patrick Toomey, an attorney for the American
Civil Liberties Union. “It is deeply disappointing that Yahoo declined
to challenge this sweeping surveillance order, because customers are
counting on technology companies to stand up to novel spying demands in
court.”

The alleged Yahoo collaboration with intelligence agencies caused
turmoil in the upper ranks of the company, the Reuters report said, and
led to the June 2015 departure of Chief Information Security Officer
Alex Stamos.

Yahoo Chief Executive Marissa Mayer bypassed the company’s security team
and went to engineers to write the program to siphon off emails in real
time for the government, it added.

Stamos, who is now the chief security officer for Facebook, offered no
immediate comment on the report. The federal government also did not
comment.

Amnesty International, a London-based rights group, lamented what it
called the eroding privacy of internet users and efforts by the U.S.
government to “indiscriminately vacuum up the world’s data.”

“This is a clear sign that people can trust neither their government nor
their service providers to respect their privacy: Only end-to-end
encryption that keeps their communications away from prying eyes will
do,” said Amnesty’s Sherif Elsayed-Ali, the head of technology and human
rights.

Yahoo has gotten into hot water before for collaborating with government
requests – in China. More than a decade ago, it shared information with
the Chinese government that allowed for the jailing of two dissidents,
one of whom, Wang Xiaoning, spent a decade in jail. The other dissident,
Shi Tao, served a shorter sentence.

Yahoo’s partial sale to Verizon is already facing uncertainty over the
massive data breach, which took place in 2014. Yahoo apparently did not
inform Verizon of the breach, and news of it came out only last month
when Yahoo user data was offered for sale on the black market.

Legal advocates said they expected Congress to be uneasy over Tuesday’s
revelation.

“If Yahoo is indeed scanning the content of all of its customers’ emails
at the NSA’s behest, that would appear to violate the Fourth Amendment,”
said Elizabeth Goitein of the Brennan Center for Justice at the New York
University School of Law.

“It’s also a violation of customers’ privacy and trust. It’s disturbing
to learn that the NSA was secretly expanding its surveillance reach at
the very same time Congress was attempting to rein it in,” added
Goitein, who is co-director of the center’s Liberty and National
Security Program.

Privacy has been a major issue in Washington since former NSA and CIA
contractor Edward Snowden leaked top-secret information about National
Security Agency monitoring of Americans’ email and cellphone use in
2013. Congress ended one formerly secret program after the revelations.

The issue of privacy also pitted the FBI against the tech giant Apple
after the FBI sought to force Apple to circumvent security settings on a
phone that had been used by one of the killers at a holiday party last
year in San Bernardino, California. Apple refused a judge’s order that
it do so. The impasse was resolved when the FBI allowed a company that
said it had developed a way to bypass the security settings to hack into
the phone.

Not surprisingly, Snowden, who now lives in Russia, was among those
urging Yahoo Mail clients to abandon the service. “Use @Yahoo? They
secretly scanned everything you ever wrote, far beyond what law
requires. Close your account today,” Snowden tweeted.

“Any major email service not clearly, categorically denying this
tomorrow – without careful phrasing – is as guilty as Yahoo,” Snowden
said in another tweet.

Tim Johnson: [phone# redacted], @timjohnson4

--30--

With links:
http://www.mcclatchydc.com/news/nation-world/national/national-security/article105936487.html#emlnl=Evening_Newsletter

More information about the cypherpunks mailing list