Ever since the Snowden leaks in 2013, there’s been an ongoing debate over the nature of state surveillance. One of the more interesting things we learned in 2013 was that certain companies had fought the NSA tooth and nail — and Yahoo had led the charge. When the company was ordered to produce user data in 2007, it challenged the legality of that order at the Foreign Intelligence Surveillance Court (FISC, also sometimes known as the FISA Court). When its challenge failed, it appealed the case to the Foreign Intelligence Surveillance Court of Review. While it also lost on appeal, the company earned accolades for its willingness to stand up for user privacy, even though all of the court proceedings and decisions were classified at the time and couldn’t be milked as a PR opportunity.
If a new report from Reuters is accurate, the Yahoo that went to bat to defend its users is a dim and distant memory today. The news agency reports that last year, Yahoo built a custom search engine to allow the government to search its entire database of email for keywords and terms provided by US intelligence agencies. The decision was apparently highly controversial within Yahoo and reportedly led to the departure of the company’s Chief Information Security Officer, Alex Stamos, who now works for Facebook.
Sources close to Yahoo have previously stated the company was reluctant to upgrade its email security or adopt end-to-end encryption out of fear that any disruption to its service would drive customers away to other email providers. This new information suggests this may have been a strictly secondary concern. We already know that the federal government pays for access to customer databases; the Snowden leaks showed that the NSA paid AT&T $190 million in 2011. We don’t know what kind of arrangement the government struck with Yahoo, but it’s not hard to connect the dots here. Mayer’s company has been in trouble for years, with declining revenue and poor user engagement. The Yahoo that went out on a limb to defend its customers in 2007 – 2008 and decried the government’s collection of millions of webcam images through Yahoo’s own infrastructure is a far cry from the Yahoo of 2016, and Mayer may well have taken the deal as a way to generate additional revenue.
Prior to this, federal agencies have had the right to demand information on specific users. But no other company is known to have built a database that automatically scanned all incoming mail and provided that information to a federal agency, or allowed real-time analysis based on specific criteria (called a selector). “I’ve never seen that, a wiretap in real time on a ‘selector,'” Albert Gidari, a lawyer who represented phone and Internet companies on surveillance issues for 20 years before moving to Stanford University this year, told Reuters. “A selector refers to a type of search term used to zero in on specific information. It would be really difficult for a provider to do that.”
Yahoo’s sole comment on the matter was terse: “Yahoo is a law abiding company, and complies with the laws of the United States.”
Snowden’s leaks may have kicked off a robust debate, but it hasn’t driven much change at the federal level. There have been a handful of anemic amendments to existing surveillance laws that make minimal adjustments to the government’s vast warrantless wiretapping abilities. But neither Democrats nor Republicans have pushed for a major overhaul of existing laws. Of the various Presidential candidates that ran for office in 2016, only Bernie Sanders and Gary Johnson took a strong stand against the NSA’s abuse of warrantless wiretapping, and neither is going to be sitting in the White House in 2017.
Generally speaking, US citizens have been trained to think of their personal data as both worthless and unprotected. Companies like Google and Facebook gather vast amounts of information and sell it to advertisers and third parties, while the widespread use of stingrays and license plate scanners build databases of a person’s movements over time, even when said individuals have committed no crimes and done no wrong. The government’s stance that it isn’t surveilling people until it searches its database is a ridiculous farce, particularly given that the government decides when and how said searches should occur — but it’s perfectly in line with the way companies treat personal information. Multiple companies have announced in the past year that they would no longer bother to anonymize data when they used it for advertising, and the general response from Americans has been a yawn.
If the Reuters story is accurate, it means the handful of amendments to the NSA’s powers and practices have done absolutely nothing to limit the agencies’ powers. With databases like this, the NSA and FBI now have more surveillance power than ever, despite the fact that the NSA has yet to demonstrate that it has stopped a single terrorist attack based on information gleaned from its comprehensive database. Instead, this is typically used as an argument for more surveillance, even when the sheer amount of data overwhelms the NSA’s own analysts.
It’s possible these new allegations could ignite a desire for change from Americans in general. But given how little the Snowden leaks actually moved the needle, we’re not optimistic.