DON'T LOSE ACCESS:
Your IP access to ForeignPolicy.com will expire on June 15.
To ensure uninterrupted reading, please contact Rachel Mines, sales director, at firstname.lastname@example.org.
How American Companies Enable NSA Surveillance
Yahoo built custom code for the NSA to scan user emails.
Without the cooperation of American companies — both voluntary and compelled — the National Security Agency’s system of mass surveillance simply would not have been possible. And on Tuesday, Reuters added the name of yet another American corporate giant to the list of those who have made it possible for American intelligence to intercept huge troves of information: Yahoo.
According to the news service, the American internet giant designed custom software to filter its users’ emails according to a set of search terms, and deliver those messages to the NSA. The decision to enable NSA surveillance was reportedly made by CEO Marissa Mayer and without the knowledge of the company’s security chief, who quit in protest when he learned of the program.
Citing three anonymous sources familiar with the program, Reuters reported the Yahoo software scanned “all of its customers’ incoming emails for specific information provided by U.S. intelligence officials” and in compliance with a classified government directive. It is unclear what information American spies supplied Yahoo to search its users’ emails.
“Yahoo is a law abiding company, and complies with the laws of the United States,” the company said in a statement.
The news of Yahoo’s compliance with a major NSA surveillance program comes as telecommunications giant Verizon is on the verge of acquiring the company for $4.8 billion. Last month, Yahoo revealed that hackers stole credentials of at least 500 million of its users.
The company’s compliance with the NSA should not come as a shock, and is the latest in a series of arrangements with American firms and made by the signals intelligence agency to facilitate surveillance.
In the aftermath of World War I, American spies wanted access to the telegrams of foreign governments transmitted on U.S. soil. They turned to companies such as Western Union for help, striking gentlemen’s agreements that were likely illegal to supply the raw material of signals intelligence.
American intelligence officials sold cooperation to company executives as a largely patriotic endeavor, according to James Bamford’s NSA history, The Shadow Factory, and succeeded in signing up basically the entire American telegram industry.
As communications technology has changed, so has the NSA’s partners. As they have developed, telecommunications companies and internet firms have become the agency’s primary enablers, typically by secret court order. Documents leaked by Edward Snowden show how firms such as AT&T and Verizon, Yahoo’s future parent company, have helped the NSA hoover up huge amounts of internet data.
But as these companies have taken on customers worldwide, their cooperation with the NSA has become a huge business liability. When Snowden revealed in 2013 the full extent of American signals intelligence operations, he exposed a who’s-who of U.S. firms cooperating with the agency.
The now infamous slides detailing the providers participating in the NSA’s PRISM program included Microsoft, Facebook, Apple, and, yes, Yahoo. That program allowed the agency to access the contents of users’ communication, and created the impression that these American firms were in bed with the NSA.
Of course, these companies did not voluntarily sign up with the NSA, and were ordered by a secret federal court to hand over user information. But for customers around the world, the takeaway was a simple one: The NSA could get into Facebook.
The perception of cooperation with American intelligence agencies has pushed some companies, most notably Apple, to adopt highly sophisticated encryption and security schemes that make it impossible for the company to give up some user data and communications.
The move toward encryption has led the the U.S. government to complain that its surveillance systems are “going dark,” but news of Yahoo’s cooperation with the NSA points toward how overblown that fear likely is. With every development in the communications industry — from the break-up of the Bell telephone monopoly to the switch from analog to digital voice communications — the NSA has complained that its ability to carry out surveillance will be negatively impacted.
And, yet, the agency keeps on finding ways to collect data. The agreement with Yahoo dates to 2015, two years after the Snowden revelations, and according to Reuters, the company complied with the directive at least in part because it believed it would lose a legal battle with the federal government.
Mayer complied with the program without the knowledge of her top security engineer, Alex Stamos. He resigned in protest and decamped to Facebook when his subordinates discovered the system, which they believed had been installed by malicious hackers, not their own colleagues.
Mayer’s reluctance to inform her security team of the program points toward the ethical gray area it operated in. It’s not clear what compelled her to grant access to the NSA; Reuters said the program operated under a federal government “demand.”
Yahoo’s corporate website for transparency currently trumpets Mayer’s commitment to privacy. “We’ve worked hard over the years to earn our users’ trust and we fight hard to preserve it,” she says on Yahoo’s web page.
Photo by Ethan Miller/Getty Images