This is a revelation that is not going to fix the image of Yahoo. Two weeks ago, california-based company announced that the data of 500 million people had been hacked by the end of 2014. She now is accused of having spied on the emails of all its users, for the account of the american intelligence. According to a survey by Reuters, published Tuesday, it would be developed in 2015 a software for this purpose.
1. That happened ?
according To three former employees of Yahoo, and a fourth source “be informed of”events, the company has complied, last year, to an order which is classified by the u.s. government, issued at the request of an intelligence agency – the NSA or the FBI. It was, says Reuters, “scan hundreds of millions of Yahoo Mail” in real time. Yahoo would then put in place a program that allows you to search from a “string” (a word, a sentence, in the body of the email or in an attachment…) provided by the american intelligence. It is not known, at this stage, or what was research and what data Yahoo would have been transmitted to the authorities.
according To two of the sources of Reuters, this software, developed by engineers of the company, has been spotted in may 2015 by the team of cyber-security, which was first thought to be a hack… It is this discovery which would have led to the departure of Alex Stamos, the director of the computer security of Yahoo, since recruited by Facebook. The interested party declined to comment.
2. How did Yahoo ?
“Yahoo is a company respectful of laws, and in accordance with the laws of the United States”, merely responding, in a first time, the giant of the Net. On the side of the american authorities, the office of the director of national intelligence did not wish to speak. But on Wednesday, california-based company has split a statement a tad more consistently reproduced by a journalist of’Ars Technica :
“The article [Reuters] is misleading, writes the company. We perform closely with all the government requests on user data, to minimize the disclosure. The scanning of emails is described in the article does not exist in our systems.”
as far as the have noticed of the users of the social network, the formulation is particularly prudent. Yahoo does not deny having received a request of the american authorities… and most importantly, do not say that the program never existed.
3. Why is this new ?
Since the revelations of Edward Snowden, we knew the existence of the program Prism, which involves the collection of data stored by major Internet service providers. We also knew that the NSA had put in place a program called “Upstream” (“upstream”), to collect data when in transit on the network. Both operate in the framework of the Foreign Intelligence Surveillance Act (Fisa), the law that governs the collection of information on foreign powers and terrorist groups.
also read : Wikimedia wants to disconnect the pump data to the NSA
For several of the experts quoted in the american media, the program described by Reuters differs both from the collection of data from service providers, the interception in real time, which can be done on accounts identified with their competition, and the collection made at the same “pipes” by the NSA itself, or by other intelligence services, like the DGSE in France. Such a case of sub-contracting the monitoring of mass at this scale is unprecedented.
4. Is this legal ?
Despite the timid reform adopted last year by the u.s. Congress, the legislation remains extremely generous to the intelligence agencies of the United States, and its interpretation even more. To some legal experts interviewed by Reuters, the request made to Yahoo could stand before the court, Fisa, the federal court responsible for these matters, which has legally justified the program Prism. In 2007, the company had sought to challenge before this court a claim which he proposed to conduct research on e-mail accounts in the absence of a judicial mandate, and had been unsuccessful.
also read : the USA Freedom Act : why the opponents of the NSA does disarm not
But for the American Civil Liberties Union, the company could, and should, challenge the request of u.s. authorities : “It seems that the government has forced Yahoo to drive precisely the sort of research, widespread and in the absence of individualized suspicion that the fourth amendment [of the Constitution] was intended to forbid”, ” said Patrick Toomey, one of his lawyers.
Develop software in secret on the orders of the american authorities, this is precisely what Apple had refused to make, in the duel widely publicized that the opposition, in the beginning of the year, the FBI and the department of Justice. The case had not gone to his term – the u.s. agency had found another way to access the contents of the smartphone from the pro at one of the two authors of the massacre of San Bernardino.
5. Other companies are they involved ?
All large companies in the sector contacted by the media, americans have denied having put in place such practices. the “We’ve never done scanning the secret of the email traffic, such as what has been reported about Yahoo”, said to Reuters a spokesman for Microsoft (which, however, does not say if the request was made or not). Facebook, Apple and Twitter have ensured never to have received orders of this kind, and be ready to challenge it in court if necessary. The response of Google is even more clear : “We have never received such a request, but if this were the case, our answer would be simple : no question.”
6. That reveals this story ?
As noted by Chris Soghoian, an analyst for the American Civil Liberties Union, the revelations of Reuters are to be read in the light of technological developments which have followed the revelations of Edward Snowden. Warned by the scandal Prism, which has greatly tarnished their image, the giants of the digital, have strengthened the safety and security of their infrastructure and their products. If Google had, as of 2010, secure the connection of its users to their mail box, Yahoo has just done in the wake of the revelations of the whistleblower.
“a few years ago, the NSA could scan the e-mails from around the world by listening to the cables. They address probably directly to Yahoo because of the encryption of the data stream.”
In the battle that is played for months around the encryption of communications and data, the pressure to sub-contracting can only be done closer to home. Quoted in the Reuters article, a former attorney for the NSA delivers a point of view could not be more clear : the e-mail providers “have the ability to encrypt everything, and the result is an additional responsibility, that of making a part of the work that was done by the intelligence agencies”.
No comments:
Post a Comment