Yahoo! goes cuckoo for the NSA!
In stunning news, a just-published Reuters exclusive purports that Yahoo secretly scanned customer emails on behalf of the National Security Agency. While the public has been made aware in recent years of the cozy relationship between technology companies and the U.S. intelligence community, this exposes an even more flagrant example of a public-private partnership to compromise the Fourth Amendment rights of ordinary Americans.
According to Reuters, Yahoo CEO Marissa Mayer decided to comply with a secret directive from the U.S. government to create “a custom software program to search all of its customers’ incoming emails for a ‘character string’ provided by U.S. intelligence officials.” Mayer’s decision prompted former Yahoo Chief Information Security Officer Alex Stamos to resign, Reuters’ report notes. It’s unknown whether other email providers also received or complied with this or similar orders, although it seems highly unlikely that Yahoo would be the only one to get the call.
Much of the recent policy debate over surveillance has focused on the bulk collection of metadata, which was key to the reforms proposed in Congress earlier this year by the USA FREEDOM Act. Previous disclosures had shown that companies passively complied with classified orders to hand over metadata (a set of data that describes and gives information about other data) or, in some cases, to share past archived correspondence. But here we see a company actively creating a program to screen for specific selection terms and then automatically send those emails to the NSA.
This directive appears dramatically different from the metadata debate in that this is apparently such a broad government order that it requires real-time information and the creation of a new software program by the company. The idea that a company complied in this way is a truly shocking revelation that goes beyond the pale, in terms of accepted practice. It is unclear under what authority this directive was requested and whether other companies have similar agreements.
While some might suggest that “upstream” bulk collection has been used to search phone records, the idea that a company would actively search incoming email for content seems to be a new level of invasion into personal correspondence. There does not appear to be any transparency about what terms trigger Yahoo to forward emails and how many have been caught by this dragnet.
Naturally, this leads one to wonder who is overseeing the intelligence community. Congress has the authority, but there is little evidence that the legislative branch was properly informed. That’s because all matters related to surveillance in the lower chamber flow through the House Permanent Select Committee on Intelligence. This one committee acts as the gatekeeper of information and has routinely limited the access granted to other rank-and-file members of Congress.
This policy makes it extremely difficult for privacy-minded members of Congress to question surveillance practices, setting the table for further privacy invasions. Many members are not sufficiently staffed or informed to delve into the classified material and make reform proposals. This is one of main reasons making minor revisions to the PATRIOT Act is extremely cumbersome.
Yet there is something we can do to rein in the surveillance state – we must change the way the House of Representatives handles intelligence matters. Instead of siphoning off information to one committee, Congress should implement a bipartisan set of proposals that empower all members to evaluate how the intelligence community conducts surveillance and works with private companies. All members of Congress must be allowed to question the apparatus’ overall effectiveness, as well its constitutionality.
Yahoo’s compelled compliance with the NSA stands in stark contrast to how Apple handled the FBI order stemming from the San Bernardino shooting last year. Regardless of whether one company is right or wrong, both episodes show the precarious predicament the intelligence community has put the American tech industry in. Companies are either unpatriotic for standing up for user privacy or are labeled stooges for Big Brother.
Instead of burying their heads in the sand, it’s time Congress embrace the Fourth Amendment protections the Constitution grants all Americans.