How the FBI made Yahoo modify the inbox filter

Marissa Mayer has been criticized for failing to provide security measures in the face of pressure from government intelligence agencies. Photo: AP Photo / Michel Euler

For Yahoo’s security department, the current situation looks like it’s been hacked. An attacker installed a backdoor in mid-2015, which scanned mail traffic (the report says about searching for a specific "signature", whatever that means). So could foreign intelligence, which wants to find specific information. But in this case, foreign intelligence was not involved. As Reuters learned , senior management at Yahoo helped US government agents install a special backdoor to scan Yahoo Mail for mail traffic.

As it turned out , this was done in secret from the staff and security department of Yahoo. Only a few of its participants knew about the operation. They say that when the head of the security department, a well-known specialist Alex Stamos found out about it in June 2015, he immediately filed a letter of resignation. Search for a new job, Alex had not long .

Yahoo received a court order to provide access to its postal system from a secret Court of covert surveillance for the purposes of foreign intelligence (FISC). Under the FISA Act ( Secret Surveillance Act for Foreign Intelligence), the recipient of such a court order does not have the right to disclose information about the receipt of a warrant. In the case of challenging the decision, it is considered again in a secret court, and the company again has no right to disclose information on the consideration of such a case. In the end, none of the users should receive a direct notification that surveillance has been set over his account.
')
Some companies, fearing receiving FISC secret orders, use a trick known as “testimony of a canary” - they post in advance on the site a statement that they have not yet received FISC court orders. In the event of receiving such a warrant, they simply remove the false statement from the site , without formally violating the non-disclosure requirement. The Electronic Frontier Foundation specifically monitors the testimony of the canary on various sites so that users can draw conclusions about the secret actions of the US government.

Immediately after the appearance of a message about the access of government intelligence services to Yahoo’s mail traffic, almost all large companies made official statements that they did not have a similar system for scanning users' confidential messages. Such statements were made by Apple, Google, Twitter and Microsoft .

Yahoo has released a typical "denial without denial." Alex Stamos declined to comment .

Thus, Yahoo was left alone. Marissa Mayer was criticized by colleagues for failing to provide security measures and protect users.

Yahoo is trying to justify itself: “The article in [Reuters] is misleading. “We narrowly interpreted each government request to minimize data leakage,” the company said. “The letter scanning described in the article does not exist in our company.”

What really happened?

Since then, new information has appeared on how the traffic scanning system could be organized on the Yahoo Mail servers. Naturally, Yahoo was forbidden to disclose this information, but in an interview with the NY Times, two government officials and another person shared information on condition of anonymity. They confirmed that the US Department of Justice last year received a warrant from an FISC judge for intelligence information regarding a foreign terrorist organization. In order to fulfill the court claim, Yahoo modified the existing incoming traffic scanning system , which in a normal situation is used to filter out malicious software and spam.

After such a modification, the system found and saved for the FBI copies of all messages that contained the specified “digital signature”. At the moment, the system is no longer working.

EFF's lawyer Andrew Crocker (Andrew Crocker) said that the authorities most likely used paragraph 702 of the Secret Observation Act for foreign intelligence purposes, which allows "massive collection of information from communication channels to collect data on a foreign physical person."



Such a request is not entirely normal, because it forces the company to systematically scan all traffic, and not the contents of specific mailboxes. As mentioned above, several large IT companies have clearly stated that they have not encountered such requests by FISC.

Scan the traffic of 500 million users of a private company to find traces of a single criminal - a rather unusual operation of the special services. But she held legally, apparently.

This story was the occasion for another discussion about the balance between national security, secrecy and the protection of private correspondence of users. No, the FBI did not read other people's letters. But it was embedded in the system and rummaged in your mailbox, in search of the necessary information. Let it happen automatically. Let spam filters and contextual content pickers use Google’s content analysis tool to do the same. But still unpleasant.

Some experts believe that the moment for the scandal that denigrates the reputation of Yahoo and Marissa Mayer, is chosen very well. “I can't help but feel that the possible purchase of Yahoo’s assets and the potential reward for Marissa Mayer could have been fueled by some ill-informed speculation about what they did with users’ mail, ” said Prof. Alan Woodward, security from the University of Surrey (UK). “I suspect that Yahoo’s actions are not very different from what other US service providers are doing.”

At the same time, the devil is in the details. If the FBI had access to a system for scanning email traffic using arbitrary keywords, then this is indeed a problem. The legality of such a system is doubtful, this topic should be seriously discussed.

The Reuters post about Yahoo’s close collaboration with the FBI appeared two weeks after the news of a leak of 500 million Yahoo users .

It seems that Marissa Mayer will find it difficult to conclude a lucrative deal on the sale of Yahoo assets and get a decent fee.



PS Paragraph 702 of the Secret Surveillance Act for the purposes of foreign intelligence expires at the end of 2017. The Free Frontier Foundation organized the End 702 public campaign, urging the US Congress not to extend this paragraph, because it greatly simplifies the mass eavesdropping of electronic communications by government services and violates the rights of US citizens.