Yahoo Issues Tone Deaf Non-Denial Denial Of Email Scanning Report
from the blink-twice-if-you're-being-forced-to-say-this dept
After basically all the big tech companies have come out with strong and clear denials, Yahoo this morning released a silly mealy mouthed non-denial denial, written by a PR firm, that took almost 24 hours to craft:
Good morning ?
We are reaching out on behalf of Yahoo regarding yesterday?s Reuters article. Yahoo said in a statement:
?The article is misleading. We narrowly interpret every government request for user data to minimize disclosure. The mail scanning described in the article does not exist on our systems.?
The Joele Frank Team
Media to Yahoo: Did you eat all the cookies?
Yahoo *with crumbs and smeared chocolate around mouth*: We do not have any cookies.
— Christopher Soghoian (@csoghoian) October 5, 2016
Of course, people are parsing every word of that and noting some… remaining questions. The article is misleading? Okay, how? Which parts? What did it get wrong? You narrowly interpret every government request? Great. So explain what was found here, or explain the specifics of what Yahoo is doing. “Does not exist on our systems”? Did it ever? Does it exist on someone else’s system? Does a different mail scanning system exist? Lots of people would like to know.
More importantly, note that they say they want to minimize disclosures. But that’s not the key issue here, as Chris Soghoian points out. The Reuters report was on the searching of all emails, not the disclosure bit. Yes, sure, it seems clear that after searching everyone’s email, Yahoo likely only “disclosed” a small number to the NSA, but that’s not really the point, is it?
I mean, I guess this statement is better than Yahoo’s original: “Yahoo is a law abiding company, and complies with the laws of the United States” statement. But, it’s not very reassuring. Much more important is what Yahoo could have said, but didn’t.
What Yahoo could have easily said but didn't: ?We have not conducted such scanning. We produce content only about specific accounts."
— Julian Sanchez (@normative) October 5, 2016
But that’s not happening. Yahoo has said that it “can’t comment further” which either means it doesn’t want to comment further or, potentially, that it feels it is legally barred from commenting any further — which is certainly a possibility (though a disturbing one).
The NSA or the Director of National Intelligence could help clear this up, but so far they’re going all Glomar on any questions:
NSA's Rogers neither confirmed nor denied Yahoo story. #cambridgecyber
— Ken Dilanian (@KenDilanianNBC) October 5, 2016
And that alone should be a giant warning sign to any tech company that decides not to fight these kinds of demands: when it inevitably leaks to the public (and it will), the intelligence community will let you hang out to dry all by yourself.