NY Times And Reuters Claim Totally Different Explanations For Yahoo's Email Scanning

from the so-um-well,-this-is-awkward dept

On Wednesday afternoon the NY Times released a report that appeared to clarify some of the questions around Tuesday's Reuters report about Yahoo scanning all emails. According to the NY Times, unlike the original Reuters report that talked about a "directive" (which would imply an NSA surveillance program such as the one under Section 702 of the FISA Amendments Act), the scanning was actually the result of a more traditional FISA Court order.
Yahoo was ordered last year to search incoming emails for the digital “signature” of a communications method used by a state-sponsored, foreign terrorist organization, according to a government official familiar with the matter.

The Justice Department obtained the order from a judge of the Foreign Intelligence Surveillance Court.

To comply, Yahoo used a modified version of its existing systems that were scanning all incoming email traffic for spam, malware and images of child pornography. The system stored and made available to the Federal Bureau of Investigation a copy of any messages it found that contained the digital signature.
Some had speculated that this was what happened, but there was still some confusion over Reuters' original use of "directive." However, before the digital ink had even dried on the NY Times report, Reuters came out with a new report of its own that claimed the scanning was done under a Section 702 program:
Yahoo's request came under the Foreign Intelligence Surveillance Act, the sources said. The two sources said the request was issued under a provision of the law known as Section 702, which will expire on Dec. 31, 2017, unless lawmakers act to renew it.
But, the Reuters report also notes that there was a "FISA Court warrant" associated with the request:
The FISA Court warrant related specifically to Yahoo, but it is possible similar such orders have been issued to other telecom and internet companies, the sources said.
So it sounds like there may have been some sort of weird hybrid FISA Court order, which used Section 702 as the basis for the demand -- even though the coverage of it included items that previously had been considered off limits under the 702 PRISM program (i.e., "about" communications, rather than just to and from metadata).

Either way, this is putting renewed emphasis on the problems with Section 702 -- and the fact that it expires at the end of next year. If the NSA had been hoping that the PCLOB report, and other factors, would lead Congress to rubber stamp the renewal, the exposure of the Yahoo program may have just undermined that in a big way. The EFF is already pointing out how scanning all emails for a selector like this is a 4th Amendment violation. Of course, actually getting standing to prove that in court is going to be a challenge.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    gezzerx, 5 Oct 2016 @ 5:38pm

    un accountable power

    Why is it that the FBI can arrest every one other than the Politicians Bureaucrats & Judges who were violating the Constitution ! Is it because they are not politically connected like some of the members of our 3 branches of Government are, and if they did arrest them, they might start talking about all the corruption they know about !

    Sure makes me wonder why that is . It seems to be hap-pinging over & over with out expatriation why that is Hap-pining . Is it because the political elite have exempted themselves from the law ! Sure seems to be the case. The NSA, CIA, DOJ, The Congress & the Judicial Branches of Government are always deflecting issues away from themselves & pointing the finger at someone else . The real criminals are protecting one another !

    Unaccountable power is absolute power, & is absolutely corrupt !


    UNITED STATES CODE
    TITLE 18 - CRIMES AND CRIMINAL PROCEDURE
    PART I - CRIMES
    CHAPTER 13 - CIVIL RIGHTS

    § 241. Conspiracy against rights

    If two or more persons conspire to injure, oppress, threaten, or intimidate any inhabitant of any State, Territory, or District in the free exercise or enjoyment of any right or privilege secured to him by the Constitution or laws of the United States, or because of his having so exercised the same; or If two or more persons go in disguise on the highway, or on the premises of another, with intent to prevent or hinder his free exercise or enjoyment of any right or privilege so secured - They shall be fined not more than $10,000 or imprisoned not more than ten years, or both; and if death results, they shall be subject to imprisonment for any term of years or for life.


    § 242. Deprivation of rights under color of law

    Whoever, under color of any law, statute, ordinance, regulation, or custom, willfully subjects any inhabitant of any State, Territory, or District to the deprivation of any rights, privileges, or immunities secured or protected by the Constitution or laws of the United States, or to different punishments, pains, or penalties, on account of such inhabitant being an alien, or by reason of his color, or race, than are prescribed for the punishment of citizens, shall be fined not more than $1,000 or imprisoned not more than one year, or both; and if bodily injury results shall be fined under this title or imprisoned not more than ten years, or both; and if death results shall be subject to
    imprisonment for any term of years or for life.

    "For the purpose of Section 242, acts under "color of law" include acts not only done by federal, state, or local officials within the their lawful authority, but also acts done beyond the bounds of that official's lawful authority if the acts are done while the official is purporting to or pretending to act in the performance of his/her official duties,. Persons acting under color of law within the meaning of this statute include police officers, prisons guards and other law enforcement officials, as well as judges, care providers in public health facilities, and others who are acting as public officials. It is not necessary that the crime be motivated by animus toward the race, color, religion, sex, handicap, familial status or national origin of the victim. "
    FBI Web Site

    reply to this | link to this | view in chronology ]

  • identicon
    Whutevah, 5 Oct 2016 @ 11:40pm

    digital “signature”

    Rumor has it that they were only searching for emails that contained the digital "signature" identified by multiple occurrences of the letters a, e, i, o or u. So there you have it. Nothing to get alarmed about. Don't you feel silly now?

    reply to this | link to this | view in chronology ]

  • identicon
    astrochicken, 6 Oct 2016 @ 4:32am

    FUD

    Anonymous sources are great, if you don't care about the truth. Two newspapers cite anonymous sources and disagree about basic facts. Which one is wrong? They both are, of course. Blind speculation is bad, but letting yourself be played as a fool by inside sources intentionally misleading you, and then feeding that information to your readers, is simply disgraceful.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Oct 2016 @ 5:37am

    Verizon & Yahoo

    The financial press has it backwards; the financial press thinks that Yahoo's admission of email surveillance will kill the merger between Yahoo and Verizon.

    On the contrary, Verizon is probably buying Yahoo *for* its advanced surveillance capabilities, so Verizon can roll this surveillance out for all of Verizon's own customers.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Oct 2016 @ 6:05am

    Filtering at this level,

    evolved from spam detection.

    The thing is that source verified email is practical, and is possible. To my knowledge it was just never broadly adopted at the client side. Source verification, solves spam detection BETTER than filtering. But it does have a few drawbacks. It makes the whole system a little less reliable. And if broadly implemented, it largely mitigates the need for intermediate server infrastructure.

    The problem is that once spam filtering software was implemented, invariably some marketing people will get hold of it and decide they can use it to screw people.

    And so the filtering became more dynamic. And then it became important to have email servers as way stations, because if you aren't able to stop and access the mail, you can't cat call and molest the general population as they walk by.

    Really SMTP and everything derived from it should just die, and be replaced with a scratch built system that runs on top of something like the snow framework. Intermediate storage of email should be fully ciphered and live on a distributed storage architecture like freenet.

    Everything about the email system is a broken piece of shit, and always has been. Generally it is maintained by reluctant engineers, who would rather fix it, but are too busy wiping corporate asses to ever get around to writing the code they need to do so.

    reply to this | link to this | view in chronology ]

  • identicon
    John Mayor, 7 Oct 2016 @ 3:36am

    PSALMS 31:8

    Actually!... the more a matter involves a Constitutional provision (and thus, has wider scope than a "lesser law"!), the more likely a "court of competent jurisdiction" is likely to "make room" for "suporting" or "dissenting" views!
    .
    If this... on the other hand (and for example!)!... was about John Smith getting bit on the *ss from a neighbors dog, a judge may more than likely limit the proceedings to the specificity re the proof or disproof of the offense, and, those party to the alleged offense! But here, the offense is so "profoundly egregious"!... and to more than just a handful of people!... a judge has little recourse, than to consider the widest possible implications of the offense, and the dangers posed by the offenders!
    .
    And so... "standing"-- in my view!-- is more assured, than not!
    .
    Please!... no emails!

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Show Now: Takedown
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.