According to some surveillance experts, this massive snoop could be the first public instance of an internet company in the US complying with surveillance agencies to monitor incoming emails, instead of searching a smaller number of messages in real time, or searching stored messages.
It is not clear what officials were looking for in Yahoo Mail accounts, numbered in the hundreds of millions. All that is currently known is that Yahoo was instructed to look for a certain set of characters. Sources say that this could imply a search for an attachment or a phrase. It also is not known if other internet companies were approached with similar requests, or what information Yahoo turned over to the US spy agencies.
In a brief company statement, Yahoo said that they are "a law abiding company, and complies with the laws of the United States," but did not go into detail about the software program or their dealings with the FBI and NSA. Former employees claim that the decision to cooperate with surveillance agencies, made by Yahoo Chief Executive Marissa Mayer, was not popular with high-level officers in the company and may have led to Chief Information Security Officer Alex Stamos leaving Yahoo in June 2015.
Stamos is now the Chief Security Officer at Facebook.
Albert Gidari, a lawyer who has handled surveillance cases for internet and telephone companies for some 20 years, said that companies handing over information to federal agencies en masse is not unusual, but the Yahoo case is unprecedented. "I've never seen that, a wiretap in real time on a 'selector,'…It would be really difficult for a provider to do that," he said. A selector is a term used to pinpoint a particular grouping of information, or dataset.
ZDNet revealed in March that the US government tried, on numerous occasions, to acquire the source code of tech companies for investigations and surveillance. Requests were made through the Federal Intelligence Surveillance Act (FISA), a clandestine court system. Whistleblower Edward Snowden has revealed that every surveillance request made to FISA in 2015 was granted.
In 2013 the NSA initiated the classified Prism program, in which the agency collected data "directly from the servers" of major US internet companies including Google, Apple and Facebook, according to The Guardian. Apple officials claimed they have "never heard" of Prism, and Google released a statement saying they "care deeply about the security of our users' data," and that they "disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government 'back door' into our systems, but Google does not have a back door for the government to access private user data."