Yahoo! begs! US! spymaster! Clapper!: Spill! the! beans! on! secret! email! snooping! Yahoo! has asked the US government to break its silence on the secret court order that forced the Purple Palace to scan its webmail users' messages for specific keywords. In a letter [PDF] to US Director of National Intelligence James Clapper, Yahoo! general counsel Ron Bell says that national security laws prevent the online …
That really depends on how many people haven't deleted their accounts with Yahoo! Unless something rather surprising has happened, it won't be significant as most just don't care about privacy apparently. Verizon's interest is solely focused on the IP and the people attached to that IP. Without that user base remaining relatively intact, Verizon is going to want a discount.
"This last hack got several of my accounts hijacked."
Oddly, neither my Yahoo account, nor my wife's account got hijacked in the Yahoo breach.
Somehow, I suspect the common factor was our information was already compromised during the OPM breach.
But hey, at least I know that I can get a security clearance in China...
"Yahoo's part since the NSA will go into "we can neither confirm nor deny" mode."
No, this appears to be Yahoo's salvage, after both revelation of the kernel module *and* Congress wanting to know precisely whatinhell is going on.
"We can neither confirm nor deny" can and has resulted in termination of an agency's budget. Failing that, I'm reminded of the Air Force defying a Congressional order (in the form of a law), repeatedly, resulting in precisely zero officers being authorized until they complied.
Long story told short, a certain Colonel, who openly defied that law, was instructed to retire - or else be involuntarily terminated from his commission. The latter would have endangered his pension, so he wisely complied with both orders, retiring and complying with Congress.
...I actually feel sorry for Yahoo on this one.
They were compelled by the US Govt to install this "snooping" technology. Don't think for one minute they had the option of refusing ("Nice company ya got here. Be a shame if anything happened to it. Like, word getting out that youse is dodging taxes or storing kiddie porn. By the time you'd proved your innocence, it'd be too late. Now, about this little snoop program we wants ya to install...")
Word of the tech leaks out, as these things inevitably do in this age of Wikileaks and Snowden.
Now, we don't know the scale and purpose of the NSA's request - at one extreme, it could have been "please send us plaintext of every single email, so we can scan real-time for suspicious activities". At the other, it might have been "we are interested in $terrorist_suspect_X, please just BCC us on the metadata of all her e-mails". Or anything in between.
The Internet rumor mill, of course, assumes the former. And who's to say it's not accurate?
But Yahoo are gagged - they can't come out and state what actually happened, for fear of those pesky National Security Letters. The actual truth might - I say, might - paint them in a far better light, but they can't defend themselves.
And all the while, their reputation and stock price take a hammering (OK, the news of the mega-breach didn't help, either).
Any US company that gets leaned on like this is put in just such an invidious position. Today - that we know about - it's Yahoo. Who knows if Google, Microsoft, Nvidia, $your-favourite-good-guys, are in the same boat, right now crossing their fingers and desperately hoping that word of their "voluntary co-operation" with the NSA doesn't get similarly Snowden'd? And companies in other countries, because don't think for one moment that the US TLAs are the only ones doing this...
Surely the real rage should be directed at the NSA for coercing companies in this way?
For the first time I think it's time for Yahoo to actually fail.
I mean sure, people will point to their poor performance for a while, and they've been falling behind, but for a company to actually die because it cooperated with a nation state's secret services to spy on foreign users will be a message that doesn't get eliminated just because people get to hum and haa about possible other causes.
"But Yahoo are gagged"
Actually they do have an option. They have the option that MS took with email on the Irish server, the option that Apple took. Being prepared to say publicly "we won't do that" and being prepared to go to court to justify that could have earned them some respect which would have helped offset the reputational damage of the data breach. Instead they've had two missteps leaking out. The breach and going along with the scanning now serve to reinforce each other in the public's mind and the fact that they apparently weren't going to admit anything until word leaked out only makes things worse.
given the poison pill that the gag&spy order is when considering users' trust in the company (add to this pill the 500+ million account credentials hacked/leaked), it's no wonder that Verizon lost their appetite in gobbling up Yahoo.
it wouldn't be the first company screwed/affected by the US this way either, so imho Yahoo will probably end up in either a Chapter 11 (reorganisation) or more likely a Chapter 7 (liquidation) bankruptcy given the toxicity of their assets now.
a Chapter 11 would preserve the gag&spy order active because the company's legal personality remains unaffected so Ch.11 won't have much of an effect and the company remains toxic due to that order.
a Chapter 7 might save some bits of the company but the new owner of those bits (servers, routers, hosting datacenters and so on) would have to physically inspect all the inherited equipment to remove the additional snooping hardware inserted in them (you can't be sure of anything at this point) and then wipe every device down to firmware level, re-flash firmware from a trusted source and re-install everything from scratch.
so, Yahoo!.... so long, and thanks for all the fish.
"...but the new owner of those bits (servers, routers, hosting datacenters and so on) would have to physically inspect all the inherited equipment to remove the additional snooping hardware inserted in them..."
You assume of course that:
a) the hardware/software hasn't already been "cleansed" or
b) the hardware/software will be "cleansed" shortly before any new owner even gets a sniff of physical access.
What's the matter Yahoo!? Talks with Verizon not going as intended?
Anyway...
If we figure out the keyword we'll know exactly where the problems are.
Wally, what is the keyword?
Keyword.
What is the keyword?
Keyword.
No, no.
What is THE KEYWORD?
Keyword.
I think his keyword was "keyword".
All right, I said "smart," not "creative"
Provided that btinternet domain is hosted by Yahoo, what's the relation of US government snooping program to mailboxes owned by BT? Because I suspect that US position is "nothing to see here, move along" but BT should care about their user's privacy? Surely ... ?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
