Award Winning Blog

Tuesday, October 4, 2016

Take-Aways From the Yahoo Network-wide Scan




            Yahoo appears to have provided the U.S government with key word scanning of each and every email message traversing the Yahoo network for a limited time period.  See http://www.reuters.com/article/us-yahoo-nsa-exclusive-idUSKCN1241YT.  There are significant legal and technological issues triggered by this news. 


            On the legal side, it appears that the national intelligence community can and will make a case for email carrier scans of an entire user population when a narrower set of suspects and email accounts cannot be identified.  The Foreign Intelligence Surveillance Act imposes no cap on the number of scanned email accounts, nor does it impose a requirement that government agencies first exhaust all internal options before seeking industry cooperation, or compliance with a court order.


            On the technological side, it appears that only Yahoo could have executed the scans on short notice, because Yahoo email subscribers can opt to encrypt their messages.  Having written or at least installed the encryption technology, Yahoo may be the only one able to deencrypt and conduct deep packet inspection of massive traffic volume on a real time basis.


            As to the impact on Verizon’s acquisition of the company, I suspect this news will not have any effect.  It seems like Yahoo had no basis to contest the order (if there was one) in light of the short notice, limited duration and likely assertion by government officials that the company alone could achieve the desired outcome.


            On matters of national security, even at the risk of abuse and overuse, government assertions about the potential for imminent harm trumps individual privacy concerns.