Can we trust our tech companies?
By Ajith Ram October 11, 2016
- Yahoo accused of spying on users' Email
- Spam tool converted for spying purpose
IT is another case of deja vu afflicting the tech industry. After the spate of recent stories about tech giants secretly collaborating with the US government for spying, another tech giant is now being accused of doing exactly that. If true, it is definitely a case of George Orwell's 1984 come to life, albeit a few decades late.
Beleaguered online portal, Yahoo, now stands accused of spying on its own customers on behalf of the US intelligence agencies.
Reuters citing anonymous sources reported that Yahoo had covertly built a secret "custom software program to search all of its customers' incoming e-mails for specific information." According to the report, Yahoo "complied with a classified US government directive, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI."
Reuters says Yahoo acted at the behest of the secret Foreign Intelligence Surveillance Court. Not to be outdone, The New York Times also ran a story saying Yahoo used its system designed to scan for child pornography and spam to search for messages containing an undisclosed "signature."
According to the reports, intelligence agencies wanted Yahoo to scan all Yahoo Mail emails looking for a specific signature. Apparently, agents of a foreign terrorist organisation were communicating using Yahoo “with a method that involved a ‘highly unique’ identifier or signature.” The investigators did not know what Email accounts were used. So they needed Yahoo’s help to discover them.
The New York Times said a judge found probable cause to believe that this digital signature "was uniquely used by a foreign power." This operation has now ceased. It is not clear when it actually began.
Yahoo does not completely deny the reports, but merely that they are "misleading." This is hardly the first time that a US-based tech company has been accused of spying on behalf of the US government.
Like Edward Snowden's revelations, this tool used by Yahoo exposes another US digital surveillance program. But this time, it is different for a very simple reason - the snooping happens right inside your Yahoo inbox.
It is very different from the spying methods exposed by Snowden in which the authorities tapped directly into the internet backbone. This allowed security agencies like the NSA to scan for certain key words. But this method is also now less effective as a lot of the internet traffic is encrypted.
To be clear, the new revelations about Yahoo is also different from the PRISM program in which the security agencies procured data from the internet search engines based on 'requests'.
In the latest revelations about Yahoo, it appears as if the data being scanned was not just the metadata, but actual Email content. And if it was content, this would be the most aggressive electronic spying program exposed so far.
In previous cases, the metadata accessed by the US government includes the phone numbers of both parties in a call, the length and time of the calls, and the international mobile subscriber identity (IMSI) number for mobile callers.
Wasting little time, Snowden took to Twitter and said if Yahoo "repurposed" its child-porn and spam scanning system as stated by The New York Times, the scans included content. Other tech giants were quick to say that they do not engage in Yahoo-style spying.
The latest revelations about Yahoo bring up the same question - how trustworthy are our tech companies?
There is a very profitable industry within the tech ecosystem which exists just for snooping. And many of these are private operators with no links to any government agency.
Of course, some of them like the infamous NSO Group do have direct links to draconian governments around the world. For the last six years, the NSO Group’s main product, a tracking system called Pegasus, has been used by a growing number of government agencies to target a range of smartphones including iPhone, Android and BlackBerry. Among the Pegasus system’s capabilities are the abilities to extract text messages, contact lists, calendar records, Emails, instant messages and GPS locations.
Another capability that the NSO Group calls “room tap” can gather sounds in and around the room, using the phone’s own microphone. It can also use the camera to take snapshots and all of the data can be sent back to the agency’s server in real time.
So, is there a way to prevent this pervasive snooping?
For those concerned about privacy, one immediate solution could be end to end encryption. While encryption can still be broken using software flaws and supercomputing horsepower, it at least ensures that your data is not deciphered in real-time. Another solution always promoted by security experts is to install verified security software in your devices.
Singapore is using spyware, and its citizens can’t complain
Cyber-espionage groups starting to use Hacking Team exploits: Kaspersky
Hacking Team leaks: We’re not out of the woods yet
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.