Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple, Google, Microsoft: We Have No Government Email Scanning Program Like Yahoo's (vocativ.com)

Posted by BeauHD on from the business-as-usual dept.

Apple, Google and Microsoft -- three of the largest technology companies in the U.S. -- have each said they don't scan all incoming messages for the U.S. government, which is exactly what Yahoo does. According to Reuters, Yahoo secretly built a custom software program last year to search all of its customers' incoming emails for specific information provided by U.S. intelligence officials. The company complied with a classified U.S. government directive, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI. Vocativ reports: In a statement, a Microsoft spokesperson told Vocativ that "We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo." While Apple declined to give a statement on the record, a representative for the company did, in response to Vocativ's question, refer to CEO Tim Cook's official letter on consumer privacy, which reads in part: "I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will." The fact that both the companies declined further statement means it's not yet known if the NSA or FBI approached them to request they build a program like Yahoo's. Meanwhile, a spokesperson from Alphabet's Google issued a statement to CNBC: "We've never received such a request, but if we did, our response would be simple: 'no way.'" [The spokesperson later clarified that the company has not received a "directive" or "order" to that effect, either, according to The Intercept.] But the question is whether or not you believe them. With Yahoo's case, only a handful of employees knew about the program. The same could be true with Apple, Google, Microsoft or any other large tech company. Edward Snowden tweeted not too long after Reuters' report surfaced: "Heads up: Any major email service not clearly, categorically denying this tomorrow -- without careful phrasing -- is as guilty as Yahoo."

70 of 139 comments (clear)

  1. Of course they do! by dohzer · · Score: 3, Funny

    Everyone knows they read all your emails.
    That's why I've gone off shore.
    - jamesd@qq.com

    1. Re:Of course they do! by Joce640k · · Score: 1

      "We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo. I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will."

      ie. Your system is so insecure that the government didn't need your help to get in.

      --
      No sig today...
    2. Re:Of course they do! by tsqr · · Score: 1

      "We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo. I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will."

      ie. Your system is so insecure that the government didn't need your help to get in.

      With regard to the Apple statement, please refer to Snowden's comment about careful phrasing.

    3. Re:Of course they do! by fbobraga · · Score: 1

      It's written in the Bible, on Isaias 69:171

  2. If they are under a gag order by Anonymous Coward · · Score: 1

    This is exactly what they would have to say, legally speaking

    1. Re:If they are under a gag order by ShanghaiBill · · Score: 2, Insightful

      This is exactly what they would have to say, legally speaking

      No. Gag orders prevent you from telling the truth. They cannot, legally, require you to lie.

    2. Re:If they are under a gag order by Opportunist · · Score: 1, Insightful

      Gag orders cannot, but the market can.

      Let's assume for a moment that they have the same deals running. Not saying anything would result in losing customers because everyone would assume they are under a gag order and thus can't tell you that they're handing over your data. So they lie to you. What's to be lost? Either it doesn't come up. Then they retained you as a customer. Or it gets out that they lied. Then they'll lose you as a customer. Which is exactly what would happen if they didn't lie to you.

      The obviously financially sound strategy is to lie to your customer.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  3. Bullshit by Anonymous Coward · · Score: 2, Insightful

    - Anonymous "Coward"

    1. Re:Bullshit by elvesrus · · Score: 1

      Quotes should be around the other word.

    2. Re:Bullshit by fbobraga · · Score: 1

      exacltly

  4. I call bullshit on MS by UnknownSoldier · · Score: 3, Insightful

    > Microsoft spokesperson told Vocativ that "We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo."

    Bullshit.

    Proof: Microsoft (R) Online Services Global Criminal Compliance Handbook

    1. Re:I call bullshit on MS by fahrbot-bot · · Score: 2

      > Microsoft spokesperson told Vocativ that "We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo."

      Bullshit.

      Proof: Microsoft (R) Online Services Global Criminal Compliance Handbook

      Could be true. Key element in MS quote: "like what has been reported ... about Yahoo." Meaning, they scan your emails for *other* reasons, like for marketing and demographic information -- I'm looking at you Google too.

      --
      It must have been something you assimilated. . . .
    2. Re:I call bullshit on MS by ShanghaiBill · · Score: 4, Informative

      Bullshit.

      Proof: Microsoft (R) Online Services Global Criminal Compliance Handbook

      That handbook is about specific information requested through proper legal channels, such as a subpoena, warrant or an NSL. All companies are required to comply with those. It is not about scanning all email for keywords like TFA is describing. Perhaps Microsoft is doing what Yahoo did, but your link is not proof of that.

    3. Re:I call bullshit on MS by TheGratefulNet · · Score: 1

      bad guys are convince us they're the good guys - can and will abuse this.

      because it exists, they'll get (have gotton) around any inconvenient barriers and now, everything is of 'national security, just let us in' level.

      I advocate for ending all law-enforcement and government access to email and online encrypted comms. governments exist for the betterment of their people (that's the idea, even though its never quite followed, in practice). no LE official really can be trusted with power; we're seeing this almost daily, certainly weekly. give authority figures lots of power and they'll abuse it.

      so, I advocate for fully removing all access, even so-called emergencies. you blew you. we tried trusting you, you fucked us and now we have to take the ability away for all things, both good and bad. thanks for fucking this up, guys. it could have worked, but noooooo, you had to go mess things up for everyone.

      that's what I would like to see. removal of all spy powers, all code in core routers, edge routers, switches, gateways, etc - will have the sections removed for the next build cycle (lol..., I can dream, its my dream, dammit.)

      its only a dream. reality is far uglier. routers/etc have 'legal intercept' built and baked right in, and I think that's just wrong. because the ones who have access to that can't be trusted and those above them (on up) - I really wish that feature set was gone, tomorrow. we'd be a step closer to real freedom online and because goverments really hate it when their people are truly free, they will do all they can to keep things the way they are now.

      we can't change what's below tcp and ip. but we can layer new secure virtual networks on top of that. that's what the tech community should be working towards. the layers below - all spooked. fully untrustable. go define new secure layers on top of that mess and then we'll have internet-v2 that we can really trust.

      --

      --
      "It is now safe to switch off your computer."
    4. Re:I call bullshit on MS by msauve · · Score: 1

      But if they document it, it's not secret, is it?

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
    5. Re:I call bullshit on MS by guruevi · · Score: 1

      NSL is not a legal channel and is exactly what Yahoo quotes as following.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    6. Re:I call bullshit on MS by bloodhawk · · Score: 1

      maybe I missed it but I could not see anywhere in that document that shows they secretly scan email traffic? It seems to outline the legal process and means to access an account after law enforcement serve a warrant.

    7. Re:I call bullshit on MS by swillden · · Score: 1

      NSL is not a legal channel and is exactly what Yahoo quotes as following.

      NSL is a legal channel, but it's restricted to providing only metadata and only about specific targets. Yahoo cited it, but they've gone well beyond what the statute authorizes.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    8. Re:I call bullshit on MS by guruevi · · Score: 1

      The constitution doesn't agree. The government has to have (a) cause, (b) due process and (c) the right for an open defense in a public court

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    9. Re:I call bullshit on MS by swillden · · Score: 1

      The constitution doesn't agree. The government has to have (a) cause, (b) due process and (c) the right for an open defense in a public court

      That's an argument for challenging the law in court. Until that's done, it's legal. That's how the system works. Granted that in this case it's particularly hard to challenge because it's difficult to prove harm when the harm is hidden behind a veil of national security secrecy, but that doesn't change the fact that it is legal until someone manages to challenge it.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  5. Duh! Well of course not by p51d007 · · Score: 3

    They just copy EVERY email and send it to them!

  6. gag orders by TheGratefulNet · · Score: 4, Interesting

    we can't trust any company, not large and not even small.

    to 'play ball' in today's USA, you have to follow orders. and one of those orders is 'do not admit to following orders'.

    so, all this is just talk. 100% unverifyable talk. maybe its true, but likely - based on what we now know (that we once just assumed but didn't know for sure) - the spooks own the internet and they are not showing any signs of giving it back.

    look at the wordplay and parse it out. WE don't scan emails. ok, maybe the 'we' is not active, but does ANYONE scan them on your network? how about transit networks?

    so many holes to exploit. and again, to stay in business, you can't say no to Pappa. not in the US, at least.

    I don't believe apple, either, when they appeal to 'privacy' and that they don't disclose backdoors to gov orgs. totally unprovable, just 'take tims word for it'. yeah sure. right.

    the only thing you can assume is that every network is bugged and every cpu has backdoors (think: intel ME).

    --

    --
    "It is now safe to switch off your computer."
    1. Re:gag orders by ShanghaiBill · · Score: 3, Insightful

      we can't trust any company, not large and not even small.

      You seem to be implying that small companies are generally more trustworthy. That is nonsense. Big companies have a lot more to lose by betraying the public's trust, and they have more legal oversight. When small companies cheat and betray, it doesn't make the headlines.

    2. Re:gag orders by Anonymous Coward · · Score: 1

      You seem to be implying that small companies are generally more trustworthy.

      Not the original poster, but yes and no. Part of the "trustworthy" comes from the notion that the government is designed around acting with other large organizations. So, it targets the larger organizations to capture most of the traffic, attack most the problem. etc And the media, like /., respond by also seeking out the big players because their involvement would have the widest detectable impact. Hence, smaller companies are seen as possibly useful because they might "slip through the cracks" and be ignored.

      The other part is that smaller businesses often are personally owned and the owner might have a personal stake in not complying with an order they view as unlawful.

      That is nonsense. Big companies have a lot more to lose by betraying the public's trust,...

      Which is the reverse. Big companies have a lot more financial buffer to suffer any "betray[al of] the public's trust". Look at Apple and "The Fappening"? Look at Microsoft and well, look at Microsoft. Seriously, big companies betray the public's trust all the time. Small companies that manage that often close shop because they can't weather even relatively minor fluctuations that persist for months.

      ... and they have more legal oversight.

      Which goes to the above above "smaller businesses ... not complying with an order they view as unlawful" precisely because they don't have the "legal oversight" of their own team of lawyers who basically say "just do whatever the government says, or they'll harass us over any little technical violation of the law" and in turn the "legal oversight" of a government who basically thinks whatever it does is de facto legal, damn the Constitution, and so pushes its rules on an organization no matter how unlawful it is.

      I mean, seriously, look at this very case!

      When small companies cheat and betray, it doesn't make the headlines.

      Again, yes and no. Small companies cheating and betraying makes the local news. It's not something that makes national headlines because the business isn't national. And I'd definitely agree that the number (if not the percentages) of small businesses that cheat, betray, and get away with it without repercussions is likely greater than big businesses. But then that's the nature of the count of small businesses. And as I already stated, the repercussions on big businesses are often minor. Even stuff big enough leading to a recession basically lands no one in jail or paying a fine or anything.

    3. Re:gag orders by reboot246 · · Score: 1

      Are you through With your Nonsensical rambling, Pappa?

    4. Re:gag orders by tlhIngan · · Score: 2

      Big companies have a lot more financial buffer to suffer any "betray[al of] the public's trust". Look at Apple and "The Fappening"?

      Nothing happened with that. Because it was not Apple's fault.. There was no hack of Apple or iTunes.

      The Fappening was traced to basically a hacked account - either reused credentials, or someone used a really weak password.

      Neither of which Apple could really protect against without making it completely unusable for everyone else.

      In fact, it appears most iTunes/iCloud/Apple hacks are reused passwords from all the other breaches that happen - there's no systemic breach of Apple.

  7. There's your "careful phrasing" by dark_requiem · · Score: 4, Insightful

    I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will.

    Yeah, that's reassuring. Except, what's being described here falls under neither of those categories. It's not a backdoor, and it doesn't require providing access to Apple's servers. So, Apple is blithely sidestepping the issue with careful phrasing, denying only activities about which they were not asked, while artfully ignoring those about which they were.

    1. Re:There's your "careful phrasing" by Anonymous Coward · · Score: 1

      The truth is bad for business. It doesn't matter how many geeks call them out on their lies, the majority believe, so business rolls along, and we all get scanned.

      There is no changing this. We will *never* have the privacy we once had. It is gone for good. Expect even more government intrusion...it will seep in just as steadily as all forms of tech seep in to our lives. THERE IS NO ESCAPE, there is only adaptation.

    2. Re:There's your "careful phrasing" by AHuxley · · Score: 1

      So from the PRISM, decryption, plain text access days we are back to very careful words again.
      Does that depend on what scanning legally is? On what "email traffic" on some part of the network is this decade?
      Some national security related requests are more legal than others?
      If the gov knows to ask in a different way to the right staff it would never be self discovered?
      Is that big new gov server really a per device or per service backdoor or trapdoor?

      --
      Domestic spying is now "Benign Information Gathering"
    3. Re:There's your "careful phrasing" by ShanghaiBill · · Score: 1

      So, Apple is blithely sidestepping the issue with careful phrasing, denying only activities about which they were not asked, while artfully ignoring those about which they were.

      Indeed. If Apple is not scanning all the emails, they really need to issue a clear categorical denial immediately. Otherwise, Apple's statement should be taken as an admission of guilt. If you use Apple's email client, you should assume the NSA and FBI are reading everything you write.

    4. Re:There's your "careful phrasing" by YrWrstNtmr · · Score: 1

      If you use Apple's email client, you should assume the NSA and FBI are reading everything you write.

      "If you use....email, you should assume..."

    5. Re:There's your "careful phrasing" by guruevi · · Score: 1

      You mean Apple's e-mail service. The e-mail client doing something nefarious like forwarding e-mails to the NSA would be quite noticeable. The solution, as always, is to decentralize and do your own e-mail service. It's not that hard.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
  8. Re:U.S.A. by TheGratefulNet · · Score: 4, Interesting

    its worse than that. all major pipes to and from ANYWHERE are going thru US owned routers, core and otherwise.

    no one is 'safe' anymore. once the spooks decided to own the network, with their money their power and their 'thou shalt not disclose under pain of prison' bullshit, there's no way to know; but its highly probable that every single transcontinental link is 'managed' and tappable.

    this is why its a world problem. its not at all limited to the US.

    --

    --
    "It is now safe to switch off your computer."
  9. Of Course by 31415926535897 · · Score: 1

    I believe them, mostly because they realize the value of the data, and they don't want competition on the spying.

  10. Something wrong with your right eye? by Stonent1 · · Score: 2

    It looks like it's twitching almost like a wink, when you say that.

  11. Re:U.S.A. by ShanghaiBill · · Score: 3, Informative

    its worse than that. all major pipes to and from ANYWHERE are going thru US owned routers, core and otherwise.

    That is why any data in transit should be encrypted. "They" can still do traffic analysis, and see who is talking to whom, but that can be ameliorated by using proxies and sending dummy traffic.

  12. PRISM by SumDog · · Score: 4, Informative

    Did everyone forget about PRISM? I feel like everyone forgot about PRISM.

    The PRISM leak states that every one of this big companies, MS, Google, Facebook, have dedicated software hooks for searching any record, anytime.

    Or is Edward Snowden is limited hangout, and everything he said coming straight from the CIA?

    1. Re:PRISM by nnull · · Score: 1

      People have a short memory.

    2. Re:PRISM by freeze128 · · Score: 4, Informative

      I remember PRISM. I also remember that when its existence was leaked, Google specifically went out of their way to ENCRYPT traffic between their data centers to prevent the PRISM from capturing any useful data. Before the leak, Google was unaware that any data capture was going on.

      PRISM wasn't a Google initiative, it was an NSA initiative.

    3. Re:PRISM by xession · · Score: 1

      Sure it was an NSA initiative. That doesn't mean Google wasn't just posturing when they "went out of their way to encrypt traffic". Encrypting doesn't really do anything if you are already complying with the NSA with other tools. Lets consider an alternative - Google began encrypting their intranet traffic because they became concerned hackers could reveal this compliance easily prior to the encryption.

  13. Could just be a lie. by Gravis+Zero · · Score: 1

    Publicly traded companies like these are required by law to do what is best for it's shareholders. Since they are not bound by law to tell the truth, they could simply be lying because not lying could hurt them financially.

    --
    Anons need not reply. Questions end with a question mark.
    1. Re:Could just be a lie. by donaldm · · Score: 1

      Publicly traded companies like these are required by law to do what is best for it's shareholders. Since they are not bound by law to tell the truth, they could simply be lying because not lying could hurt them financially.

      You are quite right, lying cannot hurt you financially but being caught lying can.

      The problem you have is many people adopt the attitude of "I have nothing to hide". Sad really, I guess George Orwell was only out by about 40 years.

      --
      There ain't no such thing as proprietary standards only proprietary formats. Standards are by definition open.
  14. Sure, right by AndyKron · · Score: 4, Funny

    Nope, never been approached. Yahoo was the ONLY one. Yup.

  15. We don't do it like Yahoo!... by matbury · · Score: 2

    ...we're much better than them. We've developed our own proprietary systems to streamline and automate the surveillance process and increase our productivity in keeping the American public, and their children, safe... blah... blah... blah...

    Isn't it also Google (Alphabet?) that are vigorously promoting and selling their surveillance systems as a service to repressive regimes around the world?

    1. Re:We don't do it like Yahoo!... by fbobraga · · Score: 1

      People adore to use the "but Gloogle too" talk here... While not a big fan, Google is one of the less "evil" (but evil enough to be not trustworthy....) corporations out there

  16. Good for Yahoo! by hcs_$reboot · · Score: 2

    After this news, Yahoo will have much less accounts that can be hacked.
    More seriously, how come (especially in Japan) so may people keep using Yahoo is a big mistery.

    --
    Slashdot, fix the reply notifications... You won't get away with it...
  17. We Have No Government Email Scanning Program ... by fatp · · Score: 3, Interesting

    ... like Yahoo's...

    Ours are much more advance and stealthy

  18. Re:Duh! Well of course not by buss_error · · Score: 1

    No need to do that. They scan them in flight (where encrypted tunnels or TLS is not in use).

    --
    Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
  19. No problem by swd99999999 · · Score: 2

    No one can be held accountable for for naughty things that might have been said in their Yahoo email because their password was compromised.

  20. Two words. by epyT-R · · Score: 1

    Yeah right.

  21. That's not a complete denial by GrokvL · · Score: 2

    To say they don't do it in the same way as Yahoo is not the same as completely denying cooperation. I've never heard a a denial from these companies, for example, that they might feed all information sources to either an on-site or off-site cluster that government entities have access to. I've always watched the wording on statements and they seem to be carefully crafted to not lie, and to only deny very specific suspicions.

  22. ".. like what has been reported today about Yahoo" by gsslay · · Score: 1

    They could have just said "We have never engaged in the secret scanning of email traffic." Period. End of statement. But they decided to qualify it further. Draw your own conclusions.

  23. Re:Marissa Mayer again by butchersong · · Score: 2

    A Marissa Mayer decision again.
    Yep. She's cute and intelligent but Yahoo hid the "wiretap" from Alex Stamos (the freaking Chief Information Security Officer) and he and his team only discovered it later which seems to have been the reason he left. Apparently Yahoo (Marissa) did this secretly to avoid any in house conflict. I'd say she isn't CEO material but it isn't like the majority of CEOs in the country set the bar all that high.

  24. Re:stick a fork in 'em by butchersong · · Score: 1

    Eh, I'm not sure the people that will be aware of this story overlap a great deal with yahoo's user base. Besides they have plenty of assets other than "yahoo" -patents and a huge amount of real-estate etc.

  25. Re:U.S.A. by um...+Lucas · · Score: 1

    >but its highly probable that every single transcontinental link is 'managed' and tappable.

    I think that was already disclosed in the 1990's, with AT&T's secret room for the NSA at their facilities, wasn't it?

  26. It's a non-denial denial by wiredog · · Score: 1

    Or at least that's what they call it here in DC.

    --

    Best Slashdot Co
  27. I just .cc Obama by ControlsGeek · · Score: 1

    I got a list of all the emails for the U.S. government and tack it on to .cc in all my emails. I don't want anybody in U.S. government to be left out.

  28. Re:U.S.A. by Jayfar · · Score: 1

    Are you referring to 'MaeWest'? that was the west coast aggregate fiber tap. Their was an East coast atlantic fiber run aggregate tap as well, can't recall its name.

    MAE East, Duhr! But those facilities weren't particularly set up to allow government interception.

    https://en.wikipedia.org/wiki/...

  29. Re:U.S.A. by Anonymous Coward · · Score: 1

    Re: Traffic Analysis

    That by itself is extremely useful.

      During WWII there were periods when the Allies were unable to deduce the key(s) used by the Axis in encoding a days message.

    But by careful study of which units were sending to other units and back again, the Allies were able to derive actionable intelligence.

    With the pattern discerning skills of 'Big Data' and 'Machine Learning' the bad guys - and us - likely have no real secrets.

    I just assume that whatever I send, encrypted or not, is going to be read. A post, like this one, is probably hilarious to the NSA which no doubt has abilities we can't even think of.

    Read "The Hut Six Story" by Gordon Welchman to find out what was possible 70 years ago.

  30. SPAM Trap by Fnord666 · · Score: 1

    Wait, does this imply that there are people who use yahoo mail as anything other than a spam trap?

    --
    'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
  31. Plausible Deniability by ThatsNotPudding · · Score: 1

    The clueless (and mostly co-opted) Fourth Estate will dutifully parrot the statements from all the various spokespersons and maybe even the CEOs... who intentionally don't know shit.

    The CTOs and their senior staffs on the other hand...

  32. Re:U.S.A. by um...+Lucas · · Score: 1

    Here:

    https://en.wikipedia.org/wiki/...

  33. Re:U.S.A. by um...+Lucas · · Score: 1

    Here:

    https://en.wikipedia.org/wiki/...

    (Not sure if both of you posting as A/C are the same person, or if you'll even make it back here. Guess it wasn't the 1990's, but the 2000's, just seemed so long ago, I lost track of time).

  34. Re: Not that hard to get around. by fbobraga · · Score: 1

    You don't get it!

  35. No word.. by h8sg8s · · Score: 1

    ..from overpaid Yahoo CEO Marissa Mayer, net worth approximately $300m.

    --
    Organization? You must be joking..
  36. Re:Do the world a favor, delete ALL Yahoo accounts by fbobraga · · Score: 1

    I still use flickr, you insensitive clod! (but in a disposable account mode: if Yahoo is blown-up, nothing mine of value is lost...)

  37. Psychology and business 101 by poofmeisterp · · Score: 1

    The faster competitors team up to answer concerns of those that feed their profit, the more of a lie their answer is.

  38. Bah humbug by thunderclees · · Score: 1

    PRISM showed that they lie.

  39. Re:U.S.A. by lgw · · Score: 1

    its highly probable that every single transcontinental link is 'managed' and tappable.

    Heck, the undersea cables of hostile powers were tapped from the early 70s (presumably friendly powers followed). The US built a special-purpose nuclear submarine, capable of very deep dives and of "installation and maintenance of underwater equipment" just for the purpose of stealthily locating and tapping undersea cables.

    --
    Socialism: a lie told by totalitarians and believed by fools.
  40. Re:U.S.A. by Jayfar · · Score: 1

    Here:

    https://en.wikipedia.org/wiki/...

    Yes, that was NOT MAE West.