Yahoo May Have Exposed Rogers Customer Emails to US Spies


“Any program that scans all the mail that Yahoo has access to would have scanned this email,” Gillmor wrote me in a message.

“If Yahoo chose to segment their scanning by limiting it only to mails that have ‘’ email addresses [and omitted those sent from], of course, then they would have chosen to exclude this email from the scan,” Gillmor continued. “It’s not clear to me whether any such constraint was in place, though.”

“I’d imagine that, yes, the program would have applied to Rogers customer emails, unless Yahoo elected to specifically exclude them,” wrote Marczak in an email.

Yahoo declined to comment on whether the alleged system filtered out emails from Rogers customers.

Tobi Cohen, a spokesperson for the Office of the Privacy Commissioner, confirmed that Rogers consulted the office in the wake of the Yahoo hack. But as far as the possibility that Rogers customer emails had been siphoned into a surveillance dragnet goes, “Given we don’t have detailed information about the matter, we are not in a position to comment,” Cohen wrote.

When asked if Rogers was aware of the allegations against Yahoo or if the company is concerned that a backdoor could have affected its customers, spokesperson Garas referred me to Yahoo’s statement and wrote that “as such, we believe this matter is closed.”

Great to know that Rogers thinks it shouldn’t (or, worse, doesn’t have to) explain how one of its contracted service providers may have grossly violated the privacy of Rogers’ customers.


Rogers reports sharp drop in police demands for customer data

Rogers reports sharp drop in police demands for customer data:

Christopher Parsons, a researcher at the University of Toronto’s Citizen Lab, said Rogers’ commitment to regularly releasing such data is commendable. Yet, he argued the company could go even further with certain aspects of its report, such as including information about when it discloses to customers that a law enforcement request has been made.

He noted that authorities are required to notify individuals who have been subject to wiretap requests or any intercept of live information. However, he said requests for stored data do not trigger a statutory requirement to inform the person that they were under investigation and unless the information is introduced in a court proceeding, they would never know.

“Rogers could advance the privacy discussion in Canada that much more by trying to push government and law enforcement agencies to let the company disclose that their customers were subject to a request,” Mr. Parsons said.



Rogers sheds new light on what personal data spy agencies can get

Rogers sheds new light on what personal data spy agencies can get:

Comments yield insights into a largely hidden relationship between intelligence agencies and communications corporations Federal spy agencies are, like police, “obviously going to have to get a lot more production orders than they did in the past,” one of Canada’s Big Three communications companies says.

And while Ottawa’s agents had been getting warrantless access to some corporately held records, “we have not opened up our metadata to the government as apparently has happened in the U.S.”

Rogers Communications’ vice-president of regulatory affairs, Ken Engelhart, made these and other remarks about his company’s relationships with federal intelligence-agencies, as he spoke to The Globe’s Christine Dobby about corporate transparency in an interview this week.

Such remarks, not published until now, are important because they yield some insights into a largely hidden relationship between intelligence agencies and communications corporations.

But even as Rogers is now publicizing its bona fides as a telecom company that acts more openly than most, it is privately admitting to customers that it can face federal gag orders.

“We are unable to confirm with a customer when their information has been disclosed to a government institution… where that institution has refused to allow Rogers to disclose that information,” reads one such July 10 letter obtained by The Globe and Mail from privacy researcher Christopher Parsons, of University of Toronto’s Citizen Lab.

That Rogers is, in essence, playing a game of Catch-22 (if we told you we didn’t disclose your information, then others could see if they got a different response and learn we had disclosed their information, therefore we can’t tell anyone if we disclosed their information) is absurd. As is their refusal to provide basic records to their subscribers.


Teksavvy and Rogers publish transparency reports highlighting the extent of government data requests

Teksavvy and Rogers publish transparency reports highlighting the extent of government data requests:

Third-party internet provider Teksavvy and Rogers, one of the largest ISPs in Canada, have published the first Canadian telecommunications transparency reports.

Both Teksavvy and Rogers have released documents detailing the subscriber information both companies have released to police and spy agencies over the last few years. Teksavvy disclosed their transparency report first and then Rogers followed soon after.



Telecom giant Rogers got 175,000 info requests from government

Telecom giant Rogers got 175,000 info requests from government:

Rogers is the first major Canadian telecommunications company to issue a so-called transparency report on co-operation with law enforcement.

However, one of Canada’s smaller telecommunications companies, Teksavvy, issued a similar report yesterday in response to a request from University of Toronto researchers. Its report revealed that it received just 52 requests from government and law enforcement agencies in 2012 and 2013. It said it complied with a third of the requests and denied the rest.

The releases come as civil libertarians and privacy advocates urge companies and governments to be more forthcoming about when and how customer data is shared.

A study by University of Toronto researchers recently gave low marks to Canada’s internet service providers about how they handle customer information — including whether they routinely give personal data to spy agencies.

Rogers says it does not allow agencies direct access to its customer databases, nor does it hand over metadata — the routing codes and other data about emails and calls — without a warrant.

“We only provide the information we are required to provide and this information is retrieved by our staff.”



Rogers opens curtain on warrantless government snooping

Rogers opens curtain on warrantless government snooping:

OTTAWA—Rogers Communications gave Canadians their first real peek behind the curtain of warrantless government snooping Thursday, revealing they were asked almost 175,000 times for their customers’ data in 2013.

Rogers became the first major Canadian telecommunications provider to issue a transparency report, revealing aggregate numbers on how many law enforcement requests they receive in a year.

More telecom and Internet service providers are expected to follow suit, as Canadian customers learn more about the scope of government access to their personal data.