More Thoughts on the Yahoo Scan

Macy Wheeler:

To sum up: ex-Yahoo employees want this story to be about the technical recklessness of the request and Yahoo’s bureaucratic implementation of it. Government lawyers and spooks are happy to explain this was a traditional FISA order, but want to downplay the intrusiveness and recklessness of this by claiming it just involved adapting an existing scan. And intelligence committee members mistakenly believed this scan happened under Section 702, and wanted to make it a 702 renewal fight issue, but since appear to have learned differently.

This is the definitive summarization of what Yahoo! (likely) did when they monitored all of their customers’ emails for the US government. Well worth the read for its content and, also, to see what goes into a critical media evaluation of an unfolding intelligence-related series of news stories.


Yahoo May Have Exposed Rogers Customer Emails to US Spies


“Any program that scans all the mail that Yahoo has access to would have scanned this email,” Gillmor wrote me in a message.

“If Yahoo chose to segment their scanning by limiting it only to mails that have ‘’ email addresses [and omitted those sent from], of course, then they would have chosen to exclude this email from the scan,” Gillmor continued. “It’s not clear to me whether any such constraint was in place, though.”

“I’d imagine that, yes, the program would have applied to Rogers customer emails, unless Yahoo elected to specifically exclude them,” wrote Marczak in an email.

Yahoo declined to comment on whether the alleged system filtered out emails from Rogers customers.

Tobi Cohen, a spokesperson for the Office of the Privacy Commissioner, confirmed that Rogers consulted the office in the wake of the Yahoo hack. But as far as the possibility that Rogers customer emails had been siphoned into a surveillance dragnet goes, “Given we don’t have detailed information about the matter, we are not in a position to comment,” Cohen wrote.

When asked if Rogers was aware of the allegations against Yahoo or if the company is concerned that a backdoor could have affected its customers, spokesperson Garas referred me to Yahoo’s statement and wrote that “as such, we believe this matter is closed.”

Great to know that Rogers thinks it shouldn’t (or, worse, doesn’t have to) explain how one of its contracted service providers may have grossly violated the privacy of Rogers’ customers.


Judge Orders Yahoo to Explain How It Recovered ‘Deleted’ Emails in Drugs Case


After receiving requests from UK police and the FBI in September 2009 and April 2010, Yahoo created several “snapshots” of the email account, preserving its contents at the time—and revealing the messages. But the defense alleges there should have been nothing for law enforcement to find.

Yahoo’s explanation is that the recovered emails were copies created by the email service’s “auto-save” feature, which saves data in case of a loss of connectivity, for example. The company has filed several declarations from a number of its staff, but the defense said some of those contradicted each other, and it wants more information.

The question of when, and for whom, data has been deleted or made inaccessible is often based on power and knowledge. And end-users tend to lack both.


Yahoo is expected to confirm a massive data breach, impacting hundreds of millions of users


But there’s nothing smooth about this hack, said sources, which became known in August when an infamous cybercriminal named “Peace” claimed on a website that he was selling credentials of 200 million Yahoo users from 2012 on the dark web for just over $1,800. The data allegedly included user names, easily decrypted passwords and personal information like birth dates and other email addresses.

It will be curious (and worrying) to see whether this was a one-off breach or persistent. And, if persistent, whether the data also includes information from users of services like Tumblr.


Yahoo will need to balance its involvement with Tumblr to let the creative site flourish while also driving some benefits to core Yahoo. While Tumblr likely needs to take its feed advertising slowly so as not to negatively impact the user experience, the company should be able to leverage Yahoo!’s sales force and advertising relationships.

So it’s kind of cool to see what actual analysts say about Yahoo buying Tumblr. But I have a pretty hard time figuring out what benefits the site would be driving to “core Yahoo”. Better integration with Flickr, maybe? Not really sure what core Yahoo comprises, anymore. (via jakke)

This is something I’ve been thinking about a bit. Just off the top of my head, how could Yahoo! leverage Tumblr:

  • Use Tumblr to surface popular/emerging content for the various Yahoo! branded home pages that are provided to enterprise customers;
  • Offer free blogging services to enterprise customers;
  • Integrate Flickr’s communities (somehow) withTumblr to enhance finding and sharing original content;
  • Leverage Tumblr to expand Bing search capabilities (which would be part of the Yahoo!/MS search integration, and perhaps offer Yahoo! another line of revenue given Microsoft’s current pursuit of Social searchability)
  • Generally provide customized blogging solutions across properties. If Tumblr is eventually de-siloed then Yahoo! would have a blogging platform like Google (i.e. Blogger) except it would be ‘fresh’ like Blogger was at the time of Google acquiring it.

Those are just the most immediate thoughts. I really think that what happens will occur over time and not tomorrow; Yahoo! needs to get ‘integration right’ or else risk drowning their new $1.1 billion dollar baby.



Indeed. I exported my content out months ago; with the original [albeit about six months out of date] content from TKM being imported into a password protected wordpress account.

To be fair – well who knows? It’d be hypocritical of me to assume the worst, given how I bitched about the people bitching about Amazon buying up GoodReads.

Yeah, but Yahoo! has a history of letting great services languish until they nearly atrophy. Flickr and Delicious are both good examples of what happens under Yahoo! ‘management’.