Privacy advocates are hitting hard at the government process that likely led Yahoo Inc. to create software and scan all of its users’ incoming emails on behalf of U.S. intelligence agencies.
The reaction was immediate to a Reuters report Tuesday that said a classified government order directed the internet company to scan hundreds of millions of Yahoo Mail accounts searching for a specific “set of characters.”
Advocates contacted by Morning Consult about the Yahoo revelations agree that many questions remain unanswered about the case. Still, the Washington, D.C., backlash coalesces around a foreign surveillance law, set to expire at the end of next year, that privacy-minded lawmakers want to change.
The Yahoo scans were conducted on behalf of the Federal Bureau of Investigation or the National Security Agency, according to the story. Security experts interviewed by Reuters believe it to be the first instance in which a U.S. internet company agreed to search all arriving messages on behalf of a spy agency.
Privacy advocates are zeroing in on a controversial provision of the 2008 Foreign Intelligence Surveillance Amendments Act as the likely avenue that brought forth the government order. Provisions in the law allow U.S. intelligence officials to request consumer data from phone and internet firms to spy on targets believed to be outside the U.S.
Even before the Yahoo report, lawmakers and civil liberties advocates were pushing for changes to that provision, Section 702. They say U.S. intelligence agencies abuse it, conducting mass surveillance on Americans that shouldn’t be targeted in the first place.
In the wake of the Yahoo news, these advocates say the administration now has a duty at least to tell people if it is conducting mass searches.
“The NSA has said that it only targets individuals under Section 702 by searching for email addresses and similar identifiers,” privacy advocate and Senate Intelligence Committee member Ron Wyden (D-Ore.) said in an emailed statement to Morning Consult on Tuesday. “If that has changed, the executive branch has an obligation to notify the public.”
The FISA court, a secretive body that oversees the surveillance requests, has publicly stated that tens of thousands of communications conducted entirely within the U.S. are “caught up” in data collection under Section 702 every year, Wyden notes. The number of affected Americans might be even higher.
FBI Director James Comey and Central Intelligence Agency Director John Brennan have both testified about the program’s importance to intelligence officials, who are pushing for a straight renewal of the law. “702 is a critical tool for CIA for the collection for foreign intelligence as well as our operational activities,” Brennan told the House Intelligence Committee in February.
“This is not even a close call. If we lost this tool, it would be a very bad thing for us,” Comey said at the same open hearing.
But the Yahoo case will bolster privacy advocates’ argument that the surveillance program is a violation of the Fourth Amendment as it sweeps up Americans’ communications in droves. “The possibility that the company may have scanned the communications of millions of users – with no nexus to terrorism – is precisely the type of unconstitutional conduct that many have warned Section 702 could be used for,” Neema Singh Guliani, legislative counsel for the American Civil Liberties Union, told Morning Consult in an email.
“The Yahoo allegations, and the potential that the company may have been acting pursuant to a 702 order, will only add fuel to the calls to reform Section 702,” Guliani added.
It’s not clear whether the legal authority behind the surveillance order was Section 702 since the Reuters story suggests the company scanned domestic communications, said Robyn Greene, policy counsel and head of governmental affairs at New America Foundation’s Open Technology Institute. Section 702 only covers communications from individuals believed to be outside the country.
“The news that intelligence agencies have conscripted tech companies to do their spying for them is extremely troubling,” Greene said in an email. “Regardless of what law intelligence agencies claim authorizes this surveillance, it is unconstitutional, and highlights the need for Congress to enact meaningful and significant reforms to Section 702.”
“If the report is accurate, it represents a new — and dangerous — expansion of the government’s mass surveillance techniques,” Electronic Frontier Foundation senior staff attorney Mark Rumold said in an emailed statement to Morning Consult. “This is the first public indication that a U.S.-based email service provider was compelled to conduct surveillance against all its customers in real time.”
Rumold added that the surveillance was “warrantless and “flies in the face of the Fourth Amendment’s prohibition against unreasonable searches.”
Yahoo did not respond to request for comment on the story.