Thursday, January 27, 2022

US Government Requested Data on 40,000 Yahoo Accounts

Yahoo has now joined the transparency party, disclosing for the first time on Friday the number of requests (PDF) for user information that it obtained from law enforcement and former government agencies worldwide.

Facebook also shared their figures for the first time late last month, following additional companies like Twitter, Google, and Microsoft.

Kashmir Hill, a reporter for Forbes pointed out: “Telecoms are black hole still.”

The United States leads Yahoo’s list by far. The company released that during the first half of 2013, American authorities made 12,444 requests of 40,322 accounts. Yahoo delivered data in 37 percent of requests, and in 55 percent of the requests, the company handed over only “non-content data” (NCD), which includes:

basic subscriber information including the information captured at the time of registration such as an alternate e-mail address, name, location, and IP address, login details, billing information, and other transactional information (e.g., “to,” “from,” and “date” fields from e-mail headers).

Yahoo states that its numbers “include all types of government data requests such as criminal law enforcement requests and those under US national security authorities, including the Foreign Intelligence Surveillance Act (FISA) and National Security Letters (NSLs), if any were received.”

“Our legal department demands that government data requests be made through lawful means and for lawful purposes,” Ron Bell, Yahoo’s general counsel, wrote on Friday. “We regularly push back against improper requests for user data, including fighting requests that are unclear, improper, over-broad, or unlawful. In addition, we mounted a two-year legal challenge to the 2008 amendments to the Foreign Intelligence Surveillance Act and recently won a motion requiring the US Government to consider further declassifying court documents from that case.”

This is only the beginning many people believe, as more companies shoot for transparency, the government will think again about requesting information on 10s of thousands of accounts that were most likely chosen with little to no proof.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Megaupload plan to return after 5 years

The huge file-sharing website, Megaupload is scheduled to relaunch, five years after being raided and …