Wikipedia can pursue NSA surveillance lawsuit: U.S. appeals court

A man is silhouetted near logos of the U.S. National Security Agency (NSA) and Wikipedia in this photo illustration taken in Sarajevo March 11, 2015. REUTERS/Dado Ruvic/File Photo

By Jonathan Stempel

(Reuters) – A federal appeals court on Tuesday revived a Wikipedia lawsuit that challenges a U.S. National Security Agency (NSA) program of mass online surveillance, and claims that the government unconstitutionally invades people’s privacy rights.

By a 3-0 vote, the 4th U.S. Circuit Court of Appeals in Richmond, Virginia, said the Wikimedia Foundation, which hosts the Wikipedia online encyclopedia, had a legal right to challenge the government’s Upstream surveillance program.

The decision could make it easier for people to learn whether authorities have spied on them through Upstream, which involves bulk searches of international communications within the internet’s backbone of cables, switches and routers.

Upstream’s existence was revealed in leaks by former NSA contractor Edward Snowden in 2013.

Lawyers for the Wikipedia publisher and eight other plaintiffs including Amnesty International USA and Human Rights Watch, with more than 1 trillion international communications annually, argued that the surveillance violated their rights to privacy, free expression and association.

The U.S. Department of Justice countered that the Foreign Intelligence Surveillance Act had authorized Upstream’s review of communications between Americans and foreign “targets.”

In October 2015, U.S. District Judge T.S. Ellis III in Baltimore dismissed the lawsuit, finding a lack of evidence that the NSA, headquartered in Maryland, was conducting surveillance “at full throttle.”

Writing for the appeals court panel, however, Circuit Judge Albert Diaz found “nothing speculative” about the Wikimedia Foundation’s claims.

Diaz said the NSA interception and copying of communications showed “an invasion of a legally protected interest – the Fourth Amendment right to be free from unreasonable searches and seizures.”

The foundation could also pursue its First Amendment claim because it had “self-censored” some communications in response to the Upstream surveillance, Diaz said.

By a 2-1 vote, the same panel also ruled the plaintiffs lacked standing to challenge the NSA’s alleged “dragnet” to intercept “substantially all” text-based communications to and from the United States while conducting Upstream surveillance.

Justice Department spokesman Mark Abueg declined to comment.

Patrick Toomey, an American Civil Liberties Union lawyer representing the plaintiffs, said the ruling means Upstream “will finally face badly needed scrutiny” in the courts.

“This is an important victory for the rule of law,” he said in a statement. “Our government shouldn’t be searching the private communications of innocent people in bulk.”

Some Democratic and Republican lawmakers are working on legislation to curtail parts of Upstream. A section of FISA that authorizes the program expires at year end.

The case is Wikimedia Foundation et al v National Security Agency et al, 4th U.S. Circuit Court of Appeals, No. 15-2560.

(Reporting by Jonathan Stempel in New York; Additional reporting by Dustin Volz in Washington; editing by Jeffrey Benkoe and Phil Berlowitz)

NSA collected Americans’ phone records despite law change: report

An illustration picture shows the logo of the U.S. National Security Agency on the display of an iPhone in Berlin, June 7, 2013. REUTERS/Pawel Kopczynski

By Mark Hosenball

WASHINGTON (Reuters) – The U.S. National Security Agency collected more than 151 million records of Americans’ phone calls last year, even after Congress limited its ability to collect bulk phone records, according to an annual report issued on Tuesday by the top U.S. intelligence officer.

The report from the office of Director of National Intelligence Dan Coats was the first measure of the effects of the 2015 USA Freedom Act, which limited the NSA to collecting phone records and contacts of people U.S. and allied intelligence agencies suspect may have ties to terrorism.

It found that the NSA collected the 151 million records even though it had warrants from the secret Foreign Intelligence Surveillance court to spy on only 42 terrorism suspects in 2016, in addition to a handful identified the previous year.

The NSA has been gathering a vast quantity of telephone “metadata,” records of callers’ and recipients’ phone numbers and the times and durations of the calls – but not their content – since the September 11, 2001, attacks.

The report came as Congress faced a decision on whether to reauthorize Section 702 of the Foreign Intelligence Surveillance Act (FISA), which permits the NSA to collect foreign intelligence information on non-U.S. persons outside the United States, and is scheduled to expire at the end of this year.

Privacy advocates have argued that Section 702 permits the NSA to spy on Internet and telephone communications of Americans without warrants from the secret Foreign Intelligence Surveillance Court, and that foreign intelligence could be used for domestic law enforcement purposes in a way that evades traditional legal requirements.

The report said that on one occasion in 2016, the FBI obtained information about an American in response to a search of Section 702 data intended to produce evidence of a crime not related to foreign intelligence.

The report did not address how frequently the FBI obtained information about Americans while investigating a foreign intelligence matter, however.

On Friday, the NSA said it had stopped a form of surveillance that allowed it to collect the digital communications of Americans who mentioned a foreign intelligence target in their messages without a warrant.

TRUMP’S ALLEGATIONS

The new report also came amid allegations, recently repeated by U.S. President Donald Trump, that former President Barack Obama ordered warrantless surveillance of his communications and that former national security adviser Susan Rice asked the NSA to unmask the names of U.S. persons caught in the surveillance.

Both Republican and Democratic members of the congressional intelligence committees have said that so far they have found no evidence to support either allegation.

Officials on Tuesday argued that the 151 million records collected last year were tiny compared with the number collected under procedures that were stopped after former NSA contractor Edward Snowden revealed the surveillance program in 2013.

Because the 151 million would include multiple calls made to or from the same phone numbers, the number of people whose records were collected also would be much smaller, the officials said. They said they had no breakdown of how many individuals’ phone records were among those collected.

In all, according to the report, U.S. officials unmasked the names of fewer Americans in NSA eavesdropping reports in 2016 than they did the previous year, the top U.S. intelligence officer reported on Tuesday.

The report said the names of 1,934 “U.S. persons” were “unmasked” last year in response to specific requests, compared with 2,232 in 2015, but it did not identify who requested the names or on what grounds.

Officials said in the report that U.S. intelligence agencies had gone out of their way to make public more information about U.S. electronic eavesdropping.

“This year’s report continues our trajectory toward greater transparency, providing additional statistics beyond what is required by law,” said Office of the Director of National Intelligence spokesman Timothy Barrett.

(Reporting by Mark Hosenball; Additional reporting by Dustin Volz; Editing by John Walcott and Jonathan Oatis)

U.S. spy agency abandons controversial surveillance technique

FILE PHOTO - An aerial view shows the National Security Agency (NSA) headquarters in Ft. Meade, Maryland, U.S. on January 29, 2010. REUTERS/Larry Downing/File Photo

By Dustin Volz

WASHINGTON (Reuters) – The U.S. National Security Agency said on Friday it had stopped a form of surveillance that allowed it to collect without a warrant the digital communications of Americans who mentioned a foreign intelligence target in their messages, marking an unexpected triumph for privacy advocates long critical of the practice.

The decision to stop the once-secret activity, which involved messages sent to or received from people believed to be living overseas, came despite the insistence of U.S. officials in recent years that it was both lawful and vital to national security.

The halt is among the most substantial changes to U.S. surveillance policy in years and comes as digital privacy remains a contentious issue across the globe following the 2013 disclosures of broad NSA spying activity by former intelligence contractor Edward Snowden.

“NSA will no longer collect certain internet communications that merely mention a foreign intelligence target,” the agency said in a statement. “Instead, NSA will limit such collection to internet communications that are sent directly to or from a foreign target.”

NSA also said it would delete the “vast majority” of internet data collected under the surveillance program “to further protect the privacy of U.S. person communications.”

The decision is an effort to remedy privacy compliance issues raised in 2011 by the Foreign Intelligence Surveillance Court, a secret tribunal that rules on the legality of intelligence operations, sources familiar with the matter said.

The court recently approved the changes, NSA said in its statement.

The NSA is not permitted to conduct surveillance within the United States. The so-called “about” collection went after messages that mentioned a surveillance target, even if the message was neither to nor from that person.

That type of collection sometimes resulted in surveillance of emails, texts and other communications that were wholly domestic. The NSA will continue to collect communications directly involving intelligence targets.

Friday’s announcement came as a surprise to privacy advocates who have long argued that “about” collection was overly broad and ran afoul of the U.S. Constitution’s protections against unreasonable searches.

Julian Sanchez, a privacy and surveillance expert with the Cato Institute, a libertarian think tank, called the decision “very significant” and among the top priorities of surveillance reform among civil liberties groups.

“Usually you identify a specific individual to scrutinize their content; this was scrutinizing everyone’s content to find mentions of an individual,” Sanchez said.

Other privacy advocates seized on the change to advocate for additional reforms to the Foreign Intelligence Surveillance Act (FISA). The part of the law under which the banned surveillance occurred, known as Section 702, is due to expire at the end of the year unless Congress reauthorizes it.

Democratic Senator Ron Wyden said in a statement he would introduce legislation “banning this kind of collection in the future.”

A U.S. government official familiar with the matter said the change was motivated in part to ensure that Section 702 is renewed before it sunsets on Dec. 31, 2017. FISA has come under increased scrutiny in recent months amid unsubstantiated claims by President Donald Trump and other Republicans that the Obama White House improperly spied on Trump or his associates.

Pieces of differing bits of digital traffic are often packaged together as they travel across the internet. Part of the issue with “about” collection stemmed from how an entire packet of information would be vacuumed up if one part of it contained information, such as an email address or phone number, connected to a foreign target.

NSA told the Privacy and Civil Liberties Oversight Board as recently as last year that changes to “about” collection were not “practical at this time,” according to a report from the government watchdog.

News of the surveillance activity being halted was first reported on Friday by The New York Times, which first revealed its existence in 2013, two months after Snowden leaked intelligence documents to journalists.

(Additional reporting by Mark Hosenball; writing by Eric Beech; editing by Tim Ahmann, Leslie Adler and Bill Rigby)

Hackers release files indicating NSA monitored global bank transfers

FILE PHOTO: Swift code bank logo is displayed on an iPhone 6s among Euro banknotes in this picture illustration January 26, 2016. REUTERS/Dado Ruvic/File Photo - RTS11WHG

By Clare Baldwin

(Reuters) – Hackers released documents and files on Friday that cybersecurity experts said indicated the U.S. National Security Agency had accessed the SWIFT interbank messaging system, allowing it to monitor money flows among some Middle Eastern and Latin American banks.

The release included computer code that could be adapted by criminals to break into SWIFT servers and monitor messaging activity, said Shane Shook, a cyber security consultant who has helped banks investigate breaches of their SWIFT systems.

The documents and files were released by a group calling themselves The Shadow Brokers. Some of the records bear NSA seals, but Reuters could not confirm their authenticity.

The NSA could not immediately be reached for comment.

Also published were many programs for attacking various versions of the Windows operating system, at least some of which still work, researchers said.

In a statement to Reuters, Microsoft <MSFT.O>, maker of Windows, said it had not been warned by any part of the U.S. government that such files existed or had been stolen.

“Other than reporters, no individual or organization has contacted us in relation to the materials released by Shadow Brokers,” the company said.

The absence of warning is significant because the NSA knew for months about the Shadow Brokers breach, officials previously told Reuters. Under a White House process established by former President Barack Obama’s staff, companies were usually warned about dangerous flaws.

Shook said criminal hackers could use the information released on Friday to hack into banks and steal money in operations mimicking a heist last year of $81 million from the Bangladesh central bank.

“The release of these capabilities could enable fraud like we saw at Bangladesh Bank,” Shook said.

The SWIFT messaging system is used by banks to transfer trillions of dollars each day. Belgium-based SWIFT downplayed the risk of attacks employing the code released by hackers on Friday.

SWIFT said it regularly releases security updates and instructs client banks on how to handle known threats.

“We mandate that all customers apply the security updates within specified times,” SWIFT said in a statement.

SWIFT said it had no evidence that the main SWIFT network had ever been accessed without authorization.

It was possible that the local messaging systems of some SWIFT client banks had been breached, SWIFT said in a statement, which did not specifically mention the NSA.

When cyberthieves robbed the Bangladesh Bank last year, they compromised that bank’s local SWIFT network to order money transfers from its account at the New York Federal Reserve.

The documents released by the Shadow Brokers on Friday indicate that the NSA may have accessed the SWIFT network through service bureaus. SWIFT service bureaus are companies that provide an access point to the SWIFT system for the network’s smaller clients and may send or receive messages regarding money transfers on their behalf.

“If you hack the service bureau, it means that you also have access to all of their clients, all of the banks,” said Matt Suiche, founder of the United Arab Emirates-based cybersecurity firm Comae Technologies, who has studied the Shadow Broker releases and believes the group has access to NSA files.

The documents posted by the Shadow Brokers include Excel files listing computers on a service bureau network, user names, passwords and other data, Suiche said.

“That’s information you can only get if you compromise the system,” he said.

ATTEMPT TO MONITOR FLOW OF MONEY

Cris Thomas, a prominent security researcher with the cybersecurity firm Tenable, said the documents and files released by the Shadow Brokers show “the NSA has been able to compromise SWIFT banking systems, presumably as a way to monitor, if not disrupt, financial transactions to terrorists groups”.

Since the early 1990s, interrupting the flow of money from Saudi Arabia, the United Arab Emirates and elsewhere to al Qaeda, the Taliban, and other militant Islamic groups in Afghanistan, Pakistan and other countries has been a major objective of U.S. and allied intelligence agencies.

Mustafa Al-Bassam, a computer science researcher at University College London, said on Twitter that the Shadow Brokers documents show that the “NSA hacked a bunch of banks, oil and investment companies in Palestine, UAE, Kuwait, Qatar, Yemen, more.”

He added that NSA “completely hacked” EastNets, one of two SWIFT service bureaus named in the documents that were released by the Shadow Brokers.

Reuters could not independently confirm that EastNets had been hacked.

EastNets, based in Dubai, denied it had been hacked in a statement, calling the assertion “totally false and unfounded.”

EastNets ran a “complete check of its servers and found no hacker compromise or any vulnerabilities,” according to a statement from EastNets’ chief executive and founder, Hazem Mulhim.

In 2013, documents released by former NSA contractor Edward Snowden said the NSA had been able to monitor SWIFT messages.

The agency monitored the system to spot payments intended to finance crimes, according to the documents released by Snowden.

Reuters could not confirm whether the documents released Friday by the Shadow Brokers, if authentic, were related to NSA monitoring of SWIFT transfers since 2013.

Some of the documents released by the Shadow Brokers were dated 2013, but others were not dated.

The documents released by the hackers did not clearly indicate whether the NSA had actually used all the techniques cited for monitoring SWIFT messages.

(Additional reporting by Tom Bergin in London; Dustin Volz and John Walcott in Washington; Joseph Menn in San Franciso; and Jim Finkle in Buffalo, New York.; Editing by Brian Thevenot and Cynthia Osterman)

Messages show New York police surveillance of Black Lives Matter

People participate in a Black Lives Matter protest in front of Trump Tower in New York City, U.S. January 14, 2017. REUTERS/Stephanie Keith

By Jonathan Allen

NEW YORK (Reuters) – Documents released by the New York Police Department and published by a newspaper on Tuesday shed new light on how undercover officers surveilled organizers from the Black Lives Matter movement who were protesting police tactics.

The documents include brief internal messages between officers that track demonstrators’ movements during “die-in” protests at New York City’s Grand Central Terminal in 2014 and 2015, as well as photographs and a video of the protests.

They also include two photographs of text messages on the screen of an unknown person’s cellphone that appear to be instructions sent by organizers telling protesters where to gather.

“TONIGHT 8PM Die In & Community Convergence at Grand Central,” one of the messages reads in part.

A New York judge ordered the release of the documents in February after a protester, James Logue, successfully sued the NYPD under freedom of information laws, arguing that the police may have inappropriately interfered with the right to protest peacefully.

The city released the documents to Logue last month, and they were published on Tuesday by the Guardian. The NYPD did not respond to questions, although it has acknowledged its use of undercover officers in the protests.

David Thompson, a lawyer representing Logue, said he was concerned by the photographs of the two organizing text messages because they were shared among only a small group of people.

“So we think this means that at least one police officer managed to get him or herself into this core group of organizers and might still be there for all we know,” he said in an interview. “And that’s disturbing.”

Thompson said the police surveillance of the protesters and the retention of photographs of them without any publicly known evidence of unlawful activity by the protesters was wrong.

Several of the protests in 2014 and 2015 were prompted by outrage over the death of Eric Garner, an unarmed black man selling loose cigarettes on New York’s Staten Island who died shouting “I can’t breathe!” as a police officer’s arm gripped his neck.

Some legal experts said in interviews it was difficult to tell from the limited information released whether the police department broke court-ordered rules that govern how New York City can police political activity, but that the surveillance seemed disproportionate.

“A ‘sit-in’ is not the same as an act of violence, and the police should not be engaged in maximal surveillance for non-violent activity,” said Arthur Eisenberg, the New York Civil Liberties Union’s legal director.

(Reporting by Jonathan Allen; Editing by Dan Grebler)

White House supports renewal of spy law without reforms: official

A surveillance camera is pictured atop the border fence separating the United States and Mexico in El Paso, U.S. January 17, 2017. REUTERS/Tomas Bravo

By Steve Holland and Dustin Volz

WASHINGTON (Reuters) – The Trump administration supports renewing without reforms a key surveillance law governing how the U.S. government collects electronic communications that is due to expire at the end of the year, a White House official said on Wednesday.

“We support the clean reauthorization and the administration believes it’s necessary to protect the security of the nation,” the official said on customary condition of anonymity.

The law, known as the Foreign Intelligence Surveillance Act (FISA), has been criticized by privacy and civil liberties advocates as allowing broad, intrusive spying. It gained renewed attention following the 2013 disclosures by former National Security Agency contractor Edward Snowden.

Portions of the law, including a provision known as Section 702, will expire on Dec. 31, 2017, unless Congress reauthorizes them.

Section 702 enables two internet surveillance programs called Prism and Upstream, classified details of which were revealed by Snowden’s leaks.

Prism gathers messaging data from Alphabet Inc’s Google , Facebook Inc , Microsoft Corp, Apple Inc and other major tech companies that is sent to and from a foreign target under surveillance. Upstream allows the NSA to copy Web traffic flowing along the internet backbone located inside the United States and search that data for certain terms associated with a target.

Both Democratic and Republican lawmakers have said reforms to Section 702 are needed, in part to ensure the privacy protections on Americans are not violated. The U.S. House of Representatives’ Judiciary Committee met Wednesday to discuss possible changes to the law.

Though FISA is intended to govern spy programs intended for foreigners, an unknown amount of communications belonging to Americans are also collected due to a range of technical and practical reasons.

Such collection has been defended by U.S. intelligence agencies as “incidental,” but privacy groups have said it allows for backdoor seizures of data without proper judicial oversight.

(Reporting by Steve Holland and Dustin Volz, writing by Dustin Volz; Editing by Andrea Ricci and Andrew Hay)

NSA contractor indicted over mammoth theft of classified data

NSA HQ

By Dustin Volz

(Reuters) – A former National Security Agency contractor was indicted on Wednesday by a federal grand jury on charges he willfully retained national defense information, in what U.S. officials have said may have been the largest heist of classified government information in history.

The indictment alleges that Harold Thomas Martin, 52, spent up to 20 years stealing highly sensitive government material from the U.S. intelligence community related to national defense, collecting a trove of secrets he hoarded at his home in Glen Burnie, Maryland.

The government has not said what, if anything, Martin did with the stolen data.

Martin faces 20 criminal counts, each punishable by up to 10 years in prison, the Justice Department said.

“For as long as two decades, Harold Martin flagrantly abused the trust placed in him by the government,” said U.S. Attorney Rod Rosenstein.

Martin’s attorney could not immediately be reached for comment.

Martin worked for Booz Allen Hamilton Holding Corp when he was taken into custody last August.

Booz Allen also had employed Edward Snowden, who leaked a trove of secret files to news organizations in 2013 that exposed vast domestic and international surveillance operations carried out by the NSA.

The indictment provided a lengthy list of documents Martin is alleged to have stolen from multiple intelligence agencies starting in August 1996, including 2014 NSA reports detailing intelligence information “regarding foreign cyber issues” that contained targeting information and “foreign cyber intrusion techniques.”

The list of pilfered documents includes an NSA user’s guide for an intelligence-gathering tool and a 2007 file with details about specific daily operations.

The indictment also alleges that Martin stole documents from U.S. Cyber Command, the CIA and the National Reconnaissance Office.

Martin was employed as a private contractor by at least seven different companies, working for several government agencies beginning in 1993 after serving in the U.S. Navy for four years, according to the indictment.

His positions, which involved work on highly classified projects involving government computer systems, gave him various security clearances that routinely provided him access to top-secret information, it said.

Unnamed U.S. officials told the Washington Post this week that Martin allegedly took more than 75 percent of the hacking tools belonging to the NSA’s tailored access operations, the agency’s elite hacking unit.

Booz Allen, which earns billions of dollars a year contracting with U.S. intelligence agencies, came under renewed scrutiny after Martin’s arrest was revealed last October. The firm announced it had hired former FBI Director Robert Mueller to lead an audit of its security, personnel and management practices.

A Booz Allen spokeswoman did not have an immediate comment on Martin’s indictment.

Martin’s initial appearance in the U.S. District Court of Baltimore was scheduled for next Tuesday, the Justice Department said.

(Reporting by Dustin Volz in Washington and Jonathan Stempel in New York; editing by Jonathan Oatis and Phil Berlowitz)

U.S. to disclose estimate of Americans under surveillance by early 2017

An undated aerial handout photo shows the National Security Agency (NSA) headquarters building in Fort Meade, Maryland.

By Dustin Volz

WASHINGTON (Reuters) – The U.S. intelligence community has committed to providing as soon as next month a public estimate of the number of U.S. persons whose electronic communications are ensnared under a surveillance authority intended for foreign espionage, according to a bipartisan group of congressional lawmakers’ letter that Reuters saw.

The decision would reverse the government’s longstanding position that calculating such a number may be technically impossible and would require privacy intrusions exceeding those raised by the actual surveillance programs.

It also comes as Congress is expected to begin debate in the coming months over whether to reauthorize or reform the surveillance authority, known as Section 702, a provision that was added to the Foreign Intelligence Surveillance Act in 2008.

The letter, sent on Friday to National Intelligence Director James Clapper, said his office and National Security Agency officials had briefed congressional staff about how the intelligence community intends to comply with the lawmakers’ disclosure request.

Clapper’s office did not immediately respond to a request for comment.

The 11 lawmakers, all members of the U.S. House Judiciary Committee, termed their letter an effort to “memorialize our understanding” of the intelligence community’s plan to provide an estimate in real numbers, not percentages, as soon as January that can be shared with the public.

“The timely production of this information is incredibly important to informed debate on Section 702 in the next Congress— and, without it, even those of us inclined to support re-authorization would have reason for concern,” the letter said.

Section 702 will expire on December 31, 2017, absent congressional action. It enables two internet surveillance programs called Prism and Upstream that were revealed in a series of leaks by former NSA contractor Edward Snowden more than three years ago.

Intelligence officials have said that data about Americans is “incidentally” collected under Section 702, due to a range of technical and practical reasons. Critics have assailed such collection as back-door surveillance of Americans without a warrant.

Clapper, who is stepping down next month, suggested in April that providing an estimate of Americans surveilled under Section 702, a figure some have said could tally in the millions, might be possible, while defending the law as “a prolific producer of critical intelligence.”

Republicans James Sensenbrenner, Darrell Issa, Ted Poe and Jason Chaffetz signed the letter, in addition to Democrats John Conyers, Jerrold Nadler, Zoe Lofgren, Hank Johnson, Ted Deutch, Suzan DelBene and David Cicilline.

(Reporting by Dustin Volz; Editing by Lisa Von Ahn)

Dozens of U.S. lawmakers request briefing on Yahoo email scanning

Yahoo Mail logo

By Dustin Volz

WASHINGTON (Reuters) – A bipartisan group of 48 lawmakers in the U.S. House of Representatives on Friday asked the Obama administration to brief Congress “as soon as possible” about a 2015 Yahoo <YHOO.O> program to scan all of its users’ incoming email at the behest of the government.

The request comes amid scrutiny by privacy advocates and civil liberties groups about the legal authority and technical nature of the surveillance program, first revealed by Reuters last week. Custom software was installed to search messages to hundreds of millions of accounts under an order issued by the secretive Foreign Intelligence Surveillance Court.

“As legislators, it is our responsibility to have accurate information about the intelligence activities conducted by the federal government,” according to the letter, organized by Republican Representative Justin Amash of Michigan and Democratic Representative Ted Lieu of California.

“Accordingly, we request information and a briefing as soon as possible for all members of Congress to resolve the issues raised by these reports.”

Investigators searched for messages that contained a single piece of digital content linked to a foreign state sponsor of terrorism, sources have told Reuters, though the nature of the content remains unclear.

Intelligence officials said Yahoo modified existing systems used to stop child pornography and filter spam messages on its email service.

But three former Yahoo employees told Reuters the court-ordered search was done by a module buried deep near the core of the company’s email server operation system, far below where mail sorting was handled.

The Senate and House intelligence committees were given a copy of the order when it was issued last year, sources said, but other members of Congress have express concern at the scope of the email scanning.

Some legal experts have questioned the breadth of the court order and whether it runs afoul of the U.S. Constitution’s Fourth Amendment protections against unreasonable searches.

Half of registered U.S. voters believe the Yahoo program violated the privacy of customers, according to a poll of 1,989 people conducted last week by Morning Consult, a polling and media company.

Twenty-five percent were supportive of the program because of its potential to stop criminal acts, the survey found, while another quarter did not know or had no opinion.

The congressional letter is addressed to Attorney General Loretta Lynch and Director of National Intelligence James Clapper.

(Additional reporting by Mark Hosenball and Joseph Menn; Editing by Jeffrey Benkoe)

Exclusive: Yahoo secretly scanned customer emails for U.S. intelligence – sources

Yahoo billboard

By Joseph Menn

SAN FRANCISCO (Reuters) – Yahoo Inc last year secretly built a custom software program to search all of its customers’ incoming emails for specific information provided by U.S. intelligence officials, according to people familiar with the matter.

The company complied with a classified U.S. government demand, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said three former employees and a fourth person apprised of the events.

Some surveillance experts said this represents the first case to surface of a U.S. Internet company agreeing to an intelligence agency’s request by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real time.

It is not known what information intelligence officials were looking for, only that they wanted Yahoo to search for a set of characters. That could mean a phrase in an email or an attachment, said the sources, who did not want to be identified.

Reuters was unable to determine what data Yahoo may have handed over, if any, and if intelligence officials had approached other email providers besides Yahoo with this kind of request.

According to two of the former employees, Yahoo Chief Executive Marissa Mayer’s decision to obey the directive roiled some senior executives and led to the June 2015 departure of Chief Information Security Officer Alex Stamos, who now holds the top security job at Facebook Inc.

“Yahoo is a law abiding company, and complies with the laws of the United States,” the company said in a brief statement in response to Reuters questions about the demand. Yahoo declined any further comment.

Through a Facebook spokesman, Stamos declined a request for an interview.

The NSA referred questions to the Office of the Director of National Intelligence, which declined to comment.

The request to search Yahoo Mail accounts came in the form of a classified edict sent to the company’s legal team, according to the three people familiar with the matter.

U.S. phone and Internet companies are known to have handed over bulk customer data to intelligence agencies. But some former government officials and private surveillance experts said they had not previously seen either such a broad demand for real-time Web collection or one that required the creation of a new computer program.

“I’ve never seen that, a wiretap in real time on a ‘selector,'” said Albert Gidari, a lawyer who represented phone and Internet companies on surveillance issues for 20 years before moving to Stanford University this year. A selector refers to a type of search term used to zero in on specific information.

“It would be really difficult for a provider to do that,” he added.

Experts said it was likely that the NSA or FBI had approached other Internet companies with the same demand, since they evidently did not know what email accounts were being used by the target. The NSA usually makes requests for domestic surveillance through the FBI, so it is hard to know which agency is seeking the information.

Alphabet Inc’s Google and Microsoft Corp, two major U.S. email service providers, separately said on Tuesday that they had not conducted such email searches.

“We’ve never received such a request, but if we did, our response would be simple: ‘No way’,” a spokesman for Google said in a statement.

A Microsoft spokesperson said in a statement, “We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo.” The company declined to comment on whether it had received such a request.

CHALLENGING THE NSA

Under laws including the 2008 amendments to the Foreign Intelligence Surveillance Act, intelligence agencies can ask U.S. phone and Internet companies to provide customer data to aid foreign intelligence-gathering efforts for a variety of reasons, including prevention of terrorist attacks.

Disclosures by former NSA contractor Edward Snowden and others have exposed the extent of electronic surveillance and led U.S. authorities to modestly scale back some of the programs, in part to protect privacy rights.

Companies including Yahoo have challenged some classified surveillance before the Foreign Intelligence Surveillance Court, a secret tribunal.

Some FISA experts said Yahoo could have tried to fight last year’s demand on at least two grounds: the breadth of the directive and the necessity of writing a special program to search all customers’ emails in transit.

Apple Inc made a similar argument earlier this year when it refused to create a special program to break into an encrypted iPhone used in the 2015 San Bernardino massacre. The FBI dropped the case after it unlocked the phone with the help of a third party, so no precedent was set.

“It is deeply disappointing that Yahoo declined to challenge this sweeping surveillance order, because customers are counting on technology companies to stand up to novel spying demands in court,” Patrick Toomey, an attorney with the American Civil Liberties Union, said in a statement.

Some FISA experts defended Yahoo’s decision to comply, saying nothing prohibited the surveillance court from ordering a search for a specific term instead of a specific account. So-called “upstream” bulk collection from phone carriers based on content was found to be legal, they said, and the same logic could apply to Web companies’ mail.

As tech companies become better at encrypting data, they are likely to face more such requests from spy agencies.

Former NSA General Counsel Stewart Baker said email providers “have the power to encrypt it all, and with that comes added responsibility to do some of the work that had been done by the intelligence agencies.”

SECRET SIPHONING PROGRAM

Mayer and other executives ultimately decided to comply with the directive last year rather than fight it, in part because they thought they would lose, said the people familiar with the matter.

Yahoo in 2007 had fought a FISA demand that it conduct searches on specific email accounts without a court-approved warrant. Details of the case remain sealed, but a partially redacted published opinion showed Yahoo’s challenge was unsuccessful.

Some Yahoo employees were upset about the decision not to contest the more recent edict and thought the company could have prevailed, the sources said.

They were also upset that Mayer and Yahoo General Counsel Ron Bell did not involve the company’s security team in the process, instead asking Yahoo’s email engineers to write a program to siphon off messages containing the character string the spies sought and store them for remote retrieval, according to the sources.

The sources said the program was discovered by Yahoo’s security team in May 2015, within weeks of its installation. The security team initially thought hackers had broken in.

When Stamos found out that Mayer had authorized the program, he resigned as chief information security officer and told his subordinates that he had been left out of a decision that hurt users’ security, the sources said. Due to a programming flaw, he told them hackers could have accessed the stored emails.

Stamos’s announcement in June 2015 that he had joined Facebook did not mention any problems with Yahoo. (http://bit.ly/2dL003k)

In a separate incident, Yahoo last month said “state-sponsored” hackers had gained access to 500 million customer accounts in 2014. The revelations have brought new scrutiny to Yahoo’s security practices as the company tries to complete a deal to sell its core business to Verizon Communications Inc for $4.8 billion.

(Reporting by Joseph Menn; Editing by Jonathan Weber and Tiffany Wu)