Taliban could take Afghan capital in 90 days amid rapid Taliban gains – U.S. intelligence

KABUL (Reuters) -Taliban fighters could isolate Afghanistan’s capital in 30 days and possibly take it over in 90, a U.S. defense official told Reuters on Wednesday citing U.S. intelligence, as the resurgent militants took control of an eighth provincial Afghan capital.

The official, speaking on condition of anonymity, said that the new assessment of how long Kabul could stand was a result of the rapid gains the Taliban had been making around the country as U.S.-led foreign forces leave.

“But this is not a foregone conclusion,” the official added, saying that the Afghan security forces could reverse the momentum by putting up more resistance.

The Islamists now control 65% of Afghanistan and have taken or threaten to take 11 provincial capitals, a senior EU official said on Tuesday.

All gateways to Kabul, which lies in a valley surrounded by mountains, were choked with civilians entering the city and fleeing violence elsewhere, a Western security source in the city told Reuters, making it hard to tell whether Taliban fighters were also getting through.

“The fear is of suicide bombers entering the diplomatic quarters to scare, attack and ensure everyone leaves at the earliest opportunity,” he said.

Wednesday’s loss of Faizabad, capital of the northeastern province of Badakhshan, was the latest setback for the Afghan government, which has been struggling to stem the momentum of Taliban assaults.

It came as President Ashraf Ghani flew to Mazar-i-Sharif to rally old warlords to the defense of the biggest city in the north as Taliban forces closed in.

Jawad Mujadidi, a provincial council member from Badakhshan, said the Taliban had laid siege to Faizabad before launching an offensive on Tuesday.

“With the fall of Faizabad, the whole of the northeast has come under Taliban control,” Mujadidi told Reuters.

Badakhshan borders Tajikistan, Pakistan and China.

The Taliban are battling to defeat the U.S-backed government and reimpose strict Islamic law. The speed of their advance has shocked the government and its allies.

HOMELAND

U.S. President Joe Biden urged Afghan leaders to fight for their homeland, saying on Tuesday he did not regret his decision to withdraw. He noted that the United States had spent more than $1 trillion over 20 years and lost thousands of troops.

The United States was providing significant air support, food, equipment and salaries to Afghan forces, he said.

The United States will complete the withdrawal of its forces this month in exchange for Taliban promises to prevent Afghanistan being used for international terrorism.

The Taliban promised not to attack foreign forces as they withdraw but did not agree to a ceasefire with the government. A commitment by the Taliban to talk peace with the government side has come to nothing as they eye military victory.

A U.S. source familiar with intelligence assessments said that the views offered a “range” of possible outcomes, from a rapid Taliban takeover to an extended fight to a possible negotiated agreement between the Taliban and current government.

A senior Taliban leader told Reuters that the head of the group’s Political Office, Mullah Abdul Ghani Baradar, met U.S. Special Envoy for Afghan Reconciliation Ambassador Zalmay Khalilzad in Doha on Tuesday.

No details of the meeting have been released. One of the meetings expected to take place on Wednesday will be of the Troika Plus – a platform led by the United States, China and Russia. The Taliban leader, requesting anonymity, said that a Taliban delegation would also take part.

REGIONAL APPEAL

The Taliban advances have raised fears of a return to power of the hardline militants who emerged in the early 1990s from the chaos of civil war. They controlled most of the country from 1996 to 2001, when they were ousted by a U.S.-led campaign for harbouring al Qaeda chief Osama bin Laden.

A new generation of Afghans, who have come of age since 2001, fears that the progress made in areas such as women’s rights and media freedom will be squandered.

Afghan officials have appealed for pressure on Pakistan to stop Taliban reinforcements and supplies flowing over the border. Pakistan denies backing the Taliban.

During their previous rule, the Taliban were never completely in control of the north but this time they seem intent on securing it before closing in on the capital.

Ghani is now appealing for help from the old regional war lords he spent years sidelining as he attempted to project the authority of his central government over wayward provinces.

In the south, government forces were battling Taliban fighters around the city of Kandahar and thousands of civilians from outlying areas had taken refuge there, a resident said.

The Taliban have captured districts bordering Tajikistan, Uzbekistan, Iran, Pakistan and China, heightening regional security concerns.

(Reporting by Kabul, Islamabad, Washington bureaus; Writing by Robert Birsel and Nick Macfie; Editing by Jon Boyle)

Megaphones and more: Mueller details Russian U.S. election meddling

By Doina Chiacu

WASHINGTON (Reuters) – From breaking into computers to paying for a megaphone, Russian efforts to undermine the U.S. political system have been spelled out in detail by Special Counsel Robert Mueller, who has described an elaborate campaign of hacking and propaganda during the 2016 presidential race.

While Mueller has yet to submit to U.S. Attorney General William Barr a final report on his investigation into Russia’s role in the election, the former FBI director already has provided a sweeping account in a pair of indictments that charged 25 Russian individuals and three Russian companies.

Key questions still to be answered are whether Mueller will conclude that Trump’s campaign conspired with Moscow and whether Trump unlawfully sought to obstruct the probe. Trump has denied collusion and obstruction. Russia as denied election interference.

FILE PHOTO: Robert Mueller (R) , serving as Federal Bureau of Investigation director, is seen on a TV monitor at the U.S. Senate Judiciary Committee at an oversight hearing about the FBI on Capitol Hill in Washington, June 19, 2013. REUTERS/Larry Downing/File Photo

FILE PHOTO: Robert Mueller (R) , serving as Federal Bureau of Investigation director, is seen on a TV monitor at the U.S. Senate Judiciary Committee at an oversight hearing about the FBI on Capitol Hill in Washington, June 19, 2013. REUTERS/Larry Downing/File Photo

Here is an explanation of Mueller’s findings about Russian activities and U.S. intelligence assessments of the ongoing threat.

WHAT IS KNOWN ABOUT RUSSIAN “TROLL FARMS”?

On Feb. 16, 2018, Mueller charged 13 Russian individuals and three Russian entities with conspiracy to defraud the United States, wire and bank fraud and identity theft. It said the Internet Research Agency, a Russian-backed propaganda arm known for trolling on social media, flooded American social media sites Facebook, Twitter, YouTube and Instagram to promote Trump and spread disparaging information about his Democratic rival Hillary Clinton. The indictment said the Russian efforts dated to 2014, before Trump’s candidacy, and were intended to sow discord in the United States. [nL2N1Q61CL]

The St. Petersburg-based so-called troll farm employed hundreds of people for its online operations and had a multimillion-dollar budget, according to the indictment. It had a management group and departments including graphics, data analysis and search-engine optimization. Employees worked day and night shifts corresponding to U.S. time zones.

Its funding was provided by Evgeny Prigozhin, a businessman who U.S. officials have said has extensive ties to Russia’s military and political establishment, and companies he controlled including Concord Management and Consulting and Concord Catering. Prigozhin has been described by Russian media as being close to President Vladimir Putin. He has been dubbed “Putin’s cook” because his catering business has organized banquets for Russia’s president.

The Russians targeted Americans with information warfare, adopting false online personas and creating hundreds of social media accounts to push divisive messages and spread distrust of candidates and America’s political system in general, the indictment said. They aimed to denigrate Clinton and support the candidacies of Trump, who won the Republican presidential nomination, and Bernie Sanders, her rival for the Democratic nomination.

HOW WERE AMERICANS UNWITTINGLY RECRUITED?

In Florida, a pivotal state in U.S. presidential elections, the Russians steered unwitting Americans to pro-Trump rallies they conceived and organized. The indictment said the Russians paid “a real U.S. person to wear a costume portraying Clinton in a prison uniform at a rally” and another “to build a cage large enough to hold an actress depicting Clinton in a prison uniform.”

The accused Russians used false Facebook persona “Matt Skier” to contact a real American to recruit for a “March for Trump” rally, offering “money to print posters and get a megaphone,” the indictment said. They created an Instagram account “Woke Blacks” to encourage African-Americans not to vote for “Killary,” saying, “We’d surely be better off without voting AT ALL.” Fake social media accounts were used to post messages saying American Muslims should refuse to vote for Clinton “because she wants to continue the war on Muslims in the Middle East.” Alternatively, they took out Facebook ads promoting a June 2016 rally in Washington, “Support Hillary. Save American Muslims” rally. They recruited an American to hold up a sign with a quote falsely attributed to Clinton that embraced Islamic sharia law, the indictment said.

Some of the accused Russians traveled around the United States to gather intelligence, the indictment said, visiting at least 10 states: California, Colorado, Georgia, Illinois, Louisiana, Michigan, Nevada, New Mexico, New York and Texas.

WHAT ROLE DID RUSSIAN MILITARY OFFICERS PLAY?

On July 13, 2018, Mueller charged 12 Russian military intelligence officers with hacking Democratic Party computer networks in 2016 to steal large amounts of data and then time their release to damage Clinton. The Russian hackers broke into the computer networks of the Clinton campaign and Democratic Party organizations, covertly monitoring employee computers and planting malicious code, as well as stealing emails and other documents, according to the indictment. [nL1N1U90YU]

Using fictitious online personas such as DCLeaks and Guccifer 2.0, the hackers released tens of thousands of stolen emails and documents. The Guccifer 2.0 persona communicated with Americans, including an unidentified person who was in regular contact with senior members of the Trump campaign, the indictment said. Guccifer 2.0 cooperated extensively with “Organization 1” – the WikiLeaks website – to discuss the timing of the release of stolen documents to “heighten their impact” on the election.

On or about July 27, 2016, the Russians tried to break into email accounts used by Clinton’s personal office and her campaign, the indictment said. The same day, candidate Trump told reporters: “Russia, if you are listening, I hope you’re able to find the 30,000 emails that are missing,” referring to emails from a private server Clinton had used when she was secretary of state.

To hide their identity, the Russians laundered money and financed their operation through cryptocurrencies including bitcoin, Mueller’s team said.

IS THE THREAT OVER?

The U.S. intelligence community’s 2019 Worldwide Threat Assessment report cited Russia’s continuing efforts to interfere in the American political system. It stated, “Russia’s social media efforts will continue to focus on aggravating social and racial tensions, undermining trust in authorities, and criticizing perceived anti-Russia politicians. Moscow may employ additional influence toolkits – such as spreading disinformation, conducting hack-and-leak operations or manipulating data – in a more targeted fashion to influence U.S. policy, actions and elections.”

The report said Russia and “unidentified actors” as recently as 2018 conducted cyber activity targeting U.S. election infrastructure, though there is no evidence showing “any compromise of our nation’s election infrastructure that would have prevented voting, changed vote counts or disrupted the ability to tally votes.”

(Reporting by Doina Chiacu; Editing by Will Dunham)

Trump says U.S. working with Turkey, Saudis on journalist probe

U.S. President Donald Trump holds a campaign rally in Erie, Pennsylvania, U.S., October 10, 2018. REUTERS/Leah Millis

WASHINGTON (Reuters) – The United States has investigators overseas to assist Turkey in its probe over missing Saudi journalist Jamal Khashoggi, U.S. President Donald Trump said on Thursday, adding that they are also working with Saudi Arabia.

Trump, in an interview with the Fox News “Fox & Friends” program, also called U.S.-Saudi relations “excellent.” Asked if U.S.-Saudi ties were in jeopardy in light of the Khashoggi matter, Trump did not give a direct answer, saying, “I have to find out what happened … and we’re probably getting closer than you might think.”

Khashoggi, a Saudi citizen who had lived in Washington for the past year, has not been heard from or seen since he entered the Saudi consulate in Istanbul more than one week ago. He left Saudi Arabia last year saying he feared retribution for his criticism of Riyadh over the Yemen war and its crackdown on dissent, and since then wrote columns for the Washington Post.

Trump on Thursday said: “We’re being very tough. And we have investigators over there and we’re working with Turkey, and frankly, we’re working with Saudi Arabia. We want to find out what happened.”

“We’re looking at it very, very seriously. I don’t like it at all,” he added.

Asked about a Washington Post report that U.S. intelligence had intercepted top Saudi officials discussing a plan to capture Khashoggi, Trump told Fox, “It would be a very sad thing.”

“We will probably know in the very short future. We have some incredible people and some incredible talent working on it. We don’t like it. I don’t like it. No good,” he added.

(Reporting by Doina Chiacu and Susan Heavey; Editing by Will Dunham)

WikiLeaks says it releases files on CIA cyber spying tools

FILE PHOTO: People are silhouetted as they pose with laptops in front of a screen projected with binary code and a Central Inteligence Agency (CIA) emblem, in this picture illustration taken in Zenica, Bosnia and Herzegovina October 29, 2014. REUTERS/Dado Ruvic/File Photo/Illustration

By Dustin Volz and Warren Strobel

WASHINGTON (Reuters) – Anti-secrecy group WikiLeaks on Tuesday published what it said were thousands of pages of internal CIA discussions about hacking techniques used over several years, renewing concerns about the security of consumer electronics and embarrassing yet another U.S. intelligence agency.

The discussion transcripts showed that CIA hackers could get into Apple Inc iPhones, Google Inc Android devices and other gadgets in order to capture text and voice messages before they were encrypted with sophisticated software.

Cyber security experts disagreed about the extent of the fallout from the data dump, but said a lot would depend on whether WikiLeaks followed through on a threat to publish the actual hacking tools that could do damage.

Reuters could not immediately verify the contents of the published documents, but several contractors and private cyber security experts said the materials, dated between 2013 and 2016, appeared to be legitimate.

A longtime intelligence contractor with expertise in U.S. hacking tools told Reuters the documents included correct “cover” terms describing active cyber programs.

Among the most noteworthy WikiLeaks claims is that the Central Intelligence Agency, in partnership with other U.S. and foreign agencies, has been able to bypass the encryption on popular messaging apps such as WhatsApp, Telegram and Signal.

The files did not indicate the actual encryption of Signal or other secure messaging apps had been compromised.

The information in what WikiLeaks said were 7,818 web pages with 943 attachments appears to represent the latest breach in recent years of classified material from U.S. intelligence agencies.

Security experts differed over how much the disclosures could damage U.S. cyber espionage. Many said that, while harmful, they do not compare to former National Security Agency contractor Edward Snowden’s revelations in 2013 of mass NSA data collection.

“This is a big dump about extremely sophisticated tools that can be used to target individual user devices … I haven’t yet come across the mass exploiting of mobile devices,” said Tarah Wheeler, senior director of engineering and principal security advocate for Symantec.

Stuart McClure, CEO of Cylance, an Irvine, California, cyber security firm, said that one of the most significant disclosures shows how CIA hackers cover their tracks by leaving electronic trails suggesting they are from Russia, China and Iran rather than the United States.

Other revelations show how the CIA took advantage of vulnerabilities that are known, if not widely publicized.

In one case, the documents say, U.S. and British personnel, under a program known as Weeping Angel, developed ways to take over a Samsung smart television, making it appear it was off when in fact it was recording conversations in the room.

The CIA and White House declined comment. “We do not comment on the authenticity or content of purported intelligence documents,” CIA spokesman Jonathan Liu said in a statement.

Google declined to comment on the purported hacking of its Android platform, but said it was investigating the matter.

Snowden on Twitter said the files amount to the first public evidence that the U.S. government secretly buys software to exploit technology, referring to a table published by WikiLeaks that appeared to list various Apple iOS flaws purchased by the CIA and other intelligence agencies.

Apple Inc did not respond to a request for comment.

The documents refer to means for accessing phones directly in order to catch messages before they are protected by end-to-end encryption tools like Signal.

Signal inventor Moxie Marlinspike said he took that as “confirmation that what we’re doing is working.” Signal and the like are “pushing intelligence agencies from a world of undetectable mass surveillance to a world where they have to use expensive, high-risk, extremely targeted attacks.”

CIA CYBER PROGRAMS

The CIA in recent years underwent a restructuring to focus more on cyber warfare to keep pace with the increasing digital sophistication of foreign adversaries. The spy agency is prohibited by law from collecting intelligence that details domestic activities of Americans and is generally restricted in how it may gather any U.S. data for counterintelligence purposes.

The documents published Tuesday appeared to supply specific details to what has been long-known in the abstract: U.S. intelligence agencies, like their allies and adversaries, are constantly working to discover and exploit flaws in any manner of technology products.

Unlike the Snowden leaks, which revealed the NSA was secretly collecting details of telephone calls by ordinary Americans, the new WikiLeaks material did not appear to contain material that would fundamentally change what is publicly known about cyber espionage.

WikiLeaks, led by Julian Assange, said its publication of the documents on the hacking tools was the first in a series of releases drawing from a data set that includes several hundred million lines of code and includes the CIA’s “entire hacking capacity.”

The documents only include snippets of computer code, not the full programs that would be needed to conduct cyber exploits.

WikiLeaks said it was refraining from disclosing usable code from CIA’s cyber arsenal “until a consensus emerges on the technical and political nature of the C.I.A.’s program and how such ‘weapons’ should be analyzed, disarmed and published.”

U.S. intelligence agencies have said that Wikileaks has ties to Russia’s security services. During the 2016 U.S. presidential campaign, Wikileaks published internal emails of top Democratic Party officials, which the agencies said were hacked by Moscow as part of a coordinated influence campaign to help Republican Donald Trump win the presidency.

WikiLeaks has denied ties to Russian spy agencies.

Trump praised WikiLeaks during the campaign, often citing hacked emails it published to bolster his attacks on Democratic Party candidate Hillary Clinton.

WikiLeaks said on Tuesday that the documents showed that the CIA hoarded serious security vulnerabilities rather than share them with the public, as called for under a process established by President Barack Obama.

Rob Knake, a former official who dealt with the issue under Obama, said he had not seen evidence in what was published to support that conclusion.

The process “is not a policy of unilateral disarmament in cyberspace. The mere fact that the CIA may have exploited zero-day [previously undisclosed] vulnerabilities should not surprise anyone,” said Knake, now at the Council on Foreign Relations.

U.S. officials, speaking on condition of anonymity, said they did not know where WikiLeaks might have obtained the material.

In a press release, the group said, “The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.”

U.S. intelligence agencies have suffered a series of security breaches, including Snowden’s.

In 2010, U.S. military intelligence analyst Chelsea Manning provided more than 700,000 documents, videos, diplomatic cables and battlefield accounts to Wikileaks.

Last month, former NSA contractor Harold Thomas Martin was indicted on charges of taking highly sensitive government materials over a course of 20 years, storing the secrets in his home.

(Reporting by Dustin Volz and Warren Strobel; additional reporting by Joseph Menn, Mark Hosenball, Jonathan Landay and Jim Finkle; Editing by Grant McCool)

U.S. to disclose estimate of Americans under surveillance by early 2017

An undated aerial handout photo shows the National Security Agency (NSA) headquarters building in Fort Meade, Maryland.

By Dustin Volz

WASHINGTON (Reuters) – The U.S. intelligence community has committed to providing as soon as next month a public estimate of the number of U.S. persons whose electronic communications are ensnared under a surveillance authority intended for foreign espionage, according to a bipartisan group of congressional lawmakers’ letter that Reuters saw.

The decision would reverse the government’s longstanding position that calculating such a number may be technically impossible and would require privacy intrusions exceeding those raised by the actual surveillance programs.

It also comes as Congress is expected to begin debate in the coming months over whether to reauthorize or reform the surveillance authority, known as Section 702, a provision that was added to the Foreign Intelligence Surveillance Act in 2008.

The letter, sent on Friday to National Intelligence Director James Clapper, said his office and National Security Agency officials had briefed congressional staff about how the intelligence community intends to comply with the lawmakers’ disclosure request.

Clapper’s office did not immediately respond to a request for comment.

The 11 lawmakers, all members of the U.S. House Judiciary Committee, termed their letter an effort to “memorialize our understanding” of the intelligence community’s plan to provide an estimate in real numbers, not percentages, as soon as January that can be shared with the public.

“The timely production of this information is incredibly important to informed debate on Section 702 in the next Congress— and, without it, even those of us inclined to support re-authorization would have reason for concern,” the letter said.

Section 702 will expire on December 31, 2017, absent congressional action. It enables two internet surveillance programs called Prism and Upstream that were revealed in a series of leaks by former NSA contractor Edward Snowden more than three years ago.

Intelligence officials have said that data about Americans is “incidentally” collected under Section 702, due to a range of technical and practical reasons. Critics have assailed such collection as back-door surveillance of Americans without a warrant.

Clapper, who is stepping down next month, suggested in April that providing an estimate of Americans surveilled under Section 702, a figure some have said could tally in the millions, might be possible, while defending the law as “a prolific producer of critical intelligence.”

Republicans James Sensenbrenner, Darrell Issa, Ted Poe and Jason Chaffetz signed the letter, in addition to Democrats John Conyers, Jerrold Nadler, Zoe Lofgren, Hank Johnson, Ted Deutch, Suzan DelBene and David Cicilline.

(Reporting by Dustin Volz; Editing by Lisa Von Ahn)

U.S. warns about possible al Qaeda attacks in Virginia, Texas, NY

The rising sun lights One World Trade as it stands over the Manhattan borough of New York, U.S.,

WASHINGTON (Reuters) – U.S. intelligence officials have warned local authorities in New York, Texas and Virginia about possible attacks by al Qaeda on Monday, a day before the U.S. presidential election, CBS News reported on Friday, citing unnamed sources.

No specific locations were mentioned, but U.S. intelligence officials alerted joint terrorism task forces about the possible threat, CBS reported.

The FBI did not comment specifically on the report. “The counterterrorism and homeland security communities remain vigilant and well-postured to defend against attacks here in the United States,” it said in a statement on Friday.

The bureau was working closely with federal, state and local law enforcement to identify and disrupt any potential threats, it said.

Reuters could not immediately verify the report, and officials at the U.S. Department of Homeland Security did not immediately respond to a request for comment.

The potential for violent clashes is darkening an already rancorous presidential race between Democrat Hillary Clinton and Republican Donald Trump, on top of the threat of computer hacking and fears that Russia or other state actors could spread political misinformation online or tamper with voting.

And while federal and state authorities are beefing up cyber defenses against potential electronic attacks on voting systems ahead of Election Day, others are taking additional steps to guard against possible civil unrest or violence.

Local authorities in Ohio, Pennsylvania, Arizona, Wisconsin and Florida told Reuters they were not boosting election-related law enforcement personnel or resources above 2012 levels.

(Reporting by Susan Heavey, Doina Chiacu in Washington and Nate Raymond in New York; Editing by Jeffrey Benkoe)

Exclusive: Yahoo secretly scanned customer emails for U.S. intelligence – sources

Yahoo billboard

By Joseph Menn

SAN FRANCISCO (Reuters) – Yahoo Inc last year secretly built a custom software program to search all of its customers’ incoming emails for specific information provided by U.S. intelligence officials, according to people familiar with the matter.

The company complied with a classified U.S. government demand, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said three former employees and a fourth person apprised of the events.

Some surveillance experts said this represents the first case to surface of a U.S. Internet company agreeing to an intelligence agency’s request by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real time.

It is not known what information intelligence officials were looking for, only that they wanted Yahoo to search for a set of characters. That could mean a phrase in an email or an attachment, said the sources, who did not want to be identified.

Reuters was unable to determine what data Yahoo may have handed over, if any, and if intelligence officials had approached other email providers besides Yahoo with this kind of request.

According to two of the former employees, Yahoo Chief Executive Marissa Mayer’s decision to obey the directive roiled some senior executives and led to the June 2015 departure of Chief Information Security Officer Alex Stamos, who now holds the top security job at Facebook Inc.

“Yahoo is a law abiding company, and complies with the laws of the United States,” the company said in a brief statement in response to Reuters questions about the demand. Yahoo declined any further comment.

Through a Facebook spokesman, Stamos declined a request for an interview.

The NSA referred questions to the Office of the Director of National Intelligence, which declined to comment.

The request to search Yahoo Mail accounts came in the form of a classified edict sent to the company’s legal team, according to the three people familiar with the matter.

U.S. phone and Internet companies are known to have handed over bulk customer data to intelligence agencies. But some former government officials and private surveillance experts said they had not previously seen either such a broad demand for real-time Web collection or one that required the creation of a new computer program.

“I’ve never seen that, a wiretap in real time on a ‘selector,'” said Albert Gidari, a lawyer who represented phone and Internet companies on surveillance issues for 20 years before moving to Stanford University this year. A selector refers to a type of search term used to zero in on specific information.

“It would be really difficult for a provider to do that,” he added.

Experts said it was likely that the NSA or FBI had approached other Internet companies with the same demand, since they evidently did not know what email accounts were being used by the target. The NSA usually makes requests for domestic surveillance through the FBI, so it is hard to know which agency is seeking the information.

Alphabet Inc’s Google and Microsoft Corp, two major U.S. email service providers, separately said on Tuesday that they had not conducted such email searches.

“We’ve never received such a request, but if we did, our response would be simple: ‘No way’,” a spokesman for Google said in a statement.

A Microsoft spokesperson said in a statement, “We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo.” The company declined to comment on whether it had received such a request.

CHALLENGING THE NSA

Under laws including the 2008 amendments to the Foreign Intelligence Surveillance Act, intelligence agencies can ask U.S. phone and Internet companies to provide customer data to aid foreign intelligence-gathering efforts for a variety of reasons, including prevention of terrorist attacks.

Disclosures by former NSA contractor Edward Snowden and others have exposed the extent of electronic surveillance and led U.S. authorities to modestly scale back some of the programs, in part to protect privacy rights.

Companies including Yahoo have challenged some classified surveillance before the Foreign Intelligence Surveillance Court, a secret tribunal.

Some FISA experts said Yahoo could have tried to fight last year’s demand on at least two grounds: the breadth of the directive and the necessity of writing a special program to search all customers’ emails in transit.

Apple Inc made a similar argument earlier this year when it refused to create a special program to break into an encrypted iPhone used in the 2015 San Bernardino massacre. The FBI dropped the case after it unlocked the phone with the help of a third party, so no precedent was set.

“It is deeply disappointing that Yahoo declined to challenge this sweeping surveillance order, because customers are counting on technology companies to stand up to novel spying demands in court,” Patrick Toomey, an attorney with the American Civil Liberties Union, said in a statement.

Some FISA experts defended Yahoo’s decision to comply, saying nothing prohibited the surveillance court from ordering a search for a specific term instead of a specific account. So-called “upstream” bulk collection from phone carriers based on content was found to be legal, they said, and the same logic could apply to Web companies’ mail.

As tech companies become better at encrypting data, they are likely to face more such requests from spy agencies.

Former NSA General Counsel Stewart Baker said email providers “have the power to encrypt it all, and with that comes added responsibility to do some of the work that had been done by the intelligence agencies.”

SECRET SIPHONING PROGRAM

Mayer and other executives ultimately decided to comply with the directive last year rather than fight it, in part because they thought they would lose, said the people familiar with the matter.

Yahoo in 2007 had fought a FISA demand that it conduct searches on specific email accounts without a court-approved warrant. Details of the case remain sealed, but a partially redacted published opinion showed Yahoo’s challenge was unsuccessful.

Some Yahoo employees were upset about the decision not to contest the more recent edict and thought the company could have prevailed, the sources said.

They were also upset that Mayer and Yahoo General Counsel Ron Bell did not involve the company’s security team in the process, instead asking Yahoo’s email engineers to write a program to siphon off messages containing the character string the spies sought and store them for remote retrieval, according to the sources.

The sources said the program was discovered by Yahoo’s security team in May 2015, within weeks of its installation. The security team initially thought hackers had broken in.

When Stamos found out that Mayer had authorized the program, he resigned as chief information security officer and told his subordinates that he had been left out of a decision that hurt users’ security, the sources said. Due to a programming flaw, he told them hackers could have accessed the stored emails.

Stamos’s announcement in June 2015 that he had joined Facebook did not mention any problems with Yahoo. (http://bit.ly/2dL003k)

In a separate incident, Yahoo last month said “state-sponsored” hackers had gained access to 500 million customer accounts in 2014. The revelations have brought new scrutiny to Yahoo’s security practices as the company tries to complete a deal to sell its core business to Verizon Communications Inc for $4.8 billion.

(Reporting by Joseph Menn; Editing by Jonathan Weber and Tiffany Wu)