Yahoo searching your emails: another view

Earlier today, Ed dove into the recent story about Yahoo agreeing to search their users’ emails and report suspicious activity to the government. A story like this is bound to have privacy advocates up in arms because it clearly has some troubling aspects, but I’m going to once again jump in and suggest that maybe we shouldn’t throw the baby out with the bathwater here. First, let’s go back to the thumbnail description from the Reuters article of precisely what was done. (Or more to the point, what we know about the agreement.)

Yahoo Inc last year secretly built a custom software program to search all of its customers’ incoming emails for specific information provided by U.S. intelligence officials, according to people familiar with the matter.

The company complied with a classified U.S. government directive, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said two former employees and a third person apprised of the events.

Some surveillance experts said this represents the first case to surface of a U.S. Internet company agreeing to a spy agency’s demand by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real time.

I’m not going to deny that this sounds pretty bad on the surface, and the fact that the company was being threatened with massive fines if they failed to comply is a black mark for the government. That’s no way to do business. But at the same time I have to maintain at least a bit of sympathy for our intelligence agencies who need to plow through a nearly infinite amount of data looking for a needle in a planet sized haystack as they try to prevent the next terror attack. Is there some sort of middle ground available? Let’s swing back for a moment to Ed’s column and some of the concerns he expressed.

Whether or not Obama was engaging in Clintonian spin about the word “target,” the clear message to American citizens was that the government couldn’t access the content of our e-mails without a warrant. And yet, here we have the government pressuring Yahoo into providing access to content on the widest possible scale, and Yahoo caving to their demands — two years after Obama made this statement. It was hardly voluntary — the Obama administration threatened to levy $250,000 fines each day for non-compliance — but Yahoo complied.

I think it’s appropriate to focus on the word “target” for a moment. If there were specific individuals or even groups which were under suspicion (but not charged with anything or even at the point where probable cause might merit a warrant) and the government was demanding the emails from those users, this would be a non-starter. That would indeed be “targeting” and if their suspicions were solid enough they should be able to get a warrant to request the specific emails.

But what’s going on here is more of a wholesale search and it sounds like there was not some mass opening up of Yahoo’s email archives for random inspection. Couldn’t the government ask for keyword searches on names or phrases which they already know are being employed by other terror suspects? Then, if they do show up in the search, just the headers could be identified. At that point, the existence of those keywords and names in the correspondence should be sufficient for a FISA court to issue a warrant to obtain just those specific emails. If they wind up being unrelated they would have to be discarded, the warrant expires and that’s the end of it. I can picture that happening a lot because I exchange all sorts of emails with names and terror related items as part of my research for articles. I don’t use Yahoo, but if I did I’m sure I’d produce a lot of hits on such a search.

Would I be bothered that my emails were turned over to the government if they obtained a FISA warrant first and then determined that I was just a blogger writing about the subject? Even with privacy concerns in mind I’d have to say no. But if somebody else’s emails did lead to a connection to a potential attack I’d sure want our intelligence agencies finding out about it sooner rather than later.

The problem is that the details released thus far don’t exactly make it clear whether or not a procedure such as the one I described above was being followed. If Yahoo has just been turning over huge amounts of email in a wholesale fashion without seeing a warrant then it needs to stop. But I simply can’t condemn the intelligence agencies for casting a broad net looking for threads to pull on. If that’s how they’d like to do it, should we really deny them that access? If your answer is yes then we’re basically telling our own intelligence agencies that they have to know who the bad guys are before they can even being looking.

Backlit keyboard