Reuters and the New York Times have reported that a secret court secretly asked Yahoo to secretly screen all users’ e-mail for digital “signatures” that reportedly could appear in the messages between potential terrorists. Yahoo secretly complied and secretly sent all such e-mails (the quantity of which remains secret) to a secret office at the FBI. (The NYT’s sources claim the collection has stopped.) The judge who issued the secret order, claiming to have secret information, reportedly was convinced that the signatures were unique to one particular terrorist organization, the identity of which remains secret. Reuters said that Yahoo “secretly built a custom software program to search all of its customers’ incoming e-mails for specific information [the alleged signatures] provided by U.S. intelligence officials.” Yahoo claimed that it “narrowly interpret[s] every government request for user data to minimize disclosure.” The story came to light two weeks after Yahoo revealed — after keeping it secret for months — that hackers stole the secret credentials of the service’s 500 million users.
Assuming that the intelligence community’s claim is accurate that the hostile group’s e-mails carry a unique digital signature — which would reflect pretty amateurish tradecraft by the terrorists — the broad nature of the request to Yahoo seems unfair. A case can be made for searching the e-mails of particular people, with a court order, but it’s quite different to be forced to run a filter on ALL e-mails in order to find the infinitesimally miniscule number of bad guys. Yahoo’s expedient compliance — its failure to reject such a broad request — hurt its credibility and Americans’ privacy.