Posted on 12/08/2009 12:42:29 PM PST by Beloved Levinite
Subject: Yahoo Sells All Its Users Private Email Contents to U.S. Agencies
yahoo-spy.pdf Yahoo Lawful Spying Guide December 2, 2009
cox-spy.pdf Cox Lawful Spying Guide December 2, 2009
sbc-ameritech- spy.pdf SBC-Ameritech Lawful Spying Guide December 2, 2009
sbc-lea-spy. pdf SBC Lawful Spying Guide December 2, 2009
At 02:30 PM 12/7/09, W.G.E.N. wrote: Yahoo Sells All Its Users Private Email Contents to U.S. Agencies for Small Price Posted: 2009/12/05 From: Mathaba http://www.mathaba. net/news/ ?x=622292
(Mathaba) Yahoo isn't happy that a detailed menu of the spying services it provides to "law enforcement" and spy agencies has leaked onto the web.
After earlier reports this week that Yahoo had blocked an FOIA Freedom of Information release of its "law enforcement and intelligence price list", someone helpfully provided a copy of the Yahoo company's spying guide to the whistleblower web site Cryptome.org.
(Excerpt) Read more at cryptome.org ...
Yes, the Obama Adninistration is paying to read all your "private" emails. Should we be surprised? OUTRAGED, yes, surprised, no. Where do we go from here??
The 17-page guide, which Yahoo has tried to suppress via legal letters to the Cryptome.org site run by freedom of information champion John Young, describes Yahoo’s policies on keeping the data of Yahoo Email and Yahoo Groups users, as well as the surveillance and spying capabilities it can give to the U.S. government and its agencies.
The Yahoo document is a price list for these spying services and has already resulted in many people closing down their accounts in protest. However, closing a Yahoo account is not as easy as one might expect: users have reported great difficulty in finding the link to delete their account, and, Yahoo will still keep data for another 90 days.
If you ask Yahoo! to delete your Yahoo! account, in most cases your account will be deactivated and then deleted from our user registration database in approximately 90 days. This delay is necessary to discourage users from engaging in fraudulent activity.
Please note that any information that we have copied may remain in back-up storage for some period of time after your deletion request. This may be the case even though no information about your account remains in our active user databases.
Many government leaders and officials around Africa, Asia and Latin America are known by Mathaba to widely be using Yahoo, Gmail, and Hotmail in spite of these Email services being hosted on U.S. computers and the ease that gives the hosts to access their data.. Mathaba has also long been aware of a great many business people, politicians and even Presidents who use the “free” web-based email services of Yahoo for their Email communications, thus making it easy for the U.S. and its owners to spy on them with negligible cost.
Cryptome also published lawful data-interception guides for Cox Communications, SBC, Cingular, Nextel, GTE and other telecoms and Internet service providers.
But of all those companies, it appears to be Yahoo’s lawyers alone who have been stupid enough to try to issue a “DMCA takedown notice” to Cryptome demanding the document be removed. Yahoo claims that publication of the document is a copyright violation, and gave Cryptome owner John Young a Thursday deadline for removing the document.
We estimate Yahoo stand a near-zero chance of success given that Young has thousands of intelligence and other leaked documents on his site and in the past decade has yet to remove a single document upon legal threats, the same 10-year track record held by Mathaba on documents on British Intelligence in spite of having computers seized and properties raided.
Mathaba is now also hosting the Yahoo leaked document on its servers around the world, and the cat is long out of the bag with the original document having been downloaded and distributed by many already.
When John Young was asked if there was anything he wouldn’t reveal on his site — a fault in the President’s Secret Service detail, for instance — he said, “Well, I’m actually looking for that information right now”, much to the chagrin of those who believe that the U.S. government and its hopelessly corrupt agencies should have a right to supress information from the public.
The Compliance Guide reveals, as has been known to Mathaba prior to the leak via our own sources, that Yahoo does not retain a copy of e-mails that an account holder sends unless that customer sets up the account to store those e-mails. Yahoo also cannot search for or produce deleted e-mails once they’ve been removed from a user’s trash folder.
The guide also reveals that the company retains the IP addresses from which a user logs in for just one year. But the company’s logs of IP addresses used to register new accounts for the first time go back to 1999. The contents of accounts on Flickr, the photo sharing and storage site which Yahoo also owns, are purged as soon as a user deactivates the account.
Chats conducted through the company’s Web Messenger service may be saved on Yahoo’s server if one of the parties in the correspondence set up their account to archive chats. This pertains to the web-based version of the chat service, however. Yahoo does not save the content of chats for consumers who use the downloadable Web Messenger client on their computer.
Instant message logs are retained 45 to 60 days and includes an account holder’s friends list, and the date and times the user communicated with them.
Young responded to Yahoo’s takedown request with a defiant note:
I cannot find at the Copyright Office a grant of copyright for the Yahoo spying document hosted on Cryptome. To assure readers Yahoo’s copyright claim is valid and not another hoary bluff without substantiation so common under DMCA bombast please send a copy of the copyright grant for publication on Cryptome.
Until Yahoo provides proof of copyright, the document will remain available to the public for it provides information that is in the public interest about Yahoo’s contradictory privacy policy and should remain a topic of public debate on ISP unacknowledged spying complicity with officials for lucrative fees.
Note: Yahoo’s exclamation point is surely trademarked so omitted here.
The company responded that a copyright notice is optional for works created after March 1, 1989 and repeated its demand for removal on Thursday. For now, the document remains on the Cryptome site.
Threat Level reported Tuesday that muckraker and Indiana University graduate student Christopher Soghoian had asked all agencies within the Department of Justice, under a Freedom of Information Act (FOIA) request, to provide him with a copy of the pricing list supplied by telecoms and internet service providers for the surveillance services they offer government agencies. But before the agencies could provide the data, Verizon and Yahoo intervened and filed an objection on grounds that the information was proprietary and that the companies would be ridiculed and publicly shamed were their surveillance price sheets made public.
Yahoo wrote in its objection letter that if its pricing information were disclosed to Soghoian, he would use it “to ‘shame’ Yahoo! and other companies  and to ‘shock’ their customers.”
“Therefore, release of Yahoo!’s information is reasonably likely to lead to impairment of its reputation for protection of user privacy and security, which is a competitive disadvantage for technology companies,” the company added.
The price list that Yahoo tried to prevent the government from releasing to Soghoian appears in one small paragraph in the 17-page leaked document. According to this list, Yahoo charges the government about $30 to $40 for the contents, including e-mail, of a subscriber’s account. It charges $40 to $80 for the contents of a Yahoo group.
Facebook, Twitter, MySpace and other U.S. “social networking” sites are at minimum providing information in similar fashion to U.S. agencies, and in some cases have also received substantial funding by U.S. government related entities as a most efficient and cost-effective means of spying on their users around the world. — Mathaba
— Includes extensive reporting by Wired.com’s Kim Zetter
Right off the bat I am very skeptical about this article.
I scanned the article. Does anyone know how long this has been going on? Is this a recent venture or has it been going on for sometime?
Does that include my att account through my.yahoo?????
Link does not work for me... but I am in Eastern Europe.. it may not like my IP address.
The facts in the article may be correct regarding Yahoo's prices, but it implies that Yahoo will turn over any email contents for a price. I doubt that is the case.
Unless Yahoo's lawyers are stupid, they would not allow any email disclosure to law enforcement unless Yahoo was served with a valid court order, subpoena or similar document.
The price list is just so Yahoo can recover its costs of complying with the court orders.
Disclaimer: The information presented here has been gathered and analyzed in my capacity as a graduate student at Indiana University. This data was gathered and analyzed on my own time, without using federal government resources. This data, and the analysis I draw from it will be a major component of my PhD dissertation, and as such, I am releasing it in order to receive constructive criticism on my theories from other experts in the field. The opinions I express in my analysis are my own, and do not reflect the views of the Federal Trade Commission, any individual Commissioner, or any other individual or organization with which I am affiliated.
UPDATE 12/3/2009 @ 12:20PM: I received a phone call from an executive at TeleStrategies, the firm who organized the ISS World conference. He claimed that my recordings violated copyright law, and asked that I remove the mp3 recordings of the two panel sessions, as well as the YouTube/Vimeo/Ikbis versions I had embedded onto this blog. While I believe that my recording and posting of the audio was lawful, as a good faith gesture, I have taken down the mp3s and the .zip file from my web hosting account, and removed the files from Vimeo/YouTube/Ikbis.
Executive Summary
Sprint Nextel provided law enforcement agencies with its customers' (GPS) location information over 8 million times between September 2008 and October 2009. This massive disclosure of sensitive customer information was made possible due to the roll-out by Sprint of a new, special web portal for law enforcement officers.
The evidence documenting this surveillance program comes in the form of an audio recording of Sprint's Manager of Electronic Surveillance, who described it during a panel discussion at a wiretapping and interception industry conference, held in Washington DC in October of 2009.
It is unclear if Federal law enforcement agencies' extensive collection of geolocation data should have been disclosed to Congress pursuant to a 1999 law that requires the publication of certain surveillance statistics -- since the Department of Justice simply ignores the law, and has not provided the legally mandated reports to Congress since 2004.
Introduction
"[Service providers] have, last time I looked, no line entry in any government directory; they are not an agent of any law enforcement agency; they do not work for or report to the FBI; and yet, you would never know that by the way law enforcement orders them around and expects blind obedience."
-- Albert Gidari Jr., Keynote Address: Companies Caught in the Middle, 41 U.S.F. L. Rev. 535, Spring 2007.
"The reason we keep [search engine data] for any length of time is one, we actually need it to make our algorithms better, but more importantly, there is a legitimate case of the government, or particularly the police function or so forth, wanting, with a Federal subpoena and so forth being able to get access to that information."
-- Eric Schmidt, CEO of Google, All Things Considered, NPR interview between 5:40 and 6:40, October 2, 2009.
"As a matter of policy, we do not comment on the nature or substance of law enforcement requests to Google."Only Facebook and AOL have publicly disclosed the approximate number of requests they receive from the government -- 10-20 requests per day and 1000 requests per month, respectively.
"We do not comment on specific requests from the government. Microsoft is committed to protecting the privacy of our customers and complies with all applicable privacy laws."
"Given the sensitive nature of this area and the potential negative impact on the investigative capabilities of public safety agencies, Yahoo does not discuss the details of law enforcement compliance. Yahoo responds to law enforcement in compliance with all applicable laws."
"When I can follow the money, I know how much of something is being consumed - how many wiretaps, how many pen registers, how many customer records. Couple that with reporting, and at least you have the opportunity to look at and know about what is going on.Telecommunications carriers and Internet firms do not just hand over sensitive customer information to law enforcement officers. No -- these companies charge the government for it.
-- Albert Gidari Jr., Keynote Address: Companies Caught in the Middle, 41 U.S.F. L. Rev. 535, Spring 2007.
"Our pricing schedules reveal (for just two examples) that upon the lawful request of law enforcement we are able to [redacted by USMS]. In cooperation with law enforcement, we do not release that information to the general public out of concern that a criminal may become aware of our capabilities, see a change in his service, correctly assume that the change was made at the lawful request of law enforcement and alter his behavior to thwart a law enforcement investigation."
"It is reasonable to assume from these comments that the [pricing] information, if disclosed, would be used to "shame" Yahoo! and other companies -- and to "shock" their customers. Therefore, release of Yahoo!'s information is reasonably likely to lead to impairment of its reputation for protection of user privacy and security, which is a competitive disadvantage for technology companies."
"Federal officials are routinely asking courts to order cellphone companies to furnish real-time tracking data so they can pinpoint the whereabouts of drug traffickers, fugitives and other criminal suspects, according to judges and industry lawyers." Ellen Nakashima, Cellphone Tracking Powers on Request, The Washington Post, November 23, 2007.
"Law enforcement routinely now requests carriers to continuously 'ping' wireless devices of suspects to locate them when a call is not being made ... so law enforcement can triangulate the precise location of a device and [seek] the location of all associates communicating with a target."
-- Christopher Guttman-McCabe, vice president of regulatory affairs for CTIA -- the Wireless Association, in a July 2007 comment to the Federal Communications Commission.
"[M]y major concern is the volume of requests. We have a lot of things that are automated but that's just scratching the surface. One of the things, like with our GPS tool. We turned it on the web interface for law enforcement about one year ago last month, and we just passed 8 million requests. So there is no way on earth my team could have handled 8 million requests from law enforcement, just for GPS alone. So the tool has just really caught on fire with law enforcement. They also love that it is extremely inexpensive to operate and easy, so, just the sheer volume of requests they anticipate us automating other features, and I just don't know how we'll handle the millions and millions of requests that are going to come in.
-- Paul Taylor, Electronic Surveillance Manager, Sprint Nextel.
"In the electronic surveillance group at Sprint, I have 3 supervisors. 30 ES techs, and 15 contractors. On the subpoena compliance side, which is anything historical, stored content, stored records, is about 35 employees, maybe 4-5 supervisors, and 30 contractors. There's like 110 all together."
-- Paul Taylor, Electronic Surveillance Manager, Sprint Nextel, describing the number of employees working full time to comply with requests for customer records.
"Cricket doesn't have as many subscribers so our numbers are going to be less. I think we have 4.5 - 5 million subscribers. We get approximately 200 requests per calendar day, and that includes requests for records, intercepts. We don't have the type of automation they do, and we can't do the location specificy that they can, because we don't have GPS."
-- Janet A. Schwabe, Subpoena Compliance Manager, Cricket Communications
"Nextel's system, they statically assign IP addresses to all handsets ... We do have logs, we can go back to see the IP address that used MySpace. By the way - MySpace and Facebook, I don't know how many subpoenas those people get, or emergency requests but god bless, 95% of all IP requests, emergencies are because of MySpace or Facebook... On the Sprint 3G network, we have IP data back 24 months, and we have, depending on the device, we can actually tell you what URL they went to ... If [the handset uses] the [WAP] Media Access Gateway, we have the URL history for 24 months ... We don't store it because law enforcement asks us to store it, we store it because when we launched 3G in 2001 or so, we thought we were going to bill by the megabyte ... but ultimately, that's why we store the data ... It's because marketing wants to rifle through the data."
-- Paul Taylor, Electronic Surveillance Manager, Sprint Nextel.
"Two or three years ago, we probably had less than 10% of our requests including text messaging. Now, over half of all of our surveillance includes SMS messaging."
-- Paul Taylor, Electronic Surveillance Manager, Sprint Nextel.
Unlike other tools which actually collect content, such as wiretaps, pen registers and trap-and-trace devices merely request outgoing and incoming phone numbers. Because the government cannot collect any content using pen registers, a minimization requirement makes no sense. What is there is there to minimize?After reading this article, it should be clear to the reader that pen registers and trap & trace devices are used for far more than just collecting phone numbers dialed. They are used to get email headers (including To, From
It's been going on for many years. Telecom and ISP's must cooperate with the government, and all turnover of user information and contents is in accord with duly-enacted laws, e.g., CALEA, U.S.A. PATRIOT Act, etc. The government paid for CALEA compliance, and pays for surveillance.
“Not sure of the ramifications but thought it might be of interest ping...”
well at least your library card is safe
p4L
Google agreed to work with the Oboma administration on something quite a while ago. I'm not sure what it was all about. I don't use google, because during the election they'd only except left wing political advertisements.
We don't use Yahoo, either. Too bad for those who do, though. They've been Obomatized.
Yeah....I do, unfortunately..and I’m addicted to Yahoo Groups. Great folks & info shred. Pity.
Yahoo scmahoo! When I want to remind Zero that he’s a butt-wipe I do it right here on FR where the Commies read every day.
Good points, all.
A.A.C.
Big `ol reference PING
If they want to read through the 0bama jokes and cartoons I get and pass on they're welcome to spend their time on them.
I read it... yahoo’s policies are much better than i expected...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.