Wednesday, October 05, 2016

Why you can't trust American companies

Why can't you trust American companies? Because they'll gleefully everyone's email for the NSA:

Yahoo Inc last year secretly built a custom software program to search all of its customers' incoming emails for specific information provided by U.S. intelligence officials, according to people familiar with the matter.

The company complied with a classified U.S. government demand, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said three former employees and a fourth person apprised of the events.

Some surveillance experts said this represents the first case to surface of a U.S. Internet company agreeing to an intelligence agency's request by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real time.

This goes well beyond warrants for particular accounts, and into being a tool of the US surveillance state. Its not acceptable, and it treats its customers with contempt.

Meanwhile, if you're an Xtra customer, your privacy might also have been invaded, thanks to Xtra's decision to outsource its email to Yahoo:
Spark is checking with partner Yahoo whether Spark's New Zealand customers may have had their emails snooped on by United States security agencies.


Spark outsourced about 500,000 Xtra email accounts to Yahoo in 2007 but it is not clear whether they were among the accounts scanned on behalf of US security services.

Hopefully the Privacy Commissioner is looking into this as well. But its a perfect example of the dangers of outsourcing, and the lesson is clear: don't trust America, and don't outsource to American companies.

Meanwhile, my blog email is held with Yahoo - though as its I'd already assumed it was being read by GCHQ anyway (because they read everything going into or out of the UK). If you want to actually communicate with me securely, then you can either use my PGP key, or alternatively you can contact me using ProtonMail.