Yahoo was ordered last year to search incoming emails for the digital âsignatureâ of a communications method used by a state-sponsored, foreign terrorist organization, according to a government official familiar with the matter.
The Justice Department obtained the order from a judge of the Foreign Intelligence Surveillance Court.
To comply, Yahoo used a modified version of its existing systems that were scanning all incoming email traffic for spam, malware and images of child pornography. The system stored and made available to the Federal Bureau of Investigation a copy of any messages it found that contained the digital signature.
Yahoo was forbidden from disclosing the order and the collection is no longer taking place, the official said Wednesday.
The news story has opened a new chapter in a public debate over trade-offs between security needs and privacy rights that has cast a spotlight on the sometimes cooperative, sometime antagonistic relationship between Silicon Valley companies and the United States government.
It comes six months after a standoff between the F.B.I. and Apple, in which the government obtained a court order to force the company to engineer a special system to help it unlock an encrypted iPhone from one of the attackers in the December mass shooting in San Bernardino, Calif. The F.B.I. gave up the fight with Apple after it found a way into the iPhone without the companyâs help.
By contrast, Yahoo cooperated with the court order to use its scanning systems to hunt for the digital signature, although the technical burden on the company appears to have been significantly less than what the F.B.I. had wanted Apple to do.
Although the digital signature was individually approved by a judge, who was persuaded that there was probable cause to believe that it was uniquely used by a foreign power, the collection was unusual because it involved the systematic scanning of all Yahoo usersâ emails. More typical surveillance court orders instead target specific user accounts.
The description by the official, who spoke on condition of anonymity, of the unusual surveillance operation carried out at Yahoo shed significant new light on the basis for a report on Tuesday by Reuters that has attracted widespread attention and provoked outrage among privacy and technology specialists.
The Reuters article reported that in response to a âbroad demandâ from the government, Yahoo had âsecretly built a custom software program to search all of its customersâ incoming emails for specific information provided by U.S. intelligence officials.â
In fact, according to the government official and other people familiar with the matter, Yahoo was served with an individualized court order to look only for code uniquely used by the foreign terrorist organization, and it adapted the scanning systems that it already had in place to comply with that order rather than building a new capability.
Asked on Wednesday about the information obtained by The New York Times about the order, Suzanne Philion, a Yahoo spokeswoman, said the company had nothing further to add. Earlier in the day, the company said in a statement that the Reuters article was âmisleading.â
âWe narrowly interpret every government request for user data to minimize disclosure,â the Yahoo statement said. âThe mail scanning described in the article does not exist on our systems.â
Technology companies like Yahoo, Google and Microsoft are required by law to search email traffic and digital uploads for child pornography and report those images to the National Center for Missing and Exploited Children. They similarly search traffic for malware and spam, which companies disclose in their terms of service.
The use of that technology to carry out an order from the Foreign Intelligence Surveillance Court to search for a digital signature used by a foreign power is rare. Several other companies said they had not encountered such an order, and the official familiar with the Yahoo matter portrayed it as innovative.