Yahoo says it's not currently spying on customer emails - but that doesn't mean it wasn't in the past
Kimberly White/Getty Images for Fortune
Marissa Mayer speaks during the Fortune Global Forum - Day2 at the Fairmont Hotel on November 3, 2015 in San Francisco, California.
On Tuesday, Reuters reported that two former employees and a third person aware of the events claimed the company had last year secretly built software that would scan all of its' customers emails to look for certain keywords. The scanning, at the direction of the NSA or FBI, led to the resignation of then-CISO Alex Stamos, who resigned in protest after learning the decision was made by CEO Marissa Mayer without his knowledge.
"The article is misleading," a Yahoo spokesperson told Business Insider. "We narrowly interpret every government request for user data to minimize disclosure. The mail scanning described in the article does not exist on our systems."
There's a lot of wiggle room in that statement, however. Yahoo says the article is misleading but doesn't offer specifics, and it says the scanning software does not exist on its systems - a claim that could be true now that doesn't rule out whether the company had used such a tool in the past.
When Business Insider asked for clarification, a Yahoo spokesman declined to comment further than the statement.
Yahoo's approach to the security of its hundreds of millions of users has been put under a microscope amid revelations of a massive hack that went unreported for years and the company's undisclosed collaboration with the nation's top spy agency.
According to the former Yahoo executive that Business Insider spoke to, Yahoo's culture of secrecy and its prioritization of other business goals led to troubling security practices that made it much more difficult for Yahoo to defend from hackers.
Yahoo's security team was often denied funding and sometimes kept in the dark at Mayer's direction, as she feared more emphasis on security could potentially spur a decline in the company's user base.
"In the Mayer world, it became highly secretive," to the point where the head of security wasn't always "even part of the discussion," the executive told Business Insider.
One such example was highlighted Tuesday, with some former Yahoo employees telling Reuters that Alex Stamos, the chief information security officer in 2015, was left completely out of a decision by Mayer to scan user emails for the government. Stamos and the security team only learned of the program after testing Yahoo's systems for vulnerabilities and discovering software they thought had been inserted by hackers.
Instead, it was Yahoo's own software engineers who had secretly installed the email scanning software. Stamos, who had been on the job for just one year, resigned in protest.
A former executive told Business Insider it wasn't the first time a secret was kept from Yahoo's security team.
When news of the reported government-directed spying first broke, Yahoo said in a statement: "Yahoo is a law abiding company, and complies with the laws of the United States."
Next Story
Saudi Arabia wants China to help fund its struggling $500 billion Neom megaproject. Investors may not be too excited.
I spent $2,000 for 7 nights in a 179-square-foot room on one of the world's largest cruise ships. Take a look inside my cabin.
One of the world's only 5-star airlines seems to be considering asking business-class passengers to bring their own cutlery
Experts warn of rising temperatures in Bengaluru as Phase 2 of Lok Sabha elections draws near
Axis Bank posts net profit of ₹7,129 cr in March quarter
7 Best tourist places to visit in Rishikesh in 2024
From underdog to Bill Gates-sponsored superfood: Have millets finally managed to make a comeback?
7 Things to do on your next trip to Rishikesh
