Sells All Its Users Private Email Contents to U.S.
Agencies for Small Price
11 December 2009
From: Mathaba & Wired.Com's Kim Zetter
Yahoo isn't happy that a detailed menu of the spying
services it provides to "law enforcement" and spy
agencies has leaked onto the web.
After earlier reports this week that Yahoo had blocked
of Information release of its "law enforcement
and intelligence price list", someone helpfully
provided a copy of the Yahoo company's spying guide to
the whistleblower web site Cryptome.org.
The 17-page guide, which Yahoo has tried to suppress
via legal letters to the Cryptome.org site run by
freedom of information champion John Young, describes
Yahoo's policies on keeping the data of Yahoo Email
Yahoo Groups users, as well as the surveillance
and spying capabilities it can give to the U.S.
government and its agencies.
The Yahoo document is a price list for these spying
services and has already resulted in many people
closing down their accounts in protest. However,
a Yahoo account is not as easy as one might
expect: users have reported great difficulty in
finding the link to delete their account, and, Yahoo
will still keep data for another 90 days.
If you ask Yahoo! to delete your Yahoo! account, in
most cases your account will be deactivated and then
deleted from our user registration database in
approximately 90 days. This delay is necessary to
discourage users from engaging in fraudulent activity.
Please note that any
information that we have copied may remain in back-up
storage for some period of time after your deletion
request. This may be the case even though no
information about your account remains in our active
Many government leaders and officials around Africa,
Asia and Latin America are known by Mathaba to widely
be using Yahoo,
Hotmail in spite of these Email services being
hosted on U.S. computers and the ease that gives the
hosts to access their data.. Mathaba has also long
been aware of a great many business people,
politicians and even Presidents who use the "free"
web-based email services of Yahoo for their Email
communications, thus making it easy for the U.S. and
its owners to spy on them with negligible cost.
Cryptome also published lawful data-interception
guides for Cox Communications, SBC, Cingular, Nextel,
GTE and other telecoms and
But of all those companies, it appears to be Yahoo's
lawyers alone who have been stupid enough to try to
issue a "DMCA takedown notice" to Cryptome demanding
the document be removed. Yahoo claims that publication
of the document is a copyright violation, and gave
Cryptome owner John Young a Thursday deadline for
removing the document.
We estimate Yahoo stand a near-zero chance of success
given that Young has thousands of intelligence and
other leaked documents on his site and in the past
decade has yet to remove a single document upon legal
threats, the same 10-year track record held by Mathaba
on documents on
Intelligence in spite of having computers
seized and properties raided.
Mathaba is now also hosting the Yahoo leaked document
on its servers around the world, and the cat is long
out of the bag with the original document having been
downloaded and distributed by many already.
When John Young was asked if there was anything he
wouldn't reveal on his site -- a fault in the
Service detail, for instance -- he said, "Well,
I'm actually looking for that information right now",
much to the chagrin of those who believe that the U.S.
government and its hopelessly corrupt agencies should
have a right to supress information from the public.
The Compliance Guide reveals, as has been known to
Mathaba prior to the leak via our own sources, that
Yahoo does not retain a copy of e-mails that an
account holder sends unless that customer sets up the
account to store those e-mails. Yahoo also cannot
search for or produce deleted e-mails once they've
been removed from a user's trash folder.
The guide also reveals that the company retains the IP
addresses from which a user logs in for just one year.
But the company's logs of IP addresses used to
register new accounts for the first time go back to
1999. The contents of accounts on
Flickr, the photo sharing and storage site
which Yahoo also owns, are purged as soon as a user
deactivates the account.
Chats conducted through the company's
Messenger service may be saved on Yahoo's
server if one of the parties in the correspondence set
up their account to archive chats. This pertains to
the web-based version of the chat service, however.
Yahoo does not save the content of chats for consumers
who use the
downloadable Web Messenger client on their
message logs are retained 45 to 60 days and
includes an account holder's friends list, and the
date and times the user communicated with them.
Young responded to Yahoo's takedown request with a
I cannot find at the Copyright Office a grant of
copyright for the Yahoo spying document hosted on
Cryptome. To assure readers Yahoo's copyright claim is
valid and not another hoary bluff without
substantiation so common under DMCA bombast please
send a copy of the copyright grant for publication on
Until Yahoo provides proof of copyright, the document
will remain available to the public for it provides
information that is in the public interest about
a topic of public debate on ISP unacknowledged spying
complicity with officials for lucrative fees.
exclamation point is surely trademarked so
The company responded that a copyright notice is
optional for works created after March 1, 1989 and
repeated its demand for removal on Thursday. For now,
the document remains on the Cryptome site.
Threat Level reported Tuesday that muckraker and
Indiana University graduate student
Christopher Soghoian had asked all agencies
Department of Justice, under a Freedom of
Information Act (FOIA) request, to provide him with a
copy of the pricing list supplied by telecoms and
internet service providers for the surveillance
services they offer government agencies. But before
the agencies could provide the data, Verizon and Yahoo
intervened and filed an objection on grounds that the
information was proprietary and that the companies
would be ridiculed and publicly shamed were their
surveillance price sheets made public.
Yahoo wrote in its objection letter that if its
pricing information were disclosed to Soghoian, he
would use it "to 'shame' Yahoo! and other companies —
and to 'shock' their customers."
"Therefore, release of Yahoo!'s information is
reasonably likely to lead to impairment of its
reputation for protection of user privacy and
security, which is a competitive disadvantage for
technology companies," the company added.
The price list that Yahoo tried to prevent the
government from releasing to Soghoian appears in one
small paragraph in the 17-page leaked document.
According to this list, Yahoo charges the government
about $30 to $40 for the contents, including e-mail,
of a subscriber's account. It charges $40 to $80 for
the contents of a
and other U.S. "social networking" sites are at
minimum providing information in similar fashion to
U.S. agencies, and in some cases have also received
substantial funding by U.S. government related
entities as a most efficient and cost-effective means
of spying on their users around the world.
-- Includes extensive reporting by Wired.com's Kim