Yahoo and ACLU challenge US government to declassify forced surveillance orders

Yahoo has appealed to the US director of national intelligence, James Clapper, to declassify information about a secretive surveillance order that allegedly forced the firm to scan every incoming user email on behalf of an American spy agency.

In a letter, posted on 19 October, the technology giant publicly called on the US government to provide urgent clarification around the content of "national security orders" and claimed the aim of the message was to "set a precedent of transparency."

At the same time, the American Civil Liberties Union (ACLU) filed a separate motion against the US Foreign Intelligence Surveillance Court (FISC) requesting the release of the specific Yahoo court order alongside 20 other "secret rulings" the court has made over the past decade.

On 4 October, Reuters reported Yahoo had created a "custom software programme" to scan hundreds of millions of Yahoo Mail accounts for the National Security Agency (NSA) or FBI. Later, the New York Times said the system was developed to combat terrorists using Yahoo's popular email service.

According to the reports, the programme was active in 2015 before being discovered and removed by Yahoo's security team. In response to the subsequent outcry, Yahoo said the accusation was "misleading" however was constrained from elaborating further due to the court order.

"Yahoo was mentioned specifically in these reports and we find ourselves unable to respond in detail," Yahoo's general counsel, Ron Bell wrote in the letter to Clapper, adding the news stories "provoked broad speculation" about how the system was used.

He continued: "[The] speculation results in part from lack of transparency and because US laws significantly constrain – and severely punish – companies' ability to speak for themselves about national security related orders.

"We urge your office to consider the following actions to provide clarity on the matter: (i) confirm whether an order, as described in media reports, was issued; (ii) declassify in whole or in part the order, if it exists; and (iii) make a sufficiently detailed public and contextual comment to clarify the alleged facts and circumstances."

The Office of Director of National Intelligence responded: "We can confirm that we have received the letter and will respond to Yahoo directly."

In its separate motion, the ACLU teamed up with a Yale Law School team to ask the FISC to release a slew of information on "novel or significant interpretations" of law ordered between 9/11 and the passage of the USA Freedom Act in June 2015.

According to an ACLU blog post, the courts have approved bulk collection of financial records, warrantless surveillance of Americans, widespread government hacking and compel notices against technology firms to reveal source code and identify vulnerabilities.

"We are seeking these opinions now because — as the new Yahoo revelations underscore — it simply isn't possible to understand the government's claimed authority to conduct surveillance without these judicial rulings," said Patrick Toomey, staff attorney, at the ACLU National Security Project.

"Congress recognised the importance of transparency in the USA Freedom Act when it required that FISC opinions be made public," he continued. "But the government has refused to accept that the need for transparency extends to the many foundational FISC opinions that predate the law and remain hidden. It is now time for the FISC to make clear that the Constitution leaves no room for secret law — even in a court that often operates in the shadows."

For Yahoo, the scandal that erupted after accusations of spying came at a particularly turbulent time. Just before the news came to light, the firm admitted that at least 500 million user accounts had been compromised by a hacker in late-2014 which left the ongoing Verizon takeover bid in jeopardy.