If someone guessed, around, let’s say, 1948, that one day 280 million people’s personal correspondence would be systematically sifted, scrutinised and spied on by government agencies, it would have made a great dystopian novel. The news broken by Reuters yesterday, however, that Yahoo secretly built a software programme in 2015 to scan all of its users’ incoming emails on behalf of US intelligence services has barely caused a ripple in the general population. Who cares, right? After all, you use Gmail.
Leaving aside the 280 million people who actually do still use Yahoo (please, why, stop), it’s natural to not care about hacks and data breaches that don’t directly affect you. In fact, outside of thousands of pounds disappearing from your bank account overnight, it’s hard for most of us to care about products and services that we already know “spy” on us (see Google Allo and Amazon Echo). After all, if your inbox is full of JustEat confirmations and Wowcher | 3hr laser hair removal £29, does being spied on even matter?
Spoiler alert: it does. And here are five reasons why.
Two can play at that game
To quote Gandalf the Grey: “We do not know who else may be watching.” After the Yahoo news broke, journalists were quick to question other tech companies about their own policies. Although Google, Facebook, Twitter, and Microsoft all claimed they would fight similar government requests for data, it is worth noting that Yahoo’s own transparency report makes no mention of their email-scanning software and the number of people it affected. In fact, Yahoo’s own security team didn’t even know of the software, purportedly prompting Chief Information Security Officer Alex Stamos to resign when he found out.
It’s up to you whether you think it’s too tinfoil-hat to assume these companies are lying, but it is worth scrutinising their statements and practices. Microsoft, for example, said: “We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo.” This is a very specific denial, which leaves questions about what other types of surveillance the company might be using.
We’re completely reliant on whistleblowers
Yahoo’s software was outed by three former employees, but their knowledge is limited and we do not know what the US intelligence officials were looking for or what data was actually handed over. Without transparency from tech companies we are completely reliant on such individuals to let us know the truth, and naturally, this isn’t always possible. If we don’t demand transparency from companies, we won’t get it, and this is as good an issue as any to get the ball rolling.
Even without this software, companies can and do hand your data over to authorities
While Google, Facebook et al all claim they would refuse the specific request of building software to scan incoming messages, the lack of end-to-end encryption means many can and do hand over your messages to the authorities when asked.
End-to-end encryption (E2EE), in short, is that thing Whatsapp rolled out in April that means only you and the recipient of your message can read it. Messaging services without E2EE can store your conversations on their servers and access them at any time, particularly to hand them over to the government when required by law. As of today, Facebook allows users to opt-in to EE2E, but up until this point, all of your Messenger conversations were accessible on their servers. Twitter’s direct messaging service also doesn’t have E2EE, and neither – and here’s the kicker – do any mainstream email providers.
Once the backdoor is open, you can’t control who walks in
But so what, right? Who needs privacy when the government can monitor emails to catch terrorists? Terrorists! The problem with backdoor systems like Yahoo’s is that hackers can also potentially gain access, and the same is true for messages that don’t have E2EE and are thus stored on companies’ servers.
Apathy sets a scary precedent
Privacy is a right, and a right worth protecting. Regardless of how boring your emails are, they can easily be misconstrued and used against you legally. Sacrificing privacy now also sets a worrying precedent for all of our future conversations. It doesn’t matter if you don’t have anything to hide – you have the right to hide it. We have to start both caring and showing companies we care in order to prompt change.
Whether you use Hotmail, Gmail, Outlook, or iCloud, this issue does affect you. And if you use Yahoo? Now would be a better time than any to stop.