For those not savvy, Yahoo, search engine and free e-mail provider had a bad couple of weeks. First, a hack which exposed the personal information of half a billion e-mail accounts was made public. That's a lot. Worse yet, the hack happened in 2014, which means that Yahoo either tried to cover it up or just didn't bother informing the public about this because, well, it must not have been that bad or that important. Second, Reuters published an article about a clandestine e-mail scanning program built by Yahoo itself because of a classified U.S. government demand. Ouch. I wouldn't want to work in the PR department there.
Public statements in instances like this need to be examined closely for both what is said and what is not said. Shades of truth are common and deception without outright lying is the norm. For example:
Google: "We've never received such a request, but if we did, our response would be simple: 'No way'."This only denies having received a request for scanning e-mails. This does not in any way refer to other possible requests, such as access to servers, the ability to intercept network traffic, or any of a variety of other less-than-reputable actions. Considering the long history Google has of privacy concerns, this is unfortunately suspect. A spokesperson from Microsoft was even more obvious:
Microsoft: "We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo."A statement like this leaves the door wide open for denying the specific actions of Yahoo without saying anything else. Microsoft has a history of problems, including potential collaboration with the NSA, the arm of the federal government responsible for espionage, intelligence, and government-sponsored hacking. Combined with their abuses of their customers with Windows 8, the Windows 10 upgrade, and many other ways, they are not to be trusted at all. Ever.
Facebook had a similar response:
“Facebook has never received a request like the one described in these news reports from any government, and if we did we would fight it.”
This statement is a little less discouraging, considering that it includes 'any government,' but Facebook's privacy practices do little to put it into a positive light.
Please understand that good people also work for these companies and for the government. The problem is that people with power in these organizations don't necessarily have the interests of the people in mind or have an "ends justify the means" type of mentality. Unfortunately, this means that we, the common people, have to not trust our government to look out for us and many large corporations because of it. Yahoo has resisted federal action before and complied out of threat of heavy fines. Apple and the FBI went back and forth about unlocking an iPhone. Occasionally their hands are tied and sometimes they are bullied into submission. Whatever the reason, the results are, unfortunately, the same.
Apple, although very good at making easy to use, desirable products, trades this usability for control. As a company, it keeps very tight control over its products and what people are able to do with them. Some reasons are technical, but others are very much not. Following the Yahoo scanning incident, they would not make a comment on the record about it, merely referring to CEO Tim Cook's privacy letter. Apple doesn't always have the best security practices and wants you to stay close to them and buy lots of stuff, but at least they respect your privacy.
Given the actions of these major players in the computer industry and multiple security holes in smartphone technology, maintaining your privacy and a decent amount of digital security is hard, but it doesn't have to be impossible. Based on the evidence and their actions both in this incident and in the past, on the other hand, trusting the government is impossible and many, but not all, companies have earned a healthy distrust by their customers. Let's find a better road together, everyone.
Update: Add AT&T to the list. Apparently they like to spy on their cell customers, as well.
