{"id":2087,"date":"2016-10-06T14:50:47","date_gmt":"2016-10-06T12:50:47","guid":{"rendered":"https:\/\/www.ofcourseimright.com\/?p=2087"},"modified":"2016-10-06T17:51:27","modified_gmt":"2016-10-06T15:51:27","slug":"lets-not-blame-yahoo-for-u-s-policies","status":"publish","type":"post","link":"https:\/\/ofcourseimright.com\/?p=2087","title":{"rendered":"Let\u2019s not blame Yahoo! for a difficult policy problem"},"content":{"rendered":"

\"Yahoo!\"Many in the tech community are upset over reports from The New York Times and others that Yahoo!<\/a> responded to an order<\/a> issued by the Foreign Intelligence Surveillance Act Court (FISC)<\/a> to search across their entire account base a specific \u201csignatures\u201d of people believed to be terrorists.<\/p>\n

It is not clear what capabilities Yahoo! already has, but it would not be unreasonable to expect them to have the ability to scan incoming messages for spam and malware, for instance.\u00a0 What\u2019s more, we are all the better for this sort of capability.\u00a0 Consider that around 85% of all email is spam<\/a>, a small amount of which contains malware, and Yahoo! users don\u2019t see most of that.\u00a0 Much of that can be rejected without Yahoo! having to look at the content by just examining the source IP address of the device attempting to send Yahoo! mail, but in all likelihood they do look at some, as many systems do.\u00a0 In fact one of the most popular open source systems in the early days known as SpamAssassin<\/a> did just this.\u00a0 The challenge from a technical perspective is to implement such a mechanism without the mechanism itself having a large target surface.<\/p>\n

If the government asking for certain messages sounds creepy, we have to ask what a signature is.\u00a0 A signature normally refers to characteristics of a communication that would either identify its source or that it has some quality.\u00a0 For instance, viruses all have signatures.\u00a0 In this case, what is claimed is that terrorists communicated in a certain way such that they could be identified.\u00a0 According to The Times, the government demonstrated probably cause that this was true, and that the signature was \u201chighly unique\u201d*<\/span><\/strong>.\u00a0 That is, the signature likely matches very few actual messages that the government would see, although we don\u2019t know how small that number really is.\u00a0 Yahoo! has denied having a capability to scan across all messages in their system, but beyond that not enough is public to know what they would have done.\u00a0 It may well not have been reasonable to search specific accounts because one can easily create an account, and the terrorists may have many.\u00a0 The government publicly revealing either the probable cause or the signature would tantamount to alerting terrorists that they are in fact investigation, and that they can be tracked.<\/p>\n

The risk to civil liberties is that there are no terrorists at all, and this is just a fishing expedition, or worse, persecution of some form.\u00a0 The FISC and its appellate courts are intended to provide some level of protection against abuse, but in all other cases, the public as a view to whether that abuse is actually occurring.\u00a0 Many have complained about a lack of transparent oversight of the FISC, but the question is how to have that oversight without alerting The Bad Guys.<\/p>\n

The situation gets more complex if one considers that other countries would want the same right to demand information from their mail service providers that the U.S. enjoys, as Yahoo\u2019s own transparency report <\/a>demonstrates.<\/p>\n

In short we are left with a set of difficult compromises that pit gathering of intelligence on terrorists and other criminals against the risk of government abuse.\u00a0 That\u2019s not Yahoo!\u2019s fault.\u00a0 This is a hard problem that requires thoughtful consideration of these trade offs, and the timing is right to think about this.\u00a0 Once again, the Foreign Intelligence Surveillance Act<\/a> (FISA) will be up for reauthorization in Congress next year.\u00a0 And in this case, let\u2019s at least consider the possibility that the government is trying to fulfill its responsibility of protecting its citizens and residents, and Yahoo! is trying to be a good citizen in looking at each individual request on its merits and in accordance with relevant laws.<\/p>\n

\n

*<\/span><\/strong> No I don\u2019t know the difference between \u201cunique\u201d and \u201chighly unique\u201d either.<\/small><\/p>\n","protected":false},"excerpt":{"rendered":"

Many in the tech community are upset over reports from The New York Times and others that Yahoo! responded to an order issued by the Foreign Intelligence Surveillance Act Court (FISC) to search across their entire account base a specific \u201csignatures\u201d of people believed to be terrorists. It is not clear what capabilities Yahoo! already … Continue reading “Let\u2019s not blame Yahoo! for a difficult policy problem”<\/span><\/a><\/p>\n","protected":false},"author":172,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[87,9],"tags":[172,543,544,288,496,275],"class_list":["post-2087","post","type-post","status-publish","format-standard","hentry","category-internet","category-security","tag-encryption","tag-fisa","tag-fisc","tag-malware","tag-security","tag-yahoo"],"_links":{"self":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/2087","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/users\/172"}],"replies":[{"embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2087"}],"version-history":[{"count":3,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/2087\/revisions"}],"predecessor-version":[{"id":2097,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/2087\/revisions\/2097"}],"wp:attachment":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2087"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2087"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2087"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}