The Government Data Requests received by Yahoo from the United States government reported below are separated into the following three categories of legal authorities:
Foreign Intelligence Surveillance Act (FISA) Requests are compulsory legal process reviewed and approved by the Foreign Intelligence Surveillance Court that require companies to disclose information about their users in national security investigations.
FISA Requests for Disclosure of Content may be used to get Content that users create, communicate, and store on or through our services. This could include, for example, words in an email or instant message, photos on Flickr, Yahoo Address Book or Calendar entries and similar kinds of information.
FISA Requests for Disclosure of NCD are limited to NCD such as alternate e-mail address, name, IP address, login details, billing information and other transactional information (e.g., “to,” “from,” and “date” fields from email headers).
National Security Letters (NSLs) are national security requests approved by the Federal Bureau of Investigation that require companies to disclose information such as the names, addresses and length of service of their users. They may not be used to request Content.
Law Enforcement Data Requests consist of all Government Data Requests not included in one of the two categories above. This category of requests includes Government Data Requests (such as search warrants, court orders, and subpoenas) issued in connection with criminal, as well as civil, investigations.
As noted in the globally-applicable definition of Government Specified Accounts, if a Government Data Request demanded information about accounts that satisfy specified criteria and we determined that it was appropriate to produce data in response to the request, we would report below the total number of accounts about which information was produced to the government in connection with that Government Data Request. From the inception of our Transparency Report, we have always counted and reported the number of accounts for FISA Requests, NSLs, and Law Enforcement Data Requests in this way.
For more information on the legal process that can be used by the U.S. government to obtain user data and our policies related to requests for user data, please see the Yahoo! Inc. Law Enforcement Response Guidelines.
Data Subject to Six-Month Reporting Delay Under U.S. Law
With the passage of the USA Freedom Act in May 2015, U.S. law now clearly allows companies like Yahoo to disclose additional information about FISA requests. The additional detail that Yahoo can now disclose is subject to a six-month reporting delay.
Accordingly, we will provide the data for the most recent reporting period when we update our report in six months. To review the information on FISA requests in a prior reporting period, please select the appropriate period from the dropdown menu above.
The table below provides the number of NSLs Yahoo received during the reporting period (in bands of 500 starting with 0 - 499) and the number of Government Specified Accounts (in bands of 500 starting with 0 - 499). This is the maximum amount of detail that Yahoo may disclose under the U.S. law regarding NSLs. However, with the enactment of the USA Freedom Act, the FBI is now required to periodically assess whether an NSL’s nondisclosure requirement is still appropriate, and to lift it when not. In some instances, the FBI has lifted the nondisclosure requirement with respect to particular NSLs to Yahoo. In such cases, the lower end of the band has been adjusted to reflect the fact that we can now legally disclose having received particular NSLs.
|Number of NSLs||Number of Government Specified Accounts|
|0 - 499||0 - 499|
Law Enforcement Data Requests
|No Data Found||Rejected||Only NCD Disclosed||Content Disclosed||Total Government Data Requests||Total Government Specified Accounts|
Government Specified Accounts
The number of Yahoo accounts listed in or about which information was disclosed in response to a Government Data Request. This number may not reflect the number of users and accounts actually involved because: 1) a single account may have been included in more than one Government Data Request; 2) an individual user may have multiple accounts that were specified in one or more Government Data Requests; 3) if a Government Data Request specified an account that does not exist, that nonexistent account would nevertheless be included in our count of Government Specified Accounts; and 4) if a Government Data Request demanded information about accounts that satisfy specified criteria (e.g., accounts registered under a particular proper name or accounts associated with a particular phone number) and we determined that it was appropriate to produce data in response to the request, we would report the total number of accounts about which information was produced to the government in connection with that Government Data Request.
Government Data Request
Legal process to a Yahoo entity from a government agency seeking information about Yahoo accounts and/or the activity of Yahoo users within Yahoo products. The Government Data Requests reflected in this report are generally made in connection with criminal investigations, but also include those from government entities in connection with non-criminal matters.
Data that our users create, communicate, and store on or through our services. This could include words in a communication (e.g., Mail or Messenger), photos on Flickr, files uploaded, Yahoo Address Book entries, Yahoo Calendar event details, thoughts recorded in Yahoo Notepad or comments or posts on Yahoo Answers or any other Yahoo property.
Non-content data such as basic subscriber information (including the information captured at the time of registration, such as an alternate e-mail address, name, location, and IP address), login details, billing information, and other transactional information (e.g., “to,” “from,” and “date” fields from email headers).
No Data Found
Yahoo produced no data in response to the Government Data Request because no responsive data could be found (i.e., the account didn’t exist or there was no data for the date range specified by the request).
Yahoo may have possessed data responsive to the Government Data Request, but none was produced because of a defect or other problem with the Government Data Request (e.g., the government agency sought information outside its jurisdiction or the request only sought data that could not be lawfully obtained with the legal process provided). This category also includes Government Data Requests that were withdrawn after being received by Yahoo. We carefully review Government Data Requests for legal sufficiency and interpret them narrowly in an effort to produce the least amount of data necessary to comply with the request.