Technology has transformed how we live, play, work and interact with one another. We use technology to learn, to inform, to create and to connect. Our connected world offers great opportunities, but it also presents challenges.
Our users place their trust in us, and we take seriously their privacy and our role in promoting freedom of expression. Our commitment to and concern for your privacy, security and freedom of expression are demonstrated in our users first approach to government activities.
Our Users First Approach In Action
Our users first approach to government activities translates into action in three concrete ways:
- When faced with government demands for user data or to remove content, we consider all appropriate options in order to protect the rights of our users. This can include seeking clarification or modification of the government demands we receive or contesting these demands, such as by challenging them in court. We also work to narrowly interpret such demands and minimize the disclosure of user data or the impact on free expression. We describe our approach in our Global Principles for Responding to Government Requests and we share information about these efforts in our Transparency Report for Government Data Requests and Government Removal Requests.
- We’ve encrypted many of our most important products and services to protect against snooping by governments or other actors. This includes:
- Encryption of the traffic moving between Yahoo data centers;
- Making browsing over HTTPS the default on Yahoo Mail and Yahoo Homepage;
- Implementing the latest in security best-practices, including supporting TLS 1.2, Perfect Forward Secrecy and a 2048-bit RSA key for many of our global properties such as Homepage, Mail, and Digital Magazines; and
- We’ve also rolled out an end-to-end (e2e) encryption extension for Yahoo Mail, now available on GitHub. We are committed to the security of this solution and oppose mandates to deliberately weaken it or any other cryptographic system.
- We are committed to notifying users when we strongly suspect they may have been the target of a state-sponsored attack.
Advocating for Users
- We advocate for governments around the world to reform surveillance practices consistent with these principles. For instance, read about our work in the U.S. and the U.K.
- We have also advocated in favor of strong encryption and to require warrants for law enforcement to access content of users’ communications.
- We fight overbroad and potentially unlawful requests for user data. For example, we are proud to be the only company to have challenged the predecessor to Section 702 of the FISA Amendments Act in the secret Foreign Intelligence Surveillance Court. While we ultimately lost that legal battle, we successfully fought to make the government’s arguments (and ours) part of the public record. The first set of the documents that we succeeded in having released can be found here, and the second set can be found here.
- In our Transparency Report for Government Data Requests, we share the maximum amount of detail that we are legally permitted to provide under U.S. law when reporting the number of National Security Letters (NSLs) that Yahoo receives and the number of accounts that were specified in those NSLs. These numbers are generally reported in bands of 500, starting with 0 - 499, as this is the maximum amount of detail that Yahoo may provide under the U.S. law when reporting NSLs in aggregate. However, with the enactment of the USA Freedom Act, the FBI is now required to periodically assess whether an NSL’s nondisclosure requirement is still appropriate, and to lift it when not. In some instances, the FBI has lifted the nondisclosure requirement with respect to particular NSLs to Yahoo. In such cases, the lower end of the band has been adjusted to reflect the fact that we can now legally disclose having received particular NSLs.
- We supported Apple in its challenge against the U.S. government’s efforts to conscript a company’s own engineers to undermine its products’ data security features, and supported Microsoft in its constitutional challenge to a U.S. law permitting U.S. law enforcement to regularly gag companies like Yahoo from informing users that their data was sought and/or obtained by government authorities.
Promoting Human Rights
We are committed to protecting and promoting free expression and privacy on the Internet. We launched the Yahoo Business & Human Rights Program (BHRP) in 2008 to integrate attention to human rights issues into our business decisions. You can read more here about some of the concrete actions we've taken.
- We helped found the Global Network Initiative (GNI)--an international coalition of information and communications technology companies, human rights organizations, academics, investors and others--because we believe that collective solutions best address the challenges we and other companies face when bringing transformative communications technologies to markets around the world, including those that seek to restrict privacy and free expression.
- As part of our participation in the GNI, we have agreed to have our practices independently assessed. In 2014 and again in 2016 GNI publicly announced that we are making good faith efforts to implement GNI’s Principles on Freedom of Expression and Privacy and to further improve over time.