recommended reading

When Yahoo Gives User Data to Governments, Mapped

Yahoo!'s Marissa Mayer

Yahoo!'s Marissa Mayer // Jacquelyn Martin/AP

Yahoo, the only technology company to fight the NSA's order to provide sweeping access to customer accounts, released its first report detailing government requests for user information, covering January to June of this year. The United States issued the most requests, which isn't a surprise. But it's not the country that had the most success.

In a post at the company's website (replete with snazzy / terrible new logo), it explains how it approaches a government's requests.

Yahoo has joined no program to volunteer user data to governments. Our legal department demands that government data requests be made through lawful means and for lawful purposes. We regularly push back against improper requests for user data, including fighting requests that are unclear, improper, overbroad or unlawful. In addition, we mounted a two-year legal challenge to the 2008 amendments to the Foreign Intelligence Surveillance Act, and recently won a motion requiring the U.S. Government to consider further declassifying court documents from that case.

(Yahoo will mention that court battle in every one of these reports forever, justifiably.)

The company breaks down the data for each country in which it has a separate presence (excluding those countries where government made fewer than nine such requests). At right is a graph showing the results of the 12,444 requests made in the United States. Blue slices indicate the company gave some data to the United States (either content or "NCD" — metadata); the dark gray, the requests it refused. As you can see, Yahoo was compelled to provide a lot of information. (If you're curious / nervous, these requests didn't yet include data on Tumblr.)

And 12,444 is a lot of requests! It is 69 requests a day, nearly three an hour. Those requests sought information on over three times as many accounts — 40,322 in total. The United States requested data from more accounts than the rest of the world combined. And then nearly doubled.

Read the full story and see the maps at TheAtlanticWire.com.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download
  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download

When you download a report, your information may be shared with the underwriters of that document.