Yahoo on NSA surveillance: No comment

Yahoo’s privacy policy states:

Yahoo! does not rent, sell, or share personal information about you with other people or nonaffiliated companies except to provide products or services you’ve requested, when we have your permission, or under the following circumstances: …We respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims; [emphasis added]

On its face, it sounds reasonable. But it is full of holes and ambiguities. Does Yahoo automatically respond to any subpoena it is presented with? Or, does it choose to fight some in order to protect their users’ privacy? What do they mean by “legal process” as an example of acceptable conditions for divulging personal information? Is simply receiving an official letter from law enforcement requesting information a suitable “legal process”? Any e-mail request? Must their lawyers review the request, or can other employees receive and respond to such requests?

These are not just excercises in semantics, but crucial questions with serious implications for the privacy of Yahoo users’ personal information. Here’s why:

CNET: Yahoo on NSA surveillance: No comment

In today’s testimony before Congress, Michael Callahan, Yahoo’s general counsel, declined five times to answer if they have turned over information without a court order. He indicated, however, that Yahoo would “only turn over information if it’s required by law.” During one exchange, Callahan acknowledged that if Yahoo received an e-mail from a sheriff in some obscure county to turn over a user’s e-mail, such a general request, in the absence of “proper legal process,” would not be sufficient to compel Yahoo to turn over the information.

But when asked what if such an e-mail came from the NSA, rather than an obscure sheriff’s department, Callahan refused to comment.

Here’s my concern: A letter from a sheriff in Manitowoc, Wisconsin might not compel Yahoo to turn over my e-mails: complying with such a request apparently wouldn’t be “required by law.” But a letter from the NSA might. Or, it might not. We don’t know because they didn’t respond. (Other companies – BellSouth, Comcast, EarthLink, T-Mobile – responded in the negative on previous occasions)

But, let’s imagine that the reason Yahoo didn’t respond is because they actually did provide information to the NSA only on the basis of a letter, and don’t want to admit to it under oath. Perhaps they felt that a letter of request was sufficient “legal process” to give the government personal information within the terms of their privacy policy. Perhaps they felt complying with such a letter was, indeed, “required by law.” If true, how does an e-mail request from the NSA present a different legal requirement than a request from an obscure sheriff?

Does Yahoo feel pressure to comply with NSA orders, but not lower law enforcement agencies? What does that mean in terms of the types of “legal processes” required under their privacy policy? Does this mean the federal government has some type of coercive power? Is that how “legal process” is supposed to work?

1 comment

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s