Yahoo CEO Mayer Suffers New Hit to Privacy Reputation

  • Carefully worded statement calls Reuters report ‘misleading’
  • CEO is under increasing scrutiny ahead of Verizon deal

Marissa Mayer

Photographer: Simon Dawson/Bloomberg

Yahoo! Inc.’s embattled chief executive officer, Marissa Mayer, who last month disclosed a hack that exposed at least 500 million accounts, is facing a fresh round of questions about the company’s privacy safeguards after a report that she let the U.S. government secretly scan hundreds of millions of user e-mails.

“Their brand equity is going from bad to worse," said Sameet Sinha, an analyst at B. Riley. "You have one of the weakest Internet brand names. People are disconnecting -- now that disconnection is going to accelerate."

On Wednesday, Sunnyvale, California-based Yahoo disputed a Reuters report from a day earlier that said the company built a software program to scan customers’ incoming e-mails for U.S. intelligence agencies, saying the story was “misleading" and that "the mail scanning described in the article does not exist on our systems.”

It’s a sensitive time for Yahoo, which in July agreed to sell its web businesses to Verizon Communications Inc. for $4.8 billion after years of trying to jump-start sales growth. Though consumers and advertisers had been flocking to newer rivals such as Google Inc. and Facebook Inc., the company still touted more than 1 billion monthly users -- many of them on Yahoo’s e-mail systems. When the companies announced the deal, which is set to wrap up early next year, Mayer said a priority was "seeing the transaction through to closing and protecting the value in our equity stakes.’’

According to the Reuters report on Tuesday, Yahoo complied with U.S. government orders to scan hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or Federal Bureau of Investigation. Intelligence officials wanted Yahoo to search for a set of characters, and that could mean a phrase in an e-mail or an attachment, according to the story, which cited anonymous sources. Reuters reported Wednesday that the lead European regulator on privacy issues for Yahoo, Ireland’s Data Protection Commission, plans to make inquiries about whether EU citizens’ data had been compromised.

"We narrowly interpret every government request for user data to minimize disclosure," Yahoo said in its response.

The New York Times on Wednesday reported that Yahoo was ordered by the U.S. to search incoming e-mails for the digital signature used by a foreign terrorist organization, citing a government official it didn’t identify. The company used a version of its existing system that scans for spam, malware and child pornography to comply with the order, and the collection is no longer taking place, the Times said.

Government Requests

The report Tuesday drew sharp rebukes from critics, who said government officials were asking for too much information -- and questioned whether Yahoo did enough to resist the requests.

"Based on this report, the order issued to Yahoo appears to be unprecedented and unconstitutional," Patrick Toomey, an attorney with the American Civil Liberties Union, said in a statement Tuesday. “It is deeply disappointing that Yahoo declined to challenge this sweeping surveillance order, because customers are counting on technology companies to stand up to novel spying demands in court."

Following the report, Yahoo e-mail rival Alphabet Inc., owner of Google and its popular Gmail program, said it never received such a request, but that if it did, it would say, "no way."

Verizon declined to comment on the newest report. After news of the hack in 2014 was confirmed last month, Verizon at the time said it would “evaluate as the investigation continues through the lens of overall Verizon interests."

‘Control the Churn’

"If I were them, I would say, OK, give me a list of all the things that went wrong over the last three, four, five years," Sinha said. "Verizon knows there’s going to be some churn, but wants to control the churn."

Technology companies came under fire in 2013 after NSA contract worker Edward Snowden revealed classified documents that outlined U.S. government surveillance programs, including some that involved Internet and telecommunications companies assisting agencies in collecting data from private citizens.

Yahoo’s new statement used carefully chosen words, said Jeff Pollard, an analyst at Forrester Research. He said Yahoo could have been bolder in its assertion.

"Instead of saying what other large tech companies did -- which is that they did not receive such a request, would say no if they did, along with fighting it -- Yahoo chose to focus on grammar and word choice over transparency," Pollard said in an e-mail. "It seems unfortunate that Yahoo seems to have missed that there are legal, ethical, and moral obligations that come with being a participant in the surveillance economy."

Still, Avivah Litan, an analyst at Gartner, said she believed Yahoo’s contention that it did a minimal amount of "extra" scanning requested by the government.

“It’s easy to point fingers after a breach, but from what I have seen most companies have security holes in their network -- some more than others," Litan said. "But it’s very tough to compare unless the companies open up their systems for public audits and comparisons."

Before it's here, it's on the Bloomberg Terminal.