Feds threatened Yahoo with daily $250,000 fine over user data

Yahoo! headquarters in Sunnyvale, Calif.
Yahoo! headquarters in Sunnyvale, Calif. AP

SAN JOSE, Calif. – Federal authorities once threatened Yahoo with fines of $250,000 for every day the Internet company balked at turning over user data and assisting with government surveillance under a controversial national security law, according to documents unsealed Thursday in a historic court case.

Government attorneys also contended Yahoo had no legal standing to argue for its users’ privacy in the 2008 case, which has been shrouded in secrecy until now. At the same time, authorities warned Yahoo not to tell users their information was being collected.

Yahoo ultimately complied with demands involving a relatively small number of users, after it lost an appeal in the secretive U.S. Foreign Intelligence Surveillance Court. Arguments in the six-year-old case were made public Thursday only after the company waged a further court battle that followed last year’s revelations about government spy programs by former National Security Agency contractor Edward Snowden.

Since those revelations, Yahoo and other leading online companies have sought to reassure Internet users that online services can be trusted with sensitive data, and that they don’t turn over information unless they are legally required.

Yahoo wasn’t allowed to publicly disclose its role in the case until the court gave permission last year, and the company is still prohibited from saying exactly what information was turned over, according to a spokesman.

But after Yahoo lost its appeals six years ago, the government won permission to show a censored version of the ruling to other Internet companies that were facing similar demands. Experts have said that ruling gave the government a powerful tool to demand compliance from those companies, and no other company is known to have fought a similar legal challenge.

“I think it shows one of the most important ways that the system is broken,” said attorney Mark Rumold of the Electronic Frontier Foundation, a civil liberties group that has pressed for government disclosure. “It shows that Yahoo went to court and challenged a U.S. law six years ago and they’re just now being allowed to talk about it fully.”

In a statement Thursday, U.S. officials noted that the surveillance court’s appeals branch reviewed the government’s procedures for collecting information from Yahoo and found they met constitutional standards for safeguarding privacy “in light of the national security interests at issue.” Authorities have argued the requests primarily targeted individuals outside the United States and only sought information to block terrorism or other threats.

The law that authorities invoked in 2008 has expired and was replaced by legislation that incorporated many safeguards the court cited in rejecting Yahoo’s appeal, officials added in a joint statement by the Department of Justice and the Director of National Intelligence.

Yahoo, however, described the unsealing itself as a significant victory. “We consider this an important win for transparency, and hope that these records help promote informed discussion about the relationship between privacy, due process and intelligence gathering,” said general counsel Ron Bell in a blog post.

Civil liberties advocates agreed. Secrecy around the surveillance court “is a huge problem because it prevents the public from knowing how the government is using and interpreting surveillance laws,” said Patrick Toomey, staff attorney at the American Civil Liberties Union.

Some details were still blacked out in the files released Thursday, obscuring exactly what the government sought. While some documents referred to “meta-data,” such as email addresses or contact logs, one brief shows the requests went further, with directives that “require Yahoo to assist the government in acquiring certain types of communications while those communications are in transmission.”

Yahoo also argued that a government order “to assist in the surveillance of U.S. citizens who are abroad” could jeopardize the privacy of Americans back home.

“The directives will cause Yahoo to capture the communications of a U.S. citizen sitting in his bedroom in Kansas while communicating in real-time to someone located overseas, who may also be a U.S. citizen temporarily located abroad,” company attorneys wrote.