Yahoo announces plan to encrypt all customer data, email by 2014
Mayer published the news in an announcement to customers on Yahoo’s Tumblr page. She acknowledged that the changes are in response to the NSA leaks that began in June, which have outraged the public and challenged internet leaders to come up with an answer.
“We’ve worked hard over the years to earn our users’ trust and we fight hard to preserve it. As you know, there have been a number of reports over the last six months about the US government secretly accessing user data without the knowledge of tech companies, including Yahoo,” she wrote.
“I want to reiterate what we have said in the past: Yahoo has
never given access to our data centers to the NSA or to any other
government agency. Ever. There is nothing more important to us
than protecting our users’ privacy.”
Mayer said the changes will be implemented by the first quarter of 2014.
The statement comes less than one month after The Washington Post revealed that the NSA infiltrated the main communication links between Yahoo and Google centers located around the world. By doing so, the NSA essentially gave itself the ability to collect information from hundreds of users’ accounts, most of whom are Americans.
Working in conjunction with the GCHQ, its British intelligence counterpart, the NSA processed 181,280,466 records showing which users sent or received emails, when they did so, and other context such as text, audio, and video. This program is in addition to the court-approved PRISM program, according to the Post report based on documents obtained by NSA whistleblower Edward Snowden.
Yahoo recently announced that the company plans to better protect the privacy of Yahoo Mail by introducing Secure Sockets Layer - known as SSL - encrypting with a 2048-bit key. According to Mayer’s announcement, the company plans to build on that.
“We will encrypt all information that moves between our data centers by the end of Q1 of 2014,” she wrote, adding that Yahoo plans to “offer users an option to encrypt all data flow to/from Yahoo by the end of Q1 2014, work closely with our international Mail partners to ensure that Yahoo co-branded Mail accounts are https-enabled.”
This announcement comes after Google went public with a similar encryption initiative that aims to turn messages from text into gibberish when Google is forced to turnover data by court order. Eric Grosse, vice president for security engineering at Google, told The Washington Post in September that such efforts are likely to continue.
“It’s an arms race,” he said. “We see these government agencies as among the most skilled players in the game.”