These days it almost goes without saying that nothing online is private. Still, Yahoo, the online service that has been giving Google a run for its money lately, is following its rival's example and declaring the steps it is taking to keep your data
out of the hands of government snoopers.
In September Google announced it was stepping up its efforts to encrypt the information that runs between its data centers around the world. The Washington Post had revealed in June that intelligence agencies from both the United Kingdom and the United States were "mining data" from top U.S. Internet providers in a hitherto secret program codenamed "Prism."
Big Brother Is Watching
Prism allows the National Security Agency to collect Internet communications stored on the servers of Microsoft, Google, Yahoo, Facebook, AOL and others through demands approved by a secret court under Section 702 of the FISA Amendments Act of 2008. The warrants allow the NSA to secretly collect video chats, photos, e-mails and connection logs that match court-approved search terms in pursuit of foreign targets.
The Post cited documents obtained by the paper as its source for the U.S. information and London's Guardian newspaper for the information about England's GCHQ security agency.
On Yahoo's official blog Monday, CEO Marissa Mayer assured users of Yahoo that the company has their back.
"We've worked hard over the years to earn our users' trust and we fight hard to preserve it," Mayer wrote, noting the spying reports that include Yahoo's name on the list of affected companies. "I want to reiterate what we have said in the past: Yahoo has never given access to our data centers to the NSA or to any other government agency. Ever."
Yahoo previously had announced that it would enhance the security of Yahoo Mail by introducing https (SSL -- Secure Sockets Layer) encryption with a 2048-bit key across its network by Jan. 8 of next year.
But on Monday, Mayer said that protection will extend to all the company's products, which means encrypting all data that moves between Yahoo data centers by the end of the fourth quarter of next year, as well as offering the option for users to encrypt all data flow to and from Yahoo in the same time frame.
Pouring Oil on Water
Yahoo will also work with its international e-mail partners to ensure that Yahoo co-branded Mail accounts are https-enabled.
"Yahoo's announcement is sensible from a business perspective since these companies are bearing the brunt of user outrage in all this," said Charles King, principal analyst at Pund-IT.
"The NSA and its Beltway supporters have made it clear that they have little or no intention of dialing back their efforts and while that may be sensible from a security point of view, they're giving IT product and services companies a black eye in the process. "
Therefore, being proactive about privacy via encryption may be seen as "an attempt to pour oil on raging waters," King said. "That isn't likely to cause a cessation of the storm entirely but some or even many Yahoo customers may believe that the company is now fully equipped with lifeboats and flotation vests."