First, this is the first public indication that the government has compelled a U.S.-based email provider?as opposed to an Internet-backbone provider?to conduct surveillance against all its customers in real time. In attempting to justify its warrantless surveillance under Section 702 of the FISA Amendments Act?including Upstream and PRISM?the government has claimed that these programs only ?target? foreigners outside the U.S. and thus do not implicate American citizens? constitutional rights. Here, however, the government seems to have dispensed with that dubious facade by intentionally engaging in mass surveillance of purely domestic communications involving millions of Yahoo users.
Second, the story explains that Yahoo had to build new capabilities to comply with the government?s demands, and that new code may have, itself, opened up new security vulnerabilities for Yahoo and its users. We read about new data breaches and attempts to compromise the security of Internet-connected systems on a seemingly daily basis. Yet this story is another example of how the government continues to take actions that have serious potential for collateral effects on everyday users.