According to court documents released on Sept. 11, Yahoo resisted the U.S. government’s initial attempts to force it to comply with the National Security Agency’s PRISM program back in 2008.
The details in the court documents were first published by the Washington Post and claim that Yahoo was threatened with a $250,000-a-day fine for PRISM noncompliance. The PRISM program first came to light in 2013 as a result of documents disclosed by NSA whistleblower Edward Snowden. Under PRISM, bulk metadata from Americans’ communications is collected by the NSA.
In a statement issued on Sept. 11, Ron Bell, general counsel of Yahoo, noted that his company did not want to comply with PRISM, as it viewed the effort as being unconstitutional.
“Our challenge, and a later appeal in the case, did not succeed,” Bell stated. “The Court ordered us to give the U.S. Government the user data it sought in the matter.”
Security experts contacted by eWEEK were largely supportive of Yahoo’s actions. Vinnie Liu, managing partner at Bishop Fox, told eWEEK that he was encouraged by the fact that Yahoo resisted as much as it did.
“They did the right thing by looking out for their users, and they didn’t take the easy road,” Liu said. “Google’s motto is ‘Don’t be evil,’ but saying it is entirely different than living it.”
Justin Warniment, senior manager, Professional Programs Development at (ISC)2, told eWEEK that he wasn’t surprised by the new court document disclosure. Yahoo did what was in the best interest for its business by complying with the request of the U.S. government after exhausting all appeals, he said.
A lot of the major Internet providers have become more vocal since the Snowden leaks, Marc Maiffret, CTO of BeyondTrust, told eWEEK.
“I think a lot of them did not feel comfortable going public in some way with what was going on, even if they disagreed,” Maiffret said. “With all of the leaks forcing these issues front and center, these companies are now in a place to be able to share more comfortably.”
For some, the issue of Yahoo and its compliance with PRISM comes down to trust. Bob Stratton, general partner at Mach37, told eWEEK that individuals are quick to condemn companies when they do certain things that they feel violates user trust.
“At the same time, we are often not in a position to know the whole story about how the provider found themselves in this situation and what opaque obligations applied to them,” Stratton said.
Stratton advises that the best approach is that of candid transparency, be it on the part of companies, government regulators or law enforcement.
“Unfortunately, in the current world, sometimes the best we can get is declassified rulings of years-old judicial proceedings,” he said. “We, wherever we happen to be in the world, can do better.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.