Yahoo discloses user data requests from US law enforcement agencies

Microsoft, Facebook, and Apple have also provided similar data

Yahoo has received between 12,000 to 13,000 requests for user data from law enforcement agencies in the U.S. between Dec. 1 and May 31 this year, the company said Monday.

The most common of these requests concerned fraud, homicides, kidnappings, and other criminal investigations, Yahoo CEO Marissa Mayer and General Counsel Ron Bell wrote in a blog post.

The company did not disclose how many of the requests for customer data were under the Foreign Intelligence Surveillance Act (FISA), which has been at the center of a controversy after reports surfaced that the government was collecting data from a large number of users under the Act, including call metadata from telephone customers of Verizon.

"Like all companies, Yahoo! cannot lawfully break out FISA request numbers at this time because those numbers are classified; however, we strongly urge the federal government to reconsider its stance on this issue," the executives wrote.

The Internet company joins other companies like Apple, Facebook and Microsoft that disclosed similar numbers over the weekend in a bid to convey greater transparency to their users, after reports in the Guardian and the Washington Post alleged that the U.S. National Security Agency has real-time access to content on the servers of Google, Facebook and other Internet companies as part of a surveillance program called Prism. The companies have denied their participation. (

Following widespread criticism of the U.S. government's surveillance programs and the role of the Internet companies, Facebook, Google, Twitter and Microsoft last week called for greater transparency in disclosure of data on government requests for customer information.

In a letter to U.S. Attorney General Eric Holder and director of the Federal Bureau of Investigation, Robert Mueller, Google's Chief Legal Officer David Drummond, for example, asked that the company should be allowed to publish in its Transparency Report aggregate numbers of national security requests, including disclosures under FISA, in terms of both the numbers received and their scope. Government restrictions on disclosure of the information has fueled speculation "that our compliance with these requests gives the U.S. government unfettered access to our users' data," Drummond added.

After obtaining limited permission from U.S. authorities, Facebook and Microsoft released data on requests from the government, but both didn't say how many were related to national security.

Facebook said it had received between 9,000 and 10,000 requests from all government entities in the U.S. including local authorities for the six months ending Dec. 31. The company, after discussions with security authorities, is allowed to include in a transparency report as part of an aggregate number and as a range all national security-related requests including FISA as well as National Security Letters, which was prohibited earlier. Microsoft said it had got between 6,000 and 7,000 requests affecting 31,000 to 32,000 consumer accounts for the same period.

Apple said that from Dec. 1 to May 31, it received between 4,000 and 5,000 requests from U.S. law enforcement for customer data. Between 9,000 and 10,000 accounts or devices were specified in those requests, which came from federal, state and local authorities and included both criminal investigations and national security matters, it said.

Yahoo said Monday it plans to issue later this summer its first global law enforcement transparency report, which will cover the first half of the year. Other companies like Google already provide such updates, though Facebook's General Counsel Ted Ullyot said in a post last week that the company had not issued a transparency report in the past, as it would be incomplete and misleading because of the government restrictions on disclosure.

Orders by the Foreign Intelligence Surveillance Court often come with a "gag order" that prevents those receiving the order to publicly discuss it. The order from the court that authorized the U.S. National Security Agency to collect telephony metadata from customers of Verizon in the U.S. also came with a gag order.

Join the CSO newsletter!

Error: Please check your email address.

Tags YahooMicrosoftsecuritytwitterinternetprivacyInternet service providersFacebook

More about AppleCounselFacebookFederal Bureau of InvestigationGoogleMicrosoftNational Security AgencyPrismVerizonVerizonYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John Ribeiro

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts