Yahoo is being transparent when it comes to the subpoenas it received from the government.
On June 1, the company publicly announced that the Federal Bureau of Investigation (FBI) previously issued national security letters to obtain information, and published these letters.
This marks the first time a company has been able to address and release national security letters (NSL) because these demands have come with a gag order to prevent it from doing so in the past. However, Yahoo is now able to go public with the letters because of changes made to the USA Freedom Act.
As part of the USA Freedom Act, the FBI must now review gag orders when an investigation that involved a NSL closes or when it has been three years in an open case. At this point the gag order is lifted as in the Yahoo case.
This means the FBI has officially given Yahoo the green light to address these letters, although private information remains censored. The letters were received in April 2013, August 2013 and June 2015, and Yahoo revealed that it did comply with the NSL demands.
Now that the FBI has dropped the gag order, here's what the government knows about these users:
"Specifically, we produced the name, address and length of service for each of the accounts identified in two of the NSLs, and no information in response to the third NSL as the specified account did not exist in our system," the company writes. "Each NSL included a non-disclosure provision that prevented Yahoo from previously notifying its users or the public of their existence."
Two of the national security letters were sent from an FBI agent from the Dallas, Texas bureau's office, whereas the other was sent from Charlotte, North Carolina.
According to the letters, the FBI now knows not only the account numbers, names, addresses, phone numbers and length of service of the specified accounts, but it also has the activity logs and activity/transaction records. The logs can include the user's IP address they used at this name, and the transaction records reveal billing information and credit card info.
The FBI knows the sender and recipient address on each email, which means they know who the specific users were communicating with. Yahoo also had to turn over screen names associated with the account, URL related to the account, hardware-related information such as ISDN or DSL data and names of upstream and downstream providers.
Yahoo releasing the national security letters allows for more discussion regarding NSLs and the demands for user data.
Photo: Josh Hallett | Flickr