Exclamation: Setting the Record Straight

I write a lot of software and documentation for regulated industries. I know my shit. Let’s play weasel word bingo! My text in bold! Stuff of interest in italics!


We want to set the record straight about stories that Yahoo! has joined a program called PRISM through which we purportedly volunteer information about our users to the U.S. government and give federal agencies access to our user databases.  These claims are false.

"Volunteer" is a weasel word. It’s narrowly defined as to mean "freely offer." If there were any pressure of any kind of the government, Yahoo could deny they "volunteered" anything.

"Give federal agencies access" is also cavalierly broad as to suggest weaseling. If access is demanded, it can be construed as being "taken" rather than "given." There are many kinds of access (discretionary, privileged, anonymous, read-only, write-only, etc.) so that term isn’t useful either.

Yahoo! has not joined any program in which we volunteer to share user data with the U.S. government.  We do not voluntarily disclose user information.  The only disclosures that occur are in response to specific demands.  And, when the government does request user data from Yahoo!, we protect our users.  We demand that such requests be made through lawful means and for lawful purposes.  We fight any requests that we deem unclear, improper, overbroad, or unlawful.  We carefully scrutinize each request, respond only when required to do so, and provide the least amount of data possible consistent with the law.  

Two more “volunteers” for you in the first sentence. The second sentence is stiltedly passive voice and vague (how do you define a “specific demand?”).

Then, they say they protect their users, implying a standard of privacy/security that exceeds the law, and then they say explicitly that they’re simply compliant with the law. That’s weaseling— exemplary compliance (the kind you’d tout with “we protect our users”) exceeds the minimum standards of regulation. Since the law in question is so murky it is fucking opaque, I find this to be an utterly meaningless statement and an example of Yahoo cowering behind the government’s pant leg.

The notion that Yahoo! gives any federal agency vast or unfettered access to our users’ records is categorically false.  Of the hundreds of millions of users we serve, an infinitesimal percentage will ever be the subject of a government data collection directive.  Where a request for data is received, we require the government to identify in each instance specific users and a specific lawful purpose for which their information is requested.  Then, and only then, do our employees evaluate the request and legal requirements in order to respond—or deny—the request.

Again: “give” is exclusive of “surrender.” An affirmative phrasing (“Yahoo restricts any government body from viewing user records”) would be meaningful; this is not.

Further, the PRISM system as defined in the leaked slides is not a “government data collection directive.” It is a government data access system. PRISM does not collect data or make ad hoc requests, it uses live and direct connections to user records for querying. Essentially, there is no difference between a Yahoo! user record system and PRISM, as Yahoo! (and all the other companies involved) are essentially candidates filed into a stack to be queried as needed. According to those slides and the articles about them, there is no mechanism for authorization, scrutiny, or rebuttal— there is just access.

This item does nothing to refute that.

We deeply value our users and their trust, and we work hard everyday to earn that trust and, more importantly, to preserve it.


355 notes