Yahoo built surveillance tools last year after the National Security Agency or the FBI issued a secret directive to scan all customers' incoming emails, according to a Reuters report.
The agencies asked the internet company to search for "a set of characters," according to the report, which cited anonymous former Yahoo employees. That could be a phrase, for example, or an attachment, sources told Reuters.
Yahoo CEO Marissa Mayer chose to obey the directive, Reuters reported, a decision that prompted then-Chief Information Security Officer Alex Stamos to leave the company in June 2015. Stamos reportedly told people working for him that a programming flaw could give hackers access to customers' stored emails. He is now Facebook's security chief.Yahoo CEO Marissa Mayer reportedly chose to obey the government's demand.
Reuters was not able to confirm whether any other company had been faced with the same secret directive Yahoo complied with.
"Yahoo is a law abiding company, and complies with the laws of the United States," a Yahoo spokesman said in an email. The FBI and NSA didn't respond to requests for comment.
Stamos declined to comment on the reasons behind his departure from Yahoo, but Facebook said it has never seen a directive like the one allegedly served to Yahoo.
"Facebook has never received a request like the one described in these news reports from any government, and if we did we would fight it," a Facebook spokesman said in a statement.
Apple echoed Facebook's stance on cooperating with such a directive.
"We have never received a request of this type," an Apple spokesman said in a statement. "If we were to receive one, we would oppose it in court."
Twitter went so far as to note that it is currently suing the US government for the ability to share more about government demands for information.
"We've never received a request like this, and were we to receive it we'd challenge it in a court," a Twitter spokesman said in a statement. "Separately, while federal law prohibits companies from being able to share information about certain types of national security related requests, we are currently suing the Justice Department for the ability to disclose more information about government requests."
Yahoo's reported compliance would be in stark contrast with the tech industry's public stance on consumer privacy. In January, Apple showed a willingness to defy an FBI request to write custom code that would break encryption on an iPhone used in the San Bernardino, California, terrorist attack. In March, more than 40 top tech companies signed amicus briefs supporting Apple in a court case that was resolved without a final ruling.
Microsoft has fought gag orders that would stop it from telling users when the government asks for their information.
"We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo," Microsoft said in an emailed statement.
Google did not respond to a request for comment.
Patrick Toomey, a staff attorney with the American Civil Liberties Union, said in an emailed statement that the government directive appeared to be "unprecedented and unconstitutional."
Further, he criticized Yahoo for complying without a fight. "It is deeply disappointing that Yahoo declined to challenge this sweeping surveillance order," Toomey said, "because customers are counting on technology companies to stand up to novel spying demands in court."
Not everyone felt Yahoo deserved all the blame for complying with the court order. Michael Sutton, chief information security officer at cybersecurity firm Zscaler, said it's highly likely other companies received the classified directive.
"Such a broad directive suggests that the intelligence community needed to cast a wide net, which likely included other providers," Sutton said. "Unfortunately, the very process of such directives precludes transparency and prohibits others from even revealing the existence of such a request."
Stewart Baker, who served as the general counsel of the NSA from 1992 to 1994 and critiqued privacy advocates in his book "Skating on Stilts: Why We Aren't Stopping Tomorrow's Terrorism," said it's not surprising that intelligence agencies would ask Yahoo for assistance like this.
As companies encrypt user communications more, it becomes harder for the US government to intercept internet traffic and search it on its own. Baker said he prompts the governments to tell companies, "Well, you still have this information and you're capable of going through the selectors, so we're going to give you an order to do that."
Baker is currently an attorney at law firm Steptoe & Johnson who focuses on national security, privacy and computer security.
Yahoo previously lost a court battle that forced it to comply with a secret surveillance program called Prism. That program, later revealed by Edward Snowden, let the NSA grab emails, video chats, photos and documents.
Yahoo fought that court order before Mayer became CEO in 2012.
The company is still recovering from a 2014 data breach, revealed in September, that affected half a billion Yahoo users in the world's biggest hack. Verizon in July announced plans to buy the internet pioneer for $4.8 billion.
Verizon declined to comment for this story.
Fatemeh Khatibloo, a privacy analyst with tech research firm Forrester, said she thinks the news of the email scanning combined with the news of the hack could potentially give Verizon enough of a reason to back away.
"It changes the calculus around the Verizon acquisition," Khatibloo said. "Taken together, the asset is the users as Yahoo services. And, are there going to be any users left after this?"(by Laura Hautala)