Yahoo! gave data on 300+ users to Aussie government
Yahoo! gave the Australian government data on at least 305 of its users in the first half of 2013.
That’s according to the company’s first global transparency report, released last week, which details requests made by governments for data on Yahoo! users in the first half of 2013.
The report details the number of requests made by governments for data on Yahoo!’s users. It covers a six-month period from 1 January 2013 through 30 June 2013 and lists requests from 17 countries.
It does not include requests for data on users of Tumblr, a recent Yahoo! acquisition.
In that period, the Australian Government made 704 requests covering 799 user accounts; a request can cover more than one account.
Yahoo! handed over ‘non-content data’ in response to 305 (43%) of these requests. This could include a user’s alternate email address, name, location, IP address, login details, billing information and other ‘transactional information’ like the ‘to’, ‘from’ and ‘date’ fields in email headers.
In 11 cases (2%), the company handed over what it calls ‘content’, defined by the company as data that Yahoo! users “create, communicate, and store on or through our services”. This might include the words in an email or instant message, photos, files, address book entries or similar.
In 146 cases (21%), the company “produced no data in response to the Government Data Request because no responsive data could be found (ie, the account didn’t exist or there was no data for the date range specified by the request)”, Yahoo! said.
One third (34%) of the 704 requests fell into the company’s ‘rejected’ category. In some of these instances, Yahoo! did not provide any data because there was a problem with the government’s request. The category also includes requests that “were withdrawn after being received” by Yahoo!, the company said.
“We carefully review Government Data Requests for legal sufficiency and interpret them narrowly in an effort to produce the least amount of data necessary to comply with the request,” the company said.
“Our legal department demands that government data requests be made through lawful means and for lawful purposes. We regularly push back against improper requests for user data, including fighting requests that are unclear, improper, overbroad or unlawful.”
“The Government Data Requests reflected in this report are generally made in connection with criminal investigations.”
Australia had the 10th highest number of requests. The US led the pack, with 12,444 requests covering 40,322 accounts. Only 2% of these were rejected, with 55% resulting in non-content data being disclosed and 37% resulting in the disclosure of content.
Secure-by-design software development for digital innovation
The rise of DevSecOps methodologies and developments in AI offers every business the opportunity...
Bolstering AI-powered cybersecurity in the face of increasing threats
The escalation of complex cyber risks is becoming a pressing issue for those in business...
How attackers are weaponising GenAI through data poisoning and manipulation
The possibility for shared large language models to be manipulated through data poisoning...
