Yahoo to encrypt user data

Yahoo is to encrypt all user data that moves between its datacentres by April 2014 in a bid to regain trust after allegations that the US government secretly accessed users’ data.

The internet firm previously announced it plans to encrypt all email communications from January 2014 after allegations of US government agencies accessing email traffic.

Yahoo is among several large technology companies trying to distance themselves from the Prism internet surveillance programme revealed by whistleblower Edward Snowden in June 2013.

Specifically, Yahoo is working to repair the damage done by allegations that the US National Security Agency (NSA) broke into main communication links that connect Yahoo’s datacentres.

Similar allegations were made about Google, which already encrypts its email service and has been speeding up the implementation of encryption between datacentres since June 2013, according to the BBC.

In a statement, Yahoo chief executive Marissa Mayer said she wanted to reiterate that Yahoo has never given the NSA or any other government agency access to its datacentres.

Yahoo users will be offered full encryption

In addition to encrypting data flows between datacentres, Yahoo plans to offer users an option to encrypt all data to and from Yahoo.

Mayer said the company will work closely with its international mail partners to ensure that Yahoo co-branded mail accounts are https-enabled.

“We will continue to evaluate how we can protect our users’ privacy and their data. We appreciate, and certainly do not take for granted, the trust our users place in us,” she said.

Although security experts believe encryption is a step in the right direction, Mark Manulis, associate professor of applied cryptography and network security at the University of Surrey, doubts it is enough.

“It makes it harder for the average hacker, but it still could be possible for government agencies [to access], depending on what encryption is used,” he told the BBC.

Government requests for data

Yahoo has also joined Google and Microsoft in publishing transparency reports on the overall number of government requests for data, as well as pushing for the right to publish more details on such requests.

The companies are fighting to change US legislation that prevents them from providing a breakdown of numbers to show how many requests are made by the controversial Foreign Intelligence Surveillance Act (Fisa) and National Security Letters (NSLs).

Via: computerweekly


Save pagePDF pageEmail pagePrint page

Leave a Reply

Your email address will not be published. Required fields are marked *