Yahoo will encrypt user data as standard in response to NSA allegations

CEO Marissa Mayer announces greater encryption levels for users' data after reports of the US government gaining access to Yahoo data centers
  • @jjvincent

Yahoo has announced that it will encrypt all user information carried in its data centres in response to the accusations that the company gave the US government access to these facilities.

CEO Marissa Mayer announced the changes in a post on her Tumblr account: “We’ve worked hard over the years to earn our users’ trust and we fight hard to preserve it.

As you know, there have been a number of reports over the last six months about the US government secretly accessing user data without the knowledge of tech companies, including Yahoo. I want to reiterate what we have said in the past: Yahoo has never given access to our data centers to the NSA or to any other government agency. Ever.”

The changes come after it was revealed in October that the NSA, in collaboration with GCHQ, had compromised the communication links that connect Yahoo and Google data centres around the world.

The revelations were published by The Washington Post and were sourced from documents leaked by former NSA contractor Edward Snowden. After the reports emerged, both Google and Yahoo denied that they had colluded in any way with the NSA or GCHQ.

“We have strict controls in place to protect the security of our data centres, and we have not given access to our data centres to the NSA or to any other government agency,” said a Yahoo spokesperson at the time.

The new changes will use SSL (Secure Socket Layer) encryption to secure Yahoo users’ information, with the new standard employing a 2048-bit key across all of the company’s internal networks from January 2014 onwards.

In addition Yahoo will offer users the option to encrypt the data that they send and receive from the company as well as promising to “ensure that Yahoo co-branded Mail accounts are https-enabled” – a protocol that encrypts any data sent and received from a website.

Other tech firms including Microsoft, Facebook and Google are also moving to strengthen the encryption of customers’ data, worrying that they have lost the public’s trust following the revelations of wide-spread surveillance of the public by Western governments.