SAN FRANCISCO — The Edward Snowden effect just made an encore, thanks to a report Yahoo has been scanning incoming emails on behalf of U.S. intelligence officials.
And it's likely to take a few more bows. U.S. technology companies, already in defensive mode thanks to the former NSA contractor's revelations of a mass government surveillance program in 2013, are even more data-hungry today and therefore more on edge.
From big data to the cloud to artificial intelligence you can talk to in your kitchen, the tech world is busy spinning the straw of information it gathers about users into gold.
While the privacy of corporate data has long been a concern among civil libertarians, a consumer flashpoint came when former NSA contractor Snowden released a trove of classified information about a mass NSA phone spying program. A federal appeals court later ruled the bulk collection of phone data was illegal under the Patriot Act, but the damage to the reputation of U.S. computer companies was done.
The Snowden effect — heightened public fear about information security and privacy in the wake of his revelations — looms large as the power of the data troves being amassed by companies grows.
The potential to gain an edge with this data and sophisticated systems that model human behavior has been guiding big shifts in corporate strategy. Some of the most recent include Microsoft's purchase of LinkedIn and Salesforce's interest in the professional network as well as Twitter (both seen as plays for data); aggressive expansion into cloud computing by Microsoft, Google and Intel; and a stream of artificial intelligence-powered devices like Google’s new Pixel phone and Home speaker, which aim to use your responses to make a "personal Google."
With an estimated 1 billion active users a month worldwide and 81 million active Yahoo Mail users in the United States, Yahoo is a nexus for such data. On Wednesday a federal law enforcement official told USA TODAY that the government directive ordering Yahoo to scan customer emails was issued by the Foreign Intelligence Surveillance Court. That's the closed court in Washington D.C. that oversees requests for surveillance warrants for foreign intelligence purposes.
The directive asked Yahoo to essentially sift through incoming email streams for a digital signature associated with a known terror organization.
While the Yahoo saga is still developing, the questions it raises show the dilemmas faced by companies with a voracious need for data about their customers but also a user base that might turn on them should they find the companies have aided the government in spying on them.
Simmering under the surface is a fraught, unresolved legal and public battle between U.S. tech companies and the U.S. government over user privacy on the one hand and the need for intelligence in an age of terrorism on the other.
Multiple recent legal battles highlight the tension.
In July, a court ruled that Microsoft couldn't be forced to give the U.S. government e-mails stored in Ireland that are part of a U.S. drug investigation. It's expected the ruling will be appealed possibly all the way to the Supreme Court.
Apple fought the Department of Justice for 43 days earlier this year over whether the computer company should be forced to overwrite the software to hack into an iPhone used by San Bernardino gunman Syed Rizwan Farook. The dispute ended only when the FBI found another way into the phone.
Last October the 15-year old Safe Harbor pact, which created a legal framework for data transfers between the United States and the European Union, was declared invalid by the European Court of Justice over concerns about the U.S. mass surveillance Snowden revealed. It was replaced by a more transparent agreement, the Privacy Shield, in July.
News of Yahoo's possible capitulation to a much broader U.S. sweep of its data than ever before reported will likely cause more European concern.
“Without a doubt lots of European regulators will be pointing to this as exactly the sort of thing they were concerned about,” said Scott Vernick, an information security and privacy partner at the law firm of Fox Rothschild in Philadelphia.
The European Union is also investigating Facebook for possible misuse of data, on the theory that it is so dominate in several European countries that people are accepting a lower degree of privacy for their personal data because they feel they must use the service.
Privacy, monetization and investment
In terms of business models, most large tech companies would wither if they lost access to information about their users’ online lives.
“They certainly don’t want to lock it away from themselves – they absolute need it to monetize it,” said Jeff Pollard, a privacy and security analyst with Forrester, a consulting company.
The rise of chat bots and artificial intelligence (AI) agents is a case in point.
Amazon has invested heavily in its popular and groundbreaking Alexa digital assistant, which learns not just users' voices but also their preferences so it can make better guesses at what they're asking for.
Facebook hopes its Messenger chat bot will allow businesses to talk to, and more importantly sell to, customers by providing "really awesome experiences," in the words of the project head, David Marcus. Those experiences get better the more the AI knows about the user, allowing it to make better-educated guesses about their needs and desires.
Samsung just this week announced it was buying Viv, machine-learning virtual assistant company started by Siri founder Dag Kittlaus. But as he acknowledged, smarter smartphones will have to deal with balancing consumer's desire for privacy with the artificial intelligence's voracious need for more data about them.
So far, all the big U.S. tech companies are saying they were not asked to do what Yahoo is said to have done, and if they had been, they would have fought it. In Apple's words, "We have never received a request of this type. If we were to receive one, we would oppose it in court."
How this dilemma will ultimately be resolved is unclear, with experts saying many legal battles are likely still ahead and a possible growing chasm between what's acceptable in the United States and in Europe.
Long term, pushback could come not just from consumers, but investors themselves.
Michael Gordon CEO of Group Gordon, a New York-based corporate and crisis public relations firm, said companies such as Yahoo that collect massive amounts of user data must tread carefully.
Once a company gets stuck with a label of lackluster data protection, he said, “investors or users will automatically assume the worst.”
Elizabeth Weise covers technology and cybersecurity for USA TODAY. Follow her at @eweise.