In the wake of NSA spying, Yahoo promises encryption everywhere

Yahoo is amping up its encryption efforts to keep its data out of view from the government’s prying eyes. The move comes after allegations that the National Security Agency has been spying on Yahoo and other tech companies without their knowledge.

By the end of the first quarter in 2014, Yahoo says it will give users an option to encrypt all data flow to and from Yahoo. This follows an earlier announcement that Yahoo will roll out SSL encryption by default for all Yahoo Mail users by January 8. (Users can already enable Yahoo Mail encryption manually.)

Yahoo also says it will encrypt all information moving between its data centers by the end of the first quarter, and it will work on getting international partners to enable HTTPS encryption in Yahoo-branded Mail services.

The NSA’s data center snooping was revealed last month by the Washington Post, which cited documents and interviews with Edward Snowden. The Post’s report claimed that the NSA had intercepted communications between data centers for both Yahoo and Google, in a program called “Muscular.” This was a separate initiative from Prism, in which tech firms voluntarily handed over information to the NSA. (Tech firms have been pushing for the government to let them reveal more about national security requests, in hopes that they can prove data collection isn’t widespread.)

Both Yahoo and Google condemned the NSA’s unauthorized data collection, with some Google employees reserving choice words for the government (while not speaking on the search giant’s behalf). Google had already been working to encrypt its data transmissions, and accelerated its efforts in June. Microsoft generally doesn’t encrypt its data center transmissions, but said last week that it’s reviewing its own security systems now.

A push to add encryption to Web-based services has been going on since long before the NSA revelations. Facebook and Twitter made HTTPS the default for all users last year, following Gmail’s switch to HTTPS in 2010. Yahoo’s upcoming switch will be better late than never.

Subscribe to the Security Watch Newsletter

Comments