Yahoo! gave data on 300+ users to Aussie government


By Andrew Collins
Tuesday, 10 September, 2013


Yahoo! gave data on 300+ users to Aussie government

Yahoo! gave the Australian government data on at least 305 of its users in the first half of 2013.

That’s according to the company’s first global transparency report, released last week, which details requests made by governments for data on Yahoo! users in the first half of 2013.

The report details the number of requests made by governments for data on Yahoo!’s users. It covers a six-month period from 1 January 2013 through 30 June 2013 and lists requests from 17 countries.

It does not include requests for data on users of Tumblr, a recent Yahoo! acquisition.

In that period, the Australian Government made 704 requests covering 799 user accounts; a request can cover more than one account.

Yahoo! handed over ‘non-content data’ in response to 305 (43%) of these requests. This could include a user’s alternate email address, name, location, IP address, login details, billing information and other ‘transactional information’ like the ‘to’, ‘from’ and ‘date’ fields in email headers.

In 11 cases (2%), the company handed over what it calls ‘content’, defined by the company as data that Yahoo! users “create, communicate, and store on or through our services”. This might include the words in an email or instant message, photos, files, address book entries or similar.

In 146 cases (21%), the company “produced no data in response to the Government Data Request because no responsive data could be found (ie, the account didn’t exist or there was no data for the date range specified by the request)”, Yahoo! said.

One third (34%) of the 704 requests fell into the company’s ‘rejected’ category. In some of these instances, Yahoo! did not provide any data because there was a problem with the government’s request. The category also includes requests that “were withdrawn after being received” by Yahoo!, the company said.

“We carefully review Government Data Requests for legal sufficiency and interpret them narrowly in an effort to produce the least amount of data necessary to comply with the request,” the company said.

“Our legal department demands that government data requests be made through lawful means and for lawful purposes. We regularly push back against improper requests for user data, including fighting requests that are unclear, improper, overbroad or unlawful.”

“The Government Data Requests reflected in this report are generally made in connection with criminal investigations.”

Australia had the 10th highest number of requests. The US led the pack, with 12,444 requests covering 40,322 accounts. Only 2% of these were rejected, with 55% resulting in non-content data being disclosed and 37% resulting in the disclosure of content.

Image courtesy of gaku under CC

Related Articles

Strategies for navigating Java vulnerabilities

Java remains a robust and widely adopted platform for enterprise applications, but staying ahead...

Not all cyber risk is created equal

The key to mitigating cyber exposure lies in preventing breaches before they happen.

How AI can help businesses manage their cyber risks

Artificial intelligence can be a powerful ally in the fight against cyberthreats.


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd