Yahoo to add encryption to all its products

19 Nov 2013

Yahoo will add encryption to all its products by spring 2014, in a bid to tackle privacy fears of users, after reports that the National Security Agency had accessed data centres of the firm, chief Marissa Mayer has announced.

Mayer said in a blogpost yesterday: ''We've worked hard over the years to earn our users' trust and we fight hard to preserve it. As you know, there have been a number of reports over the last six months about the US government secretly accessing user data without the knowledge of tech companies, including Yahoo.

''I want to reiterate what we have said in the past: Yahoo has never given access to our data centers to the NSA or to any other government agency. Ever. There is nothing more important to us than protecting our users' privacy.''

Mayer's move comes following a Washington Post report last month that the NSA had broken into the main communication links that connected Yahoo with Google data centres around the world.

According to documents obtained from former NSA contractor Edward Snowden as also interviews with officials, the NSA, in partnership with its UK counterpart GCHQ, had been copying large amounts of data as it flowed across fibre-optic cables carrying information between the companies' worldwide data centres.

Yahoo said after the story had broken out that government attempts to circumvent its online security systems offered ''substantial potential for abuse''.

According to Eric Schmidt, Google's executive chairman, the news was ''really outrageous''.

Mayer said in her post: "There is nothing more important to us than protecting our users' privacy. To that end, we recently announced that we will make Yahoo Mail even more secure by introducing https (SSL - Secure Sockets Layer) encryption with a 2048-bit key across our network by January 8, 2014."

Meanwhile, Microsoft said it was "reviewing" such a move, but it did not encrypt as yet.

The Yahoo! data centre streams, carrying massive amounts of user and corporate information, would be encrypted by the first quarter of next year, and Yahoo! Mail users will get the option to encrypt, although it did not look at this stage as though this would be the default setting.

Also Yahoo! would work with co-branded partners to set up HTTPS communications links overseas and eventually Yahoo wanted to encrypt all of its services, it has not given a precise timescale.

"As we have said before, we will continue to evaluate how we can protect our users' privacy and their data. We appreciate, and certainly do not take for granted, the trust our users place in us," Mayer concluded.