The Yahoo e-mail privacy flap that wasn't

Why is the Internet so outraged about Yahoo scanning e-mail to improve the relevance of advertisements? This privacy flap already happened... in 2011.

Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
Declan McCullagh
3 min read
Yahoo CEO Marissa Mayer at TechCrunch Disrupt in New York. Shara Tibken/CNET

It seemed like yet another corporate privacy flap: Yahoo CEO Marissa Mayer decrees that Yahoo Mail users will have their e-mail "scanned and analyzed" so relevant ads can be displayed.

That apparent revelation prompted dozens of news articles in the last few days describing the practice as "creepy" or "freaking people out." One wondered if it was an "aggressive invasion of privacy."

The only problem is that Yahoo hasn't, well, actually changed its policy. At all. A version of Yahoo Mail's terms of service adopted in 2011 gives the company the right to "scan and analyze all incoming and outgoing communications content sent and received from your account" and use the profile to "match and serve targeted advertising" to you.

That language -- it's word-for-word identical today -- appears in Yahoo's current terms of service policy that's currently in effect.


"This is not about a new policy," said Yahoo spokeswoman DJ Anderson. "We believe having personalized experiences benefits the user. If the user doesn't want to have contextual-based or interest-based advertising, they can opt out of that through our ad interest manager."

This week's controversy underscores how short memories have become in the modern Internet era: the same privacy flap occurred in June 2011, when Yahoo actually adopted the policy in effect today that permits e-mail to be scanned.

The BBC published an article at the time with a headline saying: "Yahoo! criticised over e-mail 'snooping' for advertising." An advocacy group called Big Brother Watch called on the company to reverse course. A comment posted on a Slashdot discussion thread charged: "Yahoo isn't an e-mail provider, they are telemarketers with deceptive practices."

What happened in the last month that sparked this fact-free reprise of the summer of 2011 was that, on May 17, Yahoo posted a note on its Web site saying that users would soon be required to switch over to the new version of Yahoo Mail starting in early June. That note said:

When you upgrade, you will be accepting our Communications Terms of Service and Privacy Policy. This includes the acceptance of automated content scanning and analyzing of your communications content, which Yahoo! uses to deliver product features, relevant advertising, and abuse protection.

That wording was ambiguous. If Yahoo had reminded its users that the current policy had been in effect since mid-2011, and that it applied to both the outgoing and incoming versions of Yahoo Mail, it likely would have avoided this mini-controversy. But it didn't.

That let StartMail, which said it has plans to offer a no-scan e-mail service, send out a press release saying that "Yahoo can now openly troll through email for personal information that it can share or hold onto indefinitely" -- even though this has been the case for approximately two years. And, of course, Google's popular Gmail service has been doing the same thing since 2004.

It's not clear why Yahoo felt the need to remind existing users of language in its 2011 terms of service. One possibility, though, is an effort to head off privacy lawsuits brought by class action lawyers hoping for a million-dollar jackpot. (If there's ever any litigation, defense counsel would surely prefer to rely on informed consent rather than implied consent.)

It's not merely a theoretical possibility: Google was sued in 2011 by a Massachusetts AOL user who sent e-mail to a Gmail account and then claimed her privacy was invaded. Near-identical lawsuits were filed in Marin County, Calif., (PDF) in June 2012, British Columbia (PDF) in October 2012, and Florida (PDF) in November 2012. On April 29, two college students filed yet another suit (PDF) seeking class action status in San Jose, Calif.

Chris Conley, a technology and civil liberties fellow at the ACLU of Northern California, said his organization likes to see e-mail scanning clearly disclosed to users.

"Perhaps Yahoo has not done a good job of communicating to their users what's going on," Conley said.