Yahoo’s woes transcend privacy

A report Tuesday (Oct. 4) indicating that Yahoo may have complied with an FBI/National Security Agency directive last year, creating custom software to allow the government to search all of its customers’ incoming emails for certain phrases, forces the still unresolved privacy issue back into the open, according to University of Notre Dame data security expert Timothy Carone.

A teaching professor in the Department of IT, Analytics and Operations in Notre Dame’s Mendoza College of Business, Carone says, “When joined with the information on the massive hack that Yahoo recently revealed where at least 500 million accounts were compromised, this situation transcends just the privacy issue.”

Carone says the FBI and NSA asked for the Yahoo information for a reason, and presumably a state-sponsored group or criminal organization performed the recent Yahoo account hack, which was announced Sept. 22 and initially occurred in 2014, exposing information from some 500 million accounts.

“This situation, while complex and challenging to connect the dots, does portend a future for companies and citizens that they have no control over their online content and they must assume that whatever is out there can be accessed by certain organizations as they deem necessary,” Carone says. “Every person and organization has to manage the risk of using applications like Yahoo as we are all dependent on companies like Yahoo to steward our personal information. Realize that the attackers, whether state-sponsored or a criminal organization, have deep pockets and can employ talented people to explore new and innovative ways of breaching well-protected applications like Yahoo. It is an arms race in cyberspace that companies deal with every day and sometimes the bad guy wins.”

Carone says individuals have little control over protecting their information.

“They can take precautions like regularly changing passwords so that when one of their passwords is taken, it becomes useless to the attacker,” he says. “People can also use online tools that are offered to manage the risk of identity theft and attacks focused on their financial assets, but the Internet has been and always will be the Wild West. It is the future we have but not the future we wanted.”

A former astrophysicist, Carone specializes in data science, business intelligence, data mining, artificial intelligence and data security. He is the author of a forthcoming book titled “Future Automation—Changes to Lives and to Businesses.”

Contact: Timothy Carone, 847-226-0659 (cell), tcarone1@nd.edu