Does a Fifth of Yahoo’s Value Derive from (Perceived) Security and Privacy?

The NYPost is reporting that Verizon is trying to get a billion dollar discount off its $4.8 billion purchase price for Yahoo.

“In the last day we’ve heard that [AOL head, who is in charge of these negotiations] Tim [Armstong] is getting cold feet. He’s pretty upset about the lack of disclosure and he’s saying can we get out of this or can we reduce the price?” said a source familiar with Verizon’s thinking.

That might just be tough talk to get Yahoo to roll back the price. Verizon had been planning to couple Yahoo with its AOL unit to give it enough scale to be a third force to compete with Google and Facebook for digital ad dollars.

The discount is being pushed because it feels Yahoo’s value has been diminished, sources said.

AOL/Yahoo will reach about 1 billion consumers if the deal closes in the first quarter, with a stated goal to reach 2 billion by 2020. AOL boss Tim Armstrong flew to the West Coast in the past few days to meet with Yahoo executives to hammer out a case for a price reduction, a source said.

At one level, this is just business. Verizon has the opportunity to save some money, and it is exploring that opportunity.

But the underlying argument is an interesting one, as it floats a potential value — over a fifth of the original purchase price — tied to Yahoo’s ability to offer its users privacy.

As I understand it, the basis for any discount would be an interesting debate, too. The NYP story implies this is a reaction to both Yahoo’s admission that upwards of 500 million Yahoo users got hacked in 2014 and the more recent admission that last year Yahoo fulfilled a FISA order to scan all its incoming email addresses without legal challenge.

Yahoo has claimed that it only recently learned about the 2014 hack of its users — it told Verizon within days of discovering the hack. If that’s true, it’s not necessarily something Yahoo could have told Verizon before the purchase. (Indeed, Verizon should have considered Yahoo’s security posture when buying it.) But there are apparently real questions about how forthcoming Yahoo has been about the extent of the hack. The number of people affected might be in the billions.

Yahoo can’t claim to have been ignorant about its willingness to respond to exotic FISA requests without legal challenge, however.

Verizon bought Yahoo at a time when Yahoo’s aggressive challenged to PRISM back in 2007 was public knowledge. Given that Verizon had been — or at least had been making a show — of limiting what it would agree to do under USA Freedom Act (Verizon got too little credit, in my opinion, for being the prime necessary driver behind the reform), that earlier legal challenge would have aligned with what Verizon itself was doing: limiting its voluntary cooperation with US government spying requests. But now we learn Yahoo had repurposed its own spam and kiddie porn filter to help the government spy, without complaint, and without even telling its own security team.

I’ll let the mergers and acquisitions lawyers fight over whether Verizon has a claim about the purchase price here. Obviously, the $1 billion is just the opening offer.

But there is a real basis for the claim, at least in terms of value. Verizon bought Yahoo to be able to bump its user base up high enough to be able to compete with Google and Facebook. The perception, particularly in Europe, that Yahoo has neither adequately valued user security nor pushed back against exotic US government demands (especially in the wake of the Snowden revelations) will make it a lot harder to maintain, much less expand, the user base that is the entire purpose for the purchase.

So we’re about to learn how much of an international Internet Service Provider’s value is currently tied to its ability to offer security to its users.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

9 replies
  1. bloopie2 says:

    “So we’re about to learn how much of an international Internet Service Provider’s value is currently tied to its ability to offer security to its users.” Correct, and I would also note this: “Security” is a basis (at least partially) for many marriages, not just this one. Someone struggling, who sells out to (ooh, that sounds bad) someone else who is seemingly better off, so as to be taken care of in their old age. Ain’t life grand?

    • scribe says:

      Someone struggling, who sells out to (ooh, that sounds bad) someone else who is seemingly better off, so as to be taken care of in their old age. Ain’t life grand?

      … only to find out that all the expensive cars, houses and clothes  were rented to present the impression of wealth and prosperity and, in reality, the schmuck is broke.

      I think Verizon has an excellent case to stop the deal entirely on the grounds of a material misstatement of fact (or even fraud) which went to the heart of the deal.  I thought I had a cite, but it turned out to be wrong;  this does seem to be a case of fraud in the inducement.  The problem with such a case in today’s climate, though, would be the ability of Yahoo to disclose to Verizon the existence of the government’s “request” for assistance.  But merely rolling over to the NSA seems a rather limp response, and making no effort to disclose it only compounds it.

  2. arbusto says:

    Technically, how could Yahoo security be kept out of the loop if they we on the ball, and any thoughts on an honest & free email provider. I assume Outlook, gmail and of course Yahoo act in their own interest before the customer, the Constitution, or the law.

    Cheapskates want to know

    • Anon says:

      BoingBoing has some added info on this. It seems that, according to anonymous insiders the software was not just a scanning kit but an actual RootKit which was installed to provide backdoor access and which was therefore hidden from Sysadmins and Yahoo Security.  According to the story they later found it as part of their security operations and assumed that they had been attacked before being told to ignore it.  This is part of why the CSO left.


  3. Frank Wilhoit says:

    Give examples of companies that have suffered quantifiable damage to their brand value or goodwill from collaboration with the Deep State.

    (Then throw Qwest into the other pan of the scale.)

  4. earlofhuntingdon says:

    Verizon has a long way to go if it thinks purchasing anyone else’s credibility regarding user privacy will enhance its own record of commercialization and poor privacy protection.

  5. greengiant says:

    This seems to be smoke and mirrors to me.   Subcontracting to Verizon smells like plan C.   What with offshoring the servers to make them fair game,  ( did they not do that ),   and everyone else reading your email,  searches,  mouse movements,  for private and deep state capture.

Comments are closed.