By Robert McMillan and Damian Paletta
Big technology companies, including Google, Microsoft Corp., Twitter Inc. and Facebook Inc. denied scanning incoming user emails on behalf of the U.S. government, following a report that Yahoo Inc. had built such a system.
Reuters reported Tuesday that Yahoo had built a software system last year to scan all incoming email for specific information provided by intelligence officials, in compliance with a classified U.S. government directive.
The system was built without the knowledge of Yahoo’s security team, and its discovery prompted the departure of Yahoo’s then-Chief Information Security Officer Alex Stamos, Reuters reported. Mr. Stamos declined to comment.
In a statement, Yahoo said it “is a law abiding company, and complies with the laws of the United States.” It is unclear whether Yahoo ever provided the government with information gleaned from the system.
According to Reuters, the Yahoo system contained a flaw that could have allowed hackers to access email messages.
The Reuters account suggested the surveillance program differed from those revealed by former National Security Agency contractor Edward Snowden in 2013. In those programs, the government gained access to messages involving specific targets. But the Yahoo tool reportedly examined all incoming email.
The report sparked criticism from some lawmakers and privacy advocates.
“The NSA has said that it only targets individuals…by searching for email addresses and similar identifiers,” said Sen. Ron Wyden (D., Ore.), a member of Senate Intelligence Committee, in an emailed statement. “If that has changed, the executive branch has an obligation to notify the public.”
Patrick Toomey, a staff attorney with the American Civil Liberties Union, said “We have never heard or seen an order requiring an email provider to do something like this.”
Representatives from the NSA, the White House and the Office of the Director of National Intelligence declined to comment.
Other messaging providers reached Tuesday said they hadn’t built similar tools. “We’ve never received such a request, but if we did, our response would be simple: ‘no way,'” a Google spokesman said via email. Google is a division of Alphabet Inc.
“We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo,” a Microsoft spokesman said via email. Microsoft didn’t respond to questions about whether it had received such a request from the federal government.
Twitter Inc. and Facebook Inc. said they hadn’t received requests, and said they would oppose any.
Over the past year, the federal government has found itself at odds with some Silicon Valley companies such as Apple Inc. and Facebook as they have developed so-called end-to-end messaging encryption systems that would prevent them from being able to monitor their users’ communications. Apple didn’t immediately respond to messages seeking comment.
In March, the Federal Bureau of Investigation dropped a legal effort to compel Apple to circumvent the encryption protections of its iPhone to investigate the Dec. 2, 2015, terror attack in San Bernardino, Calif.
Yahoo last year pledged to introduce end-to-end encryption on email. But it is unclear the company ever followed through. A Yahoo spokesman didn’t immediately respond to a request for comment on encryption.
Yoree Koh contributed to this article.
Write to Robert McMillan at Robert.Mcmillan@wsj.com and Damian Paletta at damian.paletta@wsj.com