NEW YORK (AP, Oct. 5, 2016) — Yahoo's reported agreement to assist U.S. investigators by searching all email sent to hundreds of millions of accounts has stoked fresh concerns about mass government surveillance — not to mention questions over just how much privacy tech companies owe their users.

Reports from Reuters and the Washington Post said that last year, Yahoo began scanning all incoming mail for a string of letters, numbers or other characters, and provided the messages that match to federal intelligence or law enforcement agencies. Yahoo didn't deny the initial Reuters report on Tuesday, but on Wednesday characterized it as "misleading" in a carefully worded statement.

"The mail scanning described in the article does not exist on our systems," Yahoo wrote. It added that said it interprets every government request for data "narrowly" to "minimize disclosure." On Tuesday, it said only that it complies with U.S. law.

Reuters reported that Yahoo built custom software for the scans. Yahoo's latest statement does not say whether it has conducted such email scans in the past, or whether that software might exist outside its systems.

STOKING FEARS

Yahoo's reported cooperation with the government renewed concerns that the U.S. may have found new ways to expand mass surveillance. Patrick Toomey, a staff attorney with the American Civil Liberties Union, said in a statement that the government order appears to be "unprecedented and unconstitutional."

Odia Kagan, a Philadelphia-based data privacy attorney, said that it's impossible to judge the legality of the government's request, since the facts surrounding it remain murky.

While companies have a duty to abide by the law, they also have a duty to protect the privacy of their users. The trick is to balance those two things. And sometimes that means putting up a fight when it comes to government requests, even if they ultimately lose, in order to preserve their users' trust in them.

A REVERSAL FOR YAHOO

Kagan noted that the government made a similar request to Yahoo in 2007, which the company fought and lost after it was threated with fines of $250,000 a day. Yahoo hasn't said if that experience figured into its decisions in this case.

Government officials also stopped short of a full denial. Richard Kolko, deputy director of public affairs for the Office of the Director of National Intelligence, released a statement Wednesday saying that the office doesn't discuss the specific ways the intelligence community collects information.

But Kolko added that while the government has the ability to collect information about non-U.S. citizens under the Foreign Intelligence and Surveillance Act, those powers are overseen by all three branches of the federal government and are required to be narrowly focused.

Bulk collection of data isn't allowed and the government cannot indiscriminately review the emails or phone calls of ordinary people, he said.

MORE TROUBLE FOR YAHOO

The news is just the latest email bombshell for Yahoo, which was already reeling from its recent admission that computer hackers swiped personal information from at least 500 million of its accounts. That attack is believed to be the biggest digital break-in ever suffered by an email provider.

This week's revelations could also affect Yahoo's operations in Europe, Kagan said. User data there is protected by a data privacy agreement struck this summer between the U.S. and EU regulators known as the Privacy Shield.

Yahoo is also in the process of selling its online operations to Verizon for $4.8 billion. Verizon so far has had no comment on the email-scanning reports.