Verizon is attempting to negotiate down its bid to buy Yahoo – shaving off $1 billion from its $4.8 billion agreement to purchase Yahoo's internet business, according to the New York Post.
This renegotiation follows a few weeks of negative news for Yahoo. Revelations broke last week of a massive breach that went unreported for a time, and then earlier this week headlines trumpeted Yahoo's cooperation with government intelligence agencies – ordered by a secret Foreign Intelligence Surveillance Court – into mass surveillance of all of its customer's emails, purportedly to search for the digital signatures of terrorist communications.
The Post reported that Tim Armstrong, chief executive of Verizon's AOL unit, expressed reservations over the lack of transparency these incidents have brought to the surface.
While he told an interviewer on CNBC's Squawk Box that the acquisition is proceeding "calmly" and "methodically" as the teams work to digest the consequences of the breach, there can be no question that Verizon is concerned over the implications of acquiring a brand recently cast in a negative light.
And besides executive management, what might Verizon customers think of a new step-sibling that's been tainted with disclosures of inadequate security and, if the allegations of cooperation with intelligence probes prove true, even abuse of customers' Fourth Amendment privacy rights.
The business plan set up over the past months involved Verizon joining Yahoo with its AOL unit to compete with Google and Facebook. Sources told the Post that Armstrong flew to the West Coast this past week to hammer out a discount with Yahoo executives because Verizon believes Yahoo's value has been damaged.
But at the same time, the Post claimed that Yahoo is pushing back, saying that the deal has already been signed and AOL/Verizon has no legal recourse to renegotiate terms. A board meeting is scheduled in two weeks as the parties are said to be continuing discussions.
"The hack represented a very different risk to the Verizon acquisition," Fatemeh Khatibloo, principal analyst at Forrester, told SCMagazine.com earlier this week. "If they could prove in court that the hack materially changed the value of Yahoo – either because, for example, consumers left in droves or the remediation of the breach would significantly devalue Yahoo's assets – they could potentially get out of the deal."
Regarding the matter of Yahoo's compliance with an order from the secret Foreign Intelligence Surveillance Court, a number of experts have weighed in that Yahoo was caught between a rock and hard place.
U.S. technology companies are placed in a difficult situation with compliance with FISA directives, Tim Toohey, partner and head of the cybersecurity practice at Greenberg Glusker (in L.A.), told SCMagazine.com on Friday. "Companies operating in the United States must, of course, comply with the laws of the land, including FISA. However, they also operate internationally (including in the E.U.) and blind or rote compliance may further foster the view that consumers' data (particularly that of Europeans) is not safe in the hands of U.S. tech companies."
The consequence, added Toohey, is that we are seeing companies such as Microsoft and Google push back against requests for personal and other information. "That tension is unlikely to diminish as the E.U., in particular, ratchets up pressure with the upcoming General Data Protection Regulation and challenges to the Privacy Shield."
But, in the matter of inadequate security controls in place, that could prove costly. In a tweet, Christopher Soghoian, a privacy researcher and the principal technologist at the American Civil Liberties Union, noted the $1 billion discount when he alluded to Yahoo's reported leaving of its security team out of the loop, both when CEO Marissa Mayer complied with a government directive to spy on user emails, and an earlier incident when the firm's legal department was reported to have ordered the security team to not reveal their investigation of a hack to the CISO.