Robert Graham of Errata Security posted a well-considered critique of Joseph Menn’s blockbuster report on Yahoo:
My point is this: the story is full of mangled details that really tell us nothing. I can come up with multiple, unrelated scenarios that are consistent with the content in the story. The story certainly doesn’t say that Yahoo did anything wrong, or that the government is doing anything wrong (at least, wronger than we already know).
A few details from Menn’s report were somewhat clarified by a separate Reuters article, published the next day, from Mark Hosenball and Dustin Volz, and a New York Times article by Charlie Savage and Nicole Perlroth.
Menn’s initial article, while revelatory, should have been clearer from the time it was posted. Vague reporting on the details of security matters damages our ability to argue for better privacy protections in the long term, because we will be unable to accurately address specific violations of it.