Watcher Forum
Would you like to react to this message? Create an account in a few clicks or log in to continue.


Welcome to Watcher Forum
 
HomeLatest imagesSearchRegisterLog in

 

 Feds tell Web firms to turn over user account passwords

Go down 
AuthorMessage
Guest
Guest




Feds tell Web firms to turn over user account passwords Empty
PostSubject: Feds tell Web firms to turn over user account passwords   Feds tell Web firms to turn over user account passwords I_icon_minitimeFri Jul 26, 2013 10:04 pm

Nothing Safe!!!

http://news.cnet.com/8301-13578_3-57595529-38/feds-tell-web-firms-to-turn-over-user-account-passwords/

Feds tell Web firms to turn over user account passwords

Secret demands mark escalation in Internet surveillance by the federal government through gaining access to user passwords, which are typically stored in encrypted form.
Declan McCullagh
by Declan McCullagh
July 25, 2013 11:26 AM PDT

Follow @declanm

(Credit: Photo illustration by James Martin/CNET)

The U.S. government has demanded that major Internet companies divulge users' stored passwords, according to two industry sources familiar with these orders, which represent an escalation in surveillance techniques that has not previously been disclosed.

If the government is able to determine a person's password, which is typically stored in encrypted form, the credential could be used to log in to an account to peruse confidential correspondence or even impersonate the user. Obtaining it also would aid in deciphering encrypted devices in situations where passwords are reused.

"I've certainly seen them ask for passwords," said one Internet industry source who spoke on condition of anonymity. "We push back."

A second person who has worked at a large Silicon Valley company confirmed that it received legal requests from the federal government for stored passwords. Companies "really heavily scrutinize" these requests, the person said. "There's a lot of 'over my dead body.'"

Some of the government orders demand not only a user's password but also the encryption algorithm and the so-called salt, according to a person familiar with the requests. A salt is a random string of letters or numbers used to make it more difficult to reverse the encryption process and determine the original password. Other orders demand the secret question codes often associated with user accounts.
"This is one of those unanswered legal questions: Is there any circumstance under which they could get password information?"
--Jennifer Granick, Stanford University

A Microsoft spokesperson would not say whether the company has received such requests from the government. But when asked whether Microsoft would divulge passwords, salts, or algorithms, the spokesperson replied: "No, we don't, and we can't see a circumstance in which we would provide it."

Google also declined to disclose whether it had received requests for those types of data. But a spokesperson said the company has "never" turned over a user's encrypted password, and that it has a legal team that frequently pushes back against requests that are fishing expeditions or are otherwise problematic. "We take the privacy and security of our users very seriously," the spokesperson said.

A Yahoo spokeswoman would not say whether the company had received such requests. The spokeswoman said: "If we receive a request from law enforcement for a user's password, we deny such requests on the grounds that they would allow overly broad access to our users' private information. If we are required to provide information, we do so only in the strictest interpretation of what is required by law."

Apple, Facebook, AOL, Verizon, AT&T, Time Warner Cable, and Comcast did not respond to queries about whether they have received requests for users' passwords and how they would respond to them.

Richard Lovejoy, a director of the Opera Software subsidiary that operates FastMail, said he doesn't recall receiving any such requests but that the company still has a relatively small number of users compared with its larger rivals. Because of that, he said, "we don't get a high volume" of U.S. government demands.

The FBI declined to comment.

Some details remain unclear, including when the requests began and whether the government demands are always targeted at individuals or seek entire password database dumps. The Patriot Act has been used to demand entire database dumps of phone call logs, and critics have suggested its use is broader. "The authority of the government is essentially limitless" under that law, Sen. Ron Wyden, an Oregon Democrat who serves on the Senate Intelligence committee, said at a Washington event this week.
Back to top Go down
 
Feds tell Web firms to turn over user account passwords
Back to top 
Page 1 of 1
 Similar topics
-
» SPRING'S 1-2-2017 !!ALERT!! CHINESE MILITARY RUSHED TO NORTH KOREAN BORDER!!
» User's own posts on previous forum.. downloadable?
» ... --- ... SPRING'S May-22-2019 = LAYOFF'S ^ & Trump Picks Ken Cuccinelli to Oversee Immigration & "I DON'T DO COVER-UPS" : PRESIDENT TRUMP & SHAME ON MONSANTO & WAR ON HOLD &
» ALERT !!!! FLASH !!!! N. KOREA TALKS FAIL: Rex Tillerson said "I think we know where this is all going."
» Undersea Cable Firms Provide Surveillance Access to US Secret State

Permissions in this forum:You cannot reply to topics in this forum
Watcher Forum :: Welcome! :: General Discussion-
Jump to: