Slickdeals User Survey 2017 We are giving away 200 gift cards worth $25 each! See More
Forum Thread

Feds tell Web firms to turn over user account passwords

Radeck 7,469 251 July 26, 2013 at 01:17 PM
http://news.cnet.com/8301-13578_3...passwords/

Big Brother just LOOOOOVVVEEESSS the taste of power....

Quote :
Secret demands mark escalation in Internet surveillance by the federal government through gaining access to user passwords, which are typically stored in encrypted form.
...
The U.S. government has demanded that major Internet companies divulge users' stored passwords, according to two industry sources familiar with these orders, which represent an escalation in surveillance techniques that has not previously been disclosed.

If the government is able to determine a person's password, which is typically stored in encrypted form, the credential could be used to log in to an account to peruse confidential correspondence or even impersonate the user. Obtaining it also would aid in deciphering encrypted devices in situations where passwords are reused.

"I've certainly seen them ask for passwords," said one Internet industry source who spoke on condition of anonymity. "We push back."

A second person who has worked at a large Silicon Valley company confirmed that it received legal requests from the federal government for stored passwords. Companies "really heavily scrutinize" these requests, the person said. "There's a lot of 'over my dead body.'"

Some of the government orders demand not only a user's password but also the encryption algorithm and the so-called salt, according to a person familiar with the requests. A salt is a random string of letters or numbers used to make it more difficult to reverse the encryption process and determine the original password. Other orders demand the secret question codes often associated with user accounts.

3 Comments

1

Sign up for a Slickdeals account to remove this ad.

Joined Jan 2004
L10: Grand Master
15,232 Posts
1,143 Reputation
#2
Not to mention that when they get hacked and lose the unencrypted passwords (and you know it's going to happen) then the hackers will likely know what your various other passwords are or if they don't all they have to do is go to various sites, put in your e-mail password and say you lost your password and then check the e-mail account they have access to and make up a new one.

Bravo!

I guess the one thing I would want to understand before getting upset is whether they're asking for everyone's password or rather just some suspected terrorist or something like that. Also, is there a warrant demanding the password or just them asking for it.
Reply Helpful Comment? 0 0
Last edited by LivninSC July 26, 2013 at 01:53 PM.
Joined Apr 2007
L10: Grand Master
7,469 Posts
251 Reputation
Original Poster
#3
Quote from LivninSC View Post :
I guess the one thing I would want to understand before getting upset is whether they're asking for everyone's password or rather just some suspected terrorist or something like that. Also, is there a warrant demanding the password or just them asking for it.
it's not entirely clear, but given the history of mass data dumps of phone records, it seems plausible that they would ask the same of password records

from the link:
Quote :
Some details remain unclear, including when the requests began and whether the government demands are always targeted at individuals or seek entire password database dumps. The Patriot Act has been used to demand entire database dumps of phone call logs, and critics have suggested its use is broader. "The authority of the government is essentially limitless" under that law, Sen. Ron Wyden, an Oregon Democrat who serves on the Senate Intelligence committee, said at a Washington event this week.
Reply Helpful Comment? 0 0
Whee Argue Soap Box

"None are more hopelessly enslaved than those who falsely believe they are free." - Johann Wolfgang von Goethe

"The federal government has taken too much tax money from the people, too much authority from the States, and too much liberty with the Constitution" - Ronald Reagan
Joined Jan 2004
L10: Grand Master
15,232 Posts
1,143 Reputation
#4
Quote from Radeck View Post :
it's not entirely clear, but given the history of mass data dumps of phone records, it seems plausible that they would ask the same of password records

from the link:
Ya, that's kind of what I was thinking and you would think that's the only reason they were asking how to unencrypt them but I would like to know what the actual requests are.
Reply Helpful Comment? 0 0
Page 1 of 1
1
Join the Conversation
Add a Comment
 
Copyright 1999 - 2017. Slickdeals, LLC. All Rights Reserved. Copyright / Infringement Policy  •  Privacy Policy  •  Terms of Service  •  Acceptable Use Policy (Rules)  •  Interest-Based Ads
Link Copied to Clipboard