• Tag Archives privacy
  • Feds tell Web firms to turn over user account passwords

    The U.S. government has demanded that major Internet companies divulge users’ stored passwords, according to two industry sources familiar with these orders, which represent an escalation in surveillance techniques that has not previously been disclosed.

    If the government is able to determine a person’s password, which is typically stored in encrypted form, the credential could be used to log in to an account to peruse confidential correspondence or even impersonate the user. Obtaining it also would aid in deciphering encrypted devices in situations where passwords are reused.

    “I’ve certainly seen them ask for passwords,” said one Internet industry source who spoke on condition of anonymity. “We push back.”

    A second person who has worked at a large Silicon Valley company confirmed that it received legal requests from the federal government for stored passwords. Companies “really heavily scrutinize” these requests, the person said. “There’s a lot of ‘over my dead body.’”

    Some of the government orders demand not only a user’s password but also the encryption algorithm and the so-called salt, according to a person familiar with the requests. A salt is a random string of letters or numbers used to make it more difficult to reverse the encryption process and determine the original password. Other orders demand the secret question codes often associated with user accounts.

    A Microsoft spokesperson would not say whether the company has received such requests from the government. But when asked whether Microsoft would divulge passwords, salts, or algorithms, the spokesperson replied: “No, we don’t, and we can’t see a circumstance in which we would provide it.”

    Google also declined to disclose whether it had received requests for those types of data. But a spokesperson said the company has “never” turned over a user’s encrypted password, and that it has a legal team that frequently pushes back against requests that are fishing expeditions or are otherwise problematic. “We take the privacy and security of our users very seriously,” the spokesperson said.

    A Yahoo spokeswoman would not say whether the company had received such requests. The spokeswoman said: “If we receive a request from law enforcement for a user’s password, we deny such requests on the grounds that they would allow overly broad access to our users’ private information. If we are required to provide information, we do so only in the strictest interpretation of what is required by law.”

    Apple, Facebook, AOL, Verizon, AT&T, Time Warner Cable, and Comcast did not respond to queries about whether they have received requests for users’ passwords and how they would respond to them.

    Richard Lovejoy, a director of the Opera Software subsidiary that operates FastMail, said he doesn’t recall receiving any such requests but that the company still has a relatively small number of users compared with its larger rivals. Because of that, he said, “we don’t get a high volume” of U.S. government demands.

    The FBI declined to comment.

    Full article: http://news.cnet.com … r-account-passwords/


  • ‘We’re going to have more visibility and less privacy’: Mayor Bloomberg admits soon NYPD surveillance cameras will be on nearly every corner and in the air

    Big Brother is watching. Now get used to it!

    Envisioning a future where privacy is a thing of the past, Mayor Bloomberg said Friday it will soon be impossible to escape the watchful eyes of surveillance cameras and even drones in the city.

    He acknowledged privacy concerns, but said “you can’t keep the tides from coming in.”

    “You wait, in five years, the technology is getting better, they’ll be cameras everyplace . . . whether you like it or not,” Bloomberg said.

    The security measures have drawn scorn from some civil libertarians — but Bloomberg scoffed at privacy concerns on his Friday morning program on WOR-AM.

    “The argument against using automation is just this craziness that ‘Oh, it’s Big Brother,’” Bloomberg said. “Get used to it!”

    The New York Civil Liberties Union has documented nearly 2,400 surveillance cameras fixed on public spaces in Manhattan alone. Many are operated by the police, others by poroperty owners.

    In Lower Manhattan, an initiative developed after 9/11 known as the “Ring of Steel” integrates the NYPD’s cameras with those of banks and other institutions.

    But in the future, the cameras won’t just be planted on buildings and utility poles. Some of them will be able to fly, the mayor pointed out.

    “It’s scary,” Bloomberg said. “But what’s the difference whether the drone is up in the air or on the building? I mean intellectually I have trouble making a distinction. And you know you’re gonna have face recognition software. People are working on that.”

    Bloomberg warned that drones would be able to peep into private residences – but that Peeping Tom legislation could help maintain some privacy.

    Full article: http://www.nydailyne … ty-article-1.1296103


  • How much data can police swipe from suspects’ phones without a warrant? (Hint: A lot)

    Call logs, text messages, geo-locations and even data relating to proprietary technologies, such as Apple’s iMessage service: All of these can be downloaded by U.S. law enforcement when a suspect’s phone is plugged in and the data harvested for intelligence purposes.

    Up until now, most had no idea exactly what was collected or how it could be used, though it was believed this data could be acquired.

    Discovered by the U.S.-based privacy group, the American Civil Liberties Union (ACLU), we now have a much clearer image of how much data from a seized cell phone or smartphone the U.S. government gets when a suspect’s phone is plugged into a data collection device.

    A court document submitted in connection with a drugs investigation shows that even Web history, data files, wireless networks and the user’s custom dictionary are downloaded when advanced forensic tools are connected to a suspect’s device.

    Also collected were the device’s geo-location points, including cell towers, allowing authorities to pinpoint roughly where the device—and therefore the suspect—may have been geographically.

    And because many use their cell phones and smartphones to access email on the move, it could allow authorities access to a goldmine of data—whether it’s used in the investigation or otherwise. This ultimately may allow authorities to bypass the need to submit subpoenas or search warrants — under the Stored Communications Act — to Apple, Google, Microsoft and others who provide email services, because the email data is already stored on the suspects’ device.

    Full article: http://www.zdnet.com … nt-a-lot-7000011891/