{"id":2633,"date":"2013-07-30T15:35:28","date_gmt":"2013-07-30T15:35:28","guid":{"rendered":"http:\/\/megalextoria.wordpress.com\/?p=2633"},"modified":"2013-07-30T15:35:28","modified_gmt":"2013-07-30T15:35:28","slug":"feds-tell-web-firms-to-turn-over-user-account-passwords","status":"publish","type":"post","link":"https:\/\/www.megalextoria.com\/wordpress\/index.php\/2013\/07\/30\/feds-tell-web-firms-to-turn-over-user-account-passwords\/","title":{"rendered":"Feds tell Web firms to turn over user account passwords"},"content":{"rendered":"<p style=\"text-align: center;\"><a href=\"https:\/\/www.megalextoria.com\/politics\/?x=entry:entry130730-133012\"><img decoding=\"async\" src=\"https:\/\/www.megalextoria.com\/wordpress\/wp-content\/uploads\/2013\/07\/bcrypt_610x3571.png\" alt=\"\" \/><\/a><\/p>\n<p>The U.S. government has demanded that major Internet companies divulge users\u2019 stored passwords, according to two industry sources familiar with these orders, which represent an escalation in surveillance techniques that has not previously been disclosed.<\/p>\n<p>If the government is able to determine a person\u2019s password, which is typically stored in encrypted form, the credential could be used to log in to an account to peruse confidential correspondence or even impersonate the user. Obtaining it also would aid in deciphering encrypted devices in situations where passwords are reused.<\/p>\n<p>\u201cI\u2019ve certainly seen them ask for passwords,\u201d said one Internet industry source who spoke on condition of anonymity. \u201cWe push back.\u201d<\/p>\n<p>A second person who has worked at a large Silicon Valley company confirmed that it received legal requests from the federal government for stored passwords. Companies \u201creally heavily scrutinize\u201d these requests, the person said. \u201cThere\u2019s a lot of \u2018over my dead body.\u2019\u201d<\/p>\n<p>Some of the government orders demand not only a user\u2019s password but also the encryption algorithm and the so-called salt, according to a person familiar with the requests. A salt is a random string of letters or numbers used to make it more difficult to reverse the encryption process and determine the original password. Other orders demand the secret question codes often associated with user accounts.<\/p>\n<p>A Microsoft spokesperson would not say whether the company has received such requests from the government. But when asked whether Microsoft would divulge passwords, salts, or algorithms, the spokesperson replied: \u201cNo, we don\u2019t, and we can\u2019t see a circumstance in which we would provide it.\u201d<\/p>\n<p>Google also declined to disclose whether it had received requests for those types of data. But a spokesperson said the company has \u201cnever\u201d turned over a user\u2019s encrypted password, and that it has a legal team that frequently pushes back against requests that are fishing expeditions or are otherwise problematic. \u201cWe take the privacy and security of our users very seriously,\u201d the spokesperson said.<\/p>\n<p>A Yahoo spokeswoman would not say whether the company had received such requests. The spokeswoman said: \u201cIf we receive a request from law enforcement for a user\u2019s password, we deny such requests on the grounds that they would allow overly broad access to our users\u2019 private information. If we are required to provide information, we do so only in the strictest interpretation of what is required by law.\u201d<\/p>\n<p>Apple, Facebook, AOL, Verizon, AT&amp;T, Time Warner Cable, and Comcast did not respond to queries about whether they have received requests for users\u2019 passwords and how they would respond to them.<\/p>\n<p>Richard Lovejoy, a director of the Opera Software subsidiary that operates FastMail, said he doesn\u2019t recall receiving any such requests but that the company still has a relatively small number of users compared with its larger rivals. Because of that, he said, \u201cwe don\u2019t get a high volume\u201d of U.S. government demands.<\/p>\n<p>The FBI declined to comment.<\/p>\n<p>Full article: <a class=\"externlink\" title=\"Go to http:\/\/news.cnet.com\/8301-13578_3-57595529-38\/feds-tell-web-firms-to-turn-over-user-account-passwords\/\" href=\"http:\/\/news.cnet.com\/8301-13578_3-57595529-38\/feds-tell-web-firms-to-turn-over-user-account-passwords\/\">http:\/\/news.cnet.com \u2026 r-account-passwords\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The U.S. government has demanded that major Internet companies divulge users\u2019 stored passwords, according to two industry sources familiar with these orders, which represent an escalation in surveillance techniques that has not previously been disclosed. If the government is able to determine a person\u2019s password, which is typically stored in encrypted form, the credential could be used to log in to an account to peruse confidential correspondence or even impersonate the user. Obtaining it also would aid in deciphering encrypted devices in situations where passwords are reused. \u201cI\u2019ve certainly seen them ask for passwords,\u201d said one Internet industry source who spoke on condition of anonymity. \u201cWe push back.\u201d A second person who has worked at a large Silicon Valley company confirmed that it received legal requests from the federal government for stored passwords. Companies \u201creally heavily scrutinize\u201d these requests, the person said. \u201cThere\u2019s a lot of \u2018over my dead body.\u2019\u201d Some of the government orders demand not only a user\u2019s password but also the encryption algorithm and the so-called salt, according to a person familiar with the requests. A salt is a random string of letters or numbers used to make it more difficult to reverse the encryption process and [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[15],"tags":[1374],"class_list":["post-2633","post","type-post","status-publish","format-standard","hentry","category-news-and-politics","tag-privacy"],"_links":{"self":[{"href":"https:\/\/www.megalextoria.com\/wordpress\/index.php\/wp-json\/wp\/v2\/posts\/2633","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.megalextoria.com\/wordpress\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.megalextoria.com\/wordpress\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.megalextoria.com\/wordpress\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.megalextoria.com\/wordpress\/index.php\/wp-json\/wp\/v2\/comments?post=2633"}],"version-history":[{"count":0,"href":"https:\/\/www.megalextoria.com\/wordpress\/index.php\/wp-json\/wp\/v2\/posts\/2633\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.megalextoria.com\/wordpress\/index.php\/wp-json\/wp\/v2\/media?parent=2633"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.megalextoria.com\/wordpress\/index.php\/wp-json\/wp\/v2\/categories?post=2633"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.megalextoria.com\/wordpress\/index.php\/wp-json\/wp\/v2\/tags?post=2633"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}