The largest firms won’t even say whether or not they have received government demands for passwords. Their refusal to answer speaks volumes.
Cnet: Feds tell Web firms to turn over user account passwords
Secret demands mark escalation in Internet surveillance by the federal government through gaining access to user passwords, which are typically stored in encrypted form.
by Declan McCullagh July 25, 2013 11:26 AM PDT
The U.S. government has demanded that major Internet companies divulge users’ stored passwords, according to two industry sources familiar with these orders, which represent an escalation in surveillance techniques that has not previously been disclosed.
If the government is able to determine a person’s password, which is typically stored in encrypted form, the credential could be used to log in to an account to peruse confidential correspondence or even impersonate the user. Obtaining it also would aid in deciphering encrypted devices in situations where passwords are reused.
“I’ve certainly seen them ask for passwords,” said one Internet industry source who spoke on condition of anonymity. “We push back.”
A second person who has worked at a large Silicon Valley company confirmed that it received legal requests from the federal government for stored passwords. Companies “really heavily scrutinize” these requests, the person said. “There’s a lot of ‘over my dead body.'”
Some of the government orders demand not only a user’s password but also the encryption algorithm and the so-called salt, according to a person familiar with the requests. A salt is a random string of letters or numbers used to make it more difficult to reverse the encryption process and determine the original password. Other orders demand the secret question codes often associated with user accounts.
A Microsoft spokesperson would not say whether the company has received such requests from the government. But when asked whether Microsoft would divulge passwords, salts, or algorithms, the spokesperson replied: “No, we don’t, and we can’t see a circumstance in which we would provide it.”
Google also declined to disclose whether it had received requests for those types of data. But a spokesperson said the company has “never” turned over a user’s encrypted password, and that it has a legal team that frequently pushes back against requests that are fishing expeditions or are otherwise problematic. “We take the privacy and security of our users very seriously,” the spokesperson said.
Apple, Yahoo, Facebook, AOL, Verizon, AT&T, Time Warner Cable, and Comcast did not respond to queries about whether they have received requests for users’ passwords and how they would respond to them.
Richard Lovejoy, a director of the Opera Software subsidiary that operates FastMail, said he doesn’t recall receiving any such requests but that the company still has a relatively small number of users compared with its larger rivals. Because of that, he said, “we don’t get a high volume” of U.S. government demands.
The FBI declined to comment.
{ 3 comments… read them below or add one }
I am an older man. I lived under Nazis and I fled from them. I lived under communists and I fled from them to America to be free and live in a democracy. And look what they are doing now and they still call it “democracy”.
Well, instead of being astounded we all should look closer and see the real globalists, world criminals, fascists, using this puppet president to accomplish their crimes in America.
Both the US and Canada now have police state governments, that is no secret. In Canadsa the Internet Censorship laws are the toughest in the world, as government wants to keep tabs on those citizens who are openly ciritical of their corrupt activities, and that is no secret either. Type Brad Love into any search engine for an examle of what is happening to citizens in Canada. This construction worker demanded answers from politicians, and continued to demand answers until they got tired of his persistance, “so they jailed him for 18 months”. This is something that might take place in China, North Korea or Cuba, but now it is taking place in Canada. If you are a white Anglo Saxon white male with European ancenstory “you’d better keep your opinions about government to yourself”, or you might end up in jail cell like Brad Love did.
There’s another aspect to this ‘request’: if the US Govt can access a person’s password, it can then post comments of its own purporting to be those of the actual person, and then prosecute said person for supposed threats written online, or perhaps for supposedly accessing terrorist online sites or pornographic sites, etc. The possibilities for “setting up” innocent people, silencing them and imprisoning them are endless, and it will all be accomplished under the false flag of protecting us.
{ 1 trackback }