|
|
| Register | Forums | Blogs | Today's Posts | Search | Donate |
 |
 |
 |
|
#1
07-25-2013, 08:06 PM
|
|||||
|
|||||
Feds tell Web firms to turn over user account passwords
Declan McCullagh July 25, 2013 11:26 AM PDT
The U.S. government has demanded that major Internet companies divulge users' stored passwords, according to two industry sources familiar with these orders, which represent an escalation in surveillance techniques that has not previously been disclosed. If the government is able to determine a person's password, which is typically stored in encrypted form, the credential could be used to log in to an account to peruse confidential correspondence or even impersonate the user. Obtaining it also would aid in deciphering encrypted devices in situations where passwords are reused. "I've certainly seen them ask for passwords," said one Internet industry source who spoke on condition of anonymity. "We push back." A second person who has worked at a large Silicon Valley company confirmed that it received legal requests from the federal government for stored passwords. Companies "really heavily scrutinize" these requests, the person said. "There's a lot of 'over my dead body.'" Some of the government orders demand not only a user's password but also the encryption algorithm and the so-called salt, according to a person familiar with the requests. A salt is a random string of letters or numbers used to make it more difficult to reverse the encryption process and determine the original password. Other orders demand the secret question codes often associated with user accounts. A Microsoft spokesperson would not say whether the company has received such requests from the government. But when asked whether Microsoft would divulge passwords, salts, or algorithms, the spokesperson replied: "No, we don't, and we can't see a circumstance in which we would provide it." Google also declined to disclose whether it had received requests for those types of data. But a spokesperson said the company has "never" turned over a user's encrypted password, and that it has a legal team that frequently pushes back against requests that are fishing expeditions or are otherwise problematic. "We take the privacy and security of our users very seriously," the spokesperson said. Top secret NSA documents leaked by former government contractor  Snowden suggest an additional reason to ask for master encryption keys: they can aid bulk surveillance conducted through the spy agency's fiber taps.One of the leaked PRISM slides recommends that NSA analysts collect communications "upstream" of data centers operated by Apple, Microsoft, Google, Yahoo, and other Internet companies. That procedure relies on a FISA order requiring backbone providers to aid in "collection of communications on fiber cables and infrastructure as data flows past." Link to articles: http://news.cnet.com/8301-13578_3-57...unt-passwords/ http://news.cnet.com/8301-13578_3-57...cryption-keys/
__________________
Ron #CBOB0604 Proud Member: "Team Ranstad" Last edited by Roverron; 07-25-2013 at 08:16 PM. 
|
|
#2
07-25-2013, 09:02 PM
|
|||||
|
|||||
|
BOHICA
Some will understand and some will understand too late.
__________________
________________________ CBOB696 Lifetime NRA Member The biggest pain in the a** you'll probably ever have to deal with watches you from the mirror every morning. Good judgment comes from experience, and most of that comes from bad judgment. If you find yourself in a hole, the first thing to do is stop digging.
|
Linear Mode
