Federal Government Demands Internet Passwords

By:  Warren Mass
07/29/2013
       
Federal Government Demands Internet Passwords

A story broken by CNET on July 25 stated that the U.S. government has “demanded” that major Internet companies provide federal agencies with their customers’ passwords. The report identified the information as coming from two unidentified technology industry sources “familiar with these orders.”

The report quoted two sources working in the high-tech industry, neither of whom wished to be identified. “I’ve certainly seen them ask for passwords,’ said one Internet industry source who spoke on condition of anonymity. “We push back.” 

A second person, identified as someone who worked at a large Silicon Valley company, confirmed that it received legal requests from the federal government for stored passwords. Companies “really heavily scrutinize” these requests, the person said. “There's a lot of ‘over my dead body.’”

The report revealed, again citing “a person familiar with the requests,” that some of the federal government “orders” (not requests) have demanded more than a user’s password but also the encryption algorithm and the so-called “salt.” (An article in Wikipedia defines this term: “In cryptography, a salt is random data that are used as an additional input to a one-way function that hashes a password or passphrase.... The original intent of salting was primarily to defeat pre-computed rainbow table attacks that could otherwise be used to greatly improve the efficiency of cracking the hashed password database.”) In other words, the federal government wants not only the key to the lock, but also the means to disarm the security protecting the lock, as well.  Other government orders have demanded the secret question codes (e.g., “Who was your favorite teacher?”) often associated with user accounts.

The report also cited an exchange with a spokesperson from Microsoft Corporation, who declined to divulge whether the company had received password requests or demands from the federal government. However, when  the CNET writer asked whether Microsoft would divulge passwords, salts, or algorithms, the spokesperson replied: “No, we don’t, and we can’t see a circumstance in which we would provide it."

A spokesperson for Google also told CNET that the company had “never” provided the government with such information, stating: “We take the privacy and security of our users very seriously.”

Click here to read the entire article.

The JBS Weekly Member Update offers activism tips, new educational tools, upcoming events, and JBS perspective. Every Monday this e-newsletter will keep you informed on current action projects and offer insight into news events you won't hear from the mainstream media.
JBS Facebook JBS Twitter JBS YouTube JBS RSS Feed