The report quoted two sources working in the high-tech industry, neither of whom wished to be identified. “I’ve certainly seen them ask for passwords,’ said one Internet industry source who spoke on condition of anonymity. “We push back.”
A second person, identified as someone who worked at a large Silicon Valley company, confirmed that it received legal requests from the federal government for stored passwords. Companies “really heavily scrutinize” these requests, the person said. “There's a lot of ‘over my dead body.’”
The report revealed, again citing “a person familiar with the requests,” that some of the federal government “orders” (not requests) have demanded more than a user’s password but also the encryption algorithm and the so-called “salt.” (An article in Wikipedia defines this term: “In cryptography, a salt is random data that are used as an additional input to a one-way function that hashes a password or passphrase.... The original intent of salting was primarily to defeat pre-computed rainbow table attacks that could otherwise be used to greatly improve the efficiency of cracking the hashed password database.”) In other words, the federal government wants not only the key to the lock, but also the means to disarm the security protecting the lock, as well. Other government orders have demanded the secret question codes (e.g., “Who was your favorite teacher?”) often associated with user accounts.
The report also cited an exchange with a spokesperson from Microsoft Corporation, who declined to divulge whether the company had received password requests or demands from the federal government. However, when the CNET writer asked whether Microsoft would divulge passwords, salts, or algorithms, the spokesperson replied: “No, we don’t, and we can’t see a circumstance in which we would provide it."
A spokesperson for Google also told CNET that the company had “never” provided the government with such information, stating: “We take the privacy and security of our users very seriously.”
Click here to read the entire article.