Nowhere to hide: Feds reportedly demand passwords from internet companies

By on July 26, 2013, 1:30 PM
government, privacy, feds, surveillance, encryption, passwords, federal agencies

The internet is a dark place for privacy advocates these days, and the U.S. federal government continues to pick apart any semblance of privacy users may have been holding onto with the revelation that the feds are demanding that major internet companies turn over users’ passwords.

According to two industry sources familiar with the orders, the government has been making direct requests for user passwords, reports CNET, and some of the orders request both a user’s password, the algorithm used to encrypt it, and the password salt.

Both sources spoke anonymously, but reportedly worked for large Silicon Valley companies. Broadly speaking, companies “really heavily scrutinize” and push back against these requests, according to one source. “There's a lot of 'over my dead body.”

Some orders have gone as far as to request the secret questions and answers associated with a user’s account.

Microsoft, Google, and Yahoo each responded to CNET’s queries, but would not confirm that they have received any such federal government password requests. When asked if they would divulge passwords, salts, or algorithms, each company said they would never turn over such information.

"No, we don't, and we can't see a circumstance in which we would provide it," said a Microsoft spokesperson.

A Yahoo spokesperson elaborated, saying "If we receive a request from law enforcement for a user's password, we deny such requests on the grounds that they would allow overly broad access to our users' private information. If we are required to provide information, we do so only in the strictest interpretation of what is required by law."

A person familiar with the issue told CNET that larger internet companies are typically able to resist such requests on the grounds that the government doesn’t “have the right to operate the account as a person,” but said they don’t know if smaller companies are able to resist such requests.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.