The internet is a dark place for privacy advocates these days, and the U.S. federal government continues to pick apart any semblance of privacy users may have been holding onto with the revelation that the feds are demanding that major internet companies turn over users’ passwords.
According to two industry sources familiar with the orders, the government has been making direct requests for user passwords, reports CNET, and some of the orders request both a user’s password, the algorithm used to encrypt it, and the password salt.
Both sources spoke anonymously, but reportedly worked for large Silicon Valley companies. Broadly speaking, companies “really heavily scrutinize” and push back against these requests, according to one source. “There's a lot of 'over my dead body.”
Some orders have gone as far as to request the secret questions and answers associated with a user’s account.
Microsoft, Google, and Yahoo each responded to CNET’s queries, but would not confirm that they have received any such federal government password requests. When asked if they would divulge passwords, salts, or algorithms, each company said they would never turn over such information.
"No, we don't, and we can't see a circumstance in which we would provide it," said a Microsoft spokesperson.
A Yahoo spokesperson elaborated, saying "If we receive a request from law enforcement for a user's password, we deny such requests on the grounds that they would allow overly broad access to our users' private information. If we are required to provide information, we do so only in the strictest interpretation of what is required by law."
A person familiar with the issue told CNET that larger internet companies are typically able to resist such requests on the grounds that the government doesn’t “have the right to operate the account as a person,” but said they don’t know if smaller companies are able to resist such requests.