Cartoon photo of Eric Holder
CNET reports that web firms are getting covert demands from the US government for users’ stored passwords. The only reason to ask for this is to look at individual’s accounts or impersonate the user. It would also help the government decipher encrypted code.
This information comes from two industry sources. “I’ve certainly seen them ask for passwords,” said one Internet industry source who spoke on condition of anonymity. “We push back.” A second person out of Silicon Valley confirmed, saying companies “really heavily scrutinize” these requests, the person said. “There’s a lot of ‘over my dead body.'”
The government is also demanding the the encryption algorithm and the salt – random letters or numbers used to make it difficult to reverse the encryption process. Some orders demand the secret question codes.
Microsoft says they do not see any circumstance under which they would provide that information. Google said it has never turned over a user’s encrypted password. Both refused to disclose whether they received requests for this type of data. Yahoo said they would only provide the information according to the strictest interpretation of the law.
Other Internet companies – Apple, Facebook, AOL, Verizon, At&T, Time Warner Cable, Comcast – did not respond.
The FBI did not comment.
It is not known when this started.
The Patriot Act has been used to obtain entire databases of phone call logs and some say its use is even broader. Sen. Ron Wyden of Oregon said “The authority of the government is essentially limitless” under the law.
Full story at CNET