Report: Federal Agencies Demand User Passwords from Web Firms

They've also asked for encryption algorithms and salts.


You Can't Detect What You Can't See: Illuminating the Entire Kill Chain

A CNET report based on anonymous sources says the U.S. government has requested that Internet companies hand over user passwords, as well as the encryption algorithm and salt, which companies use to protect passwords. The article says that firms are very reluctant to comply with these demands.

CNET's Declan McCullagh broke the story, writing, "The U.S. government has demanded that major Internet companies divulge users' stored passwords, according to two industry sources familiar with these orders, which represent an escalation in surveillance techniques that has not previously been disclosed.... 'I've certainly seen them ask for passwords,' said one Internet industry source who spoke on condition of anonymity. 'We push back.'"

The Examiner's Joe Newby noted, "Eric Holder's Justice Department has argued it has the authority to obtain user passwords."

Business Insider's Jim Edwards observed that the report, "represents an even worse scenario than the one posited by NSA leaker Edward Snowden, who claimed the feds have a program named PRISM that gives them access to the servers of Google, Facebook, Microsoft and other major web providers. The companies have denied that such a program exists, saying they only respond to specific legal requests about individuals."

SlashGear's Craig Lloyd commented, "Obviously, if the government wants your password, then you’re probably on their target list for terrorism or some other crazy crime, but that doesn’t mean that officials aren’t human, and they can easily abuse the system at their will."

Tags: Web, Internet, password, federal government, U.S.

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.



IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.