US government "demands" tech companies hand over user passwords, according to report | Reviews, news, tips, and tricks

Since the leak of PRISM by Edward Snowden, there has been a continual stream of information and leaks regarding the activities of the US government. Yesterday we shared with you a story about how US agencies such as FBI and NSA want access to master encryption keys used for HTTPS connections by various websites and companies. Today we have another development to share, and it is just as nasty as all the previous news.

The U.S. government is actively increasing its surveillance of citizens by requesting — “demanding”, as CNET puts it — major tech companies and websites to hand over user account passwords. This means the U.S. government, and related agencies, could log into user accounts without user consent to gain access to confidential data or any other important user information… or even masquerade as the users in question.

Usually user passwords are stored in encrypted form that protects the passwords from being known even if password databases were to be hacked; in these situations, even companies don’t know what user passwords are but rather only have access to passwords’ encrypted forms… so a company couldn’t tell the government user passwords even if the company wanted to. To combat this problem, sources are claiming the government will request the associated encryption algorithm so that they can reverse engineer passwords from their encrypted form.

A source close to the situation has told CNET that they have personal experience in the realm of the government requesting the handover of user passwords. The person went on to state that companies scrutinize these requests from the government and many times refuse the requests, if legally possible, to protect user information from the government’s prying eyes.

Spokespersons from tech giants such as Google, Microsoft, and Yahoo came out with statements denying their respective companies have ever walked hand-in-hand with the government in regards to giving up giving up user passwords.

According to Yahoo spokeswoman:

“If we receive a request from law enforcement for a user’s password, we deny such requests on the grounds that they would allow overly broad access to our users’ private information. If we are required to provide information, we do so only in the strictest interpretation of what is required by law.”

Interestingly, all three spokespersons failed to disclose whether or not their respective companies had ever received request for user passwords from the government.

In my opinion, companies will attempt to come off as trustworthy, but if there’s one thing the recent Snowden leaks have proven, you should always use a healthy amount of skepticism before believing what companies and the government tells you.

[Thanks WildCat, via CNET, image via TopTenReviews]

RogueBase
I read a book in school years and years ago called Nineteen Eighty-Four by George Orwell. Looks like he wasn’t kidding according to the worldwide state of affairs everywhere now. I always wondered if that story would return and bite us all in the ass.
Tom
You are all terrorists. Prove me wrong. Hand over your passwords. #pwned
Daniel
Read the Patriot Act. The can do whatever the hell they want to do. They even have their own court that isn’t held accountable, not even by the Supreme Court (who would most likely agree with it anyway).
Seriously, read the Patriot Act, then get angry or afraid, but realize that complaining about it is a violation of the Patriot Act. As is this comment.
Darcy
My comment on the previous report sums up my opinion of this one quite well. http://dottech.org/118431/https-is-no-longer-safe-us-government-is-pressuring-companies-to-provide-access-to-secret-encryption-keys-according-to-report/comment-page-1/#comment-1008956
lyn
Why is it that the government does not understand the forth amendment? Where is the Supreme Court?… They can act on their own!
JonE
[@Mike] I concur.
And there are some reps from different states that do have your best interest at heart, however, they are out numbered by the special interest politicians.
I do agree with Dok Thomas about changing passwords frequently, but that can be a daunting task if you have hundreds of accounts. For me the solution was to get rid of those accounts that I never use, or hardly ever use. Still a pain though.
As for voicing your point of view . . . . . . . Politicians are like Insurance Salesmen; when they first start out they have the best interest of the client at heart, but, in general, after they have been with a company two years or more their interest shift 180º to special interest that being the special interest of the company they work for. The longer a politician stays in office the more mired he becomes in special interests versus the best interest of his constituents. Even the best politicians eventually, occasionally compromise their principles, for special interests.
Mike
[@DoktorThomas] “Complain like hell to everybody.” What are my gov’t reps doing to protect me? And why aren’t I being told what the gov’t is doing with respect to my privacy? How about a “how-to” kit from the gov’t, simply spelling things out for me?
DoktorThomas
See George Torwell from The Juice Media’s “Big Brother is Watching You” @ http://www.youtube.com/watch?feature=player_embedded&v=o66FUc61MvU , ” Head his montra.
Change your passwords weekly. Move to providers who are not under fed.gov control. Use FOIA to get specifics about how your data was been treated. Complain like hell to everybody.

US government “demands” tech companies hand over user passwords, according to report

News

Related Posts

Subscribe to dotTech to never miss an article again!

About Vamien McKalin