Skip to comments.Feds tell Web firms to turn over user account passwords
Posted on 07/25/2013 3:49:38 PM PDT by Errant
The U.S. government has demanded that major Internet companies divulge users' stored passwords, according to two industry sources familiar with these orders, which represent an escalation in surveillance techniques that has not previously been disclosed.
If the government is able to determine a person's password, which is typically stored in encrypted form, the credential could be used to log in to an account to peruse confidential correspondence or even impersonate the user. Obtaining it also would aid in deciphering encrypted devices in situations where passwords are reused.
"I've certainly seen them ask for passwords," said one Internet industry source who spoke on condition of anonymity. "We push back."
(Excerpt) Read more at news.cnet.com ...
I will say it: folk off
Oh hell NO!!!!!!!!!!!!!!!!!!!!!!
So they can pull child porn down into anybody’s account and then prosecute them. Proving the government did it, would be next to impossible.
Of course, if they wanted to do that, it would probably be hard to stop them password or not.
Any company I do business with turns my pass word over to the FEDS will lose my business.........FOREVER!
Go to biometrics on the local host. Nothing stored on the remote server.
So they decrypt it first?
Passwords are not stored in a modern system. A one way cryptographic hash is stored instead. In reality, passwords are not checked directly. They are run through a complex hashing program that CAN NOT BE REVERSED and the output of the hash is stored.
To verify a password, the submitted password is put through the same hash and the output is compared to the stored hash. If they match then the proper password has been submitted.
ya , people going to be setup big time
The passwords are not encrypted, they are hashed. The difference being that an encrypted password can be “reversed” using a key. A hash CAN NOT BE reversed.
This proves the Feds are even stupider than I thought. Any good system does not store passwords, it stores a hash of the password. You can give the hashed value to anyone and it does not give them access. When you enter your password, that value is encrypted and then compared to the hash value.
Hmmmm, with your password, a government agent could use your account to establish a search history of any sort they may so desire.
In court they could make you look like any sort of monster that fits a narrative.
This is all creating a HUGE opportunity for some smart geek to start a Spy Free version of Facebook, Gmail..etc
The old established outfits are forever tainted in the public’s mind now.
To keep feds at bay locate offshore and store no data that is unencrypted and make certain only the user has the keys.
If any company is storing passwords in the open or even in encrypted form, they are going to get sued for doing this. We store customer passwords as one-way hashes exactly so these types of requests can never be complied with.
If the evil thug in our White House and his supporters want to do this lawfully, they need individual warrants, based “upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized”.
Instead, the general strategy for these data and just about everything else has been to collect everything on everyone and sort through our lives at leisure. The far left very obviously don’t care about freedom, the law, or the Constitution, so it comes down to just how brutal their forces are willing to get and just how firm decent people are willing to be in resisting tyranny.
There are ways around it. If you have access to the database, you don’t need the frontend.
Considering the feral government’s attitude toward our privacy, I wonder why it’s so concerned about its privacy. Is it trying to hide things?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.