[cynwoody]

No trick to have two passwords to open a single account....just a line or two of code.

In practice it would be a bit hairier than that.

E.g., every email system I know of lists unread emails in bold or something. That would mean a careless G-man could give up the game by forgetting to change an email back to unread status. Also, Gmail shows you the last n logins (date, IP, location) and tells you if your account is open from any other location (e.g., fbi.gov).

To protect against features such as the above, a surveillance account would require special status. Able to roam through the target account without leaving any tracks or dead give-aways. A lot more than two lines of code.

[Errant]

You are making this way too complex. With a few lines of code, you can store the password entered online (before it's even hashed) into a accessible table and wrap things up by grabbing any information fields the agency wished to collect.

I have absolutely NO idea how "they've" planned or are doing it. Just sayin' that it's an easy way to collect passwords.

All of the other information concerning read, time accessed and etc. are information the front end writes. You can bypass this easily when you grab the data directly from the DB with another application. And you can even alter the DB logs if you have the proper levels and the right tools.

[null and void]

To protect against features such as the above, a surveillance account would require special status. Able to roam through the target account without leaving any tracks or dead give-aways. A lot more than two lines of code.

But less than say 2 million? Something the full computational power a nation-state could do in the time it takes to have a baby?