Forgot your password?
typodupeerror
Privacy United States Your Rights Online

Feds Allegedly Demanding User Passwords From Services 339

Posted by Unknown Lamer
from the trust-no-one dept.
An anonymous reader writes "Following the /. story on the Feds demanding SSL keys, now comes news that the feds are demanding user passwords, and in some cases, the encryption algorithm and salt used. From the article: 'A second person who has worked at a large Silicon Valley company confirmed that it received legal requests from the federal government for stored passwords. Companies "really heavily scrutinize" these requests, the person said. "There's a lot of 'over my dead body.'" ... Some of the government orders demand not only a user's password but also the encryption algorithm and the so-called salt, according to a person familiar with the requests. ... Other orders demand the secret question codes often associated with user accounts.' I'm next expecting to see the regulation or law demanding that all users use plain text for all web transactions, to catch terrorists and for the children."
This discussion has been archived. No new comments can be posted.

Feds Allegedly Demanding User Passwords From Services

Comments Filter:
  • by 3seas (184403) on Friday July 26, 2013 @12:08PM (#44391693) Journal

    ... of which The Declaration of Independence, The US constitution and Bill or Rights are.

    Most notably is The Declaration fo Independence that makes it clear it is not only our right but duty to put off bad government.

    And that is all the response any Founder supporting company need supply any spying government agency.

    Its time to show who is a real US Citizen.

  • Re:Sigh. (Score:5, Interesting)

    by NeutronCowboy (896098) on Friday July 26, 2013 @12:14PM (#44391737)

    As sad as it is, I have to agree. This doesn't surprise me one bit. I mean, investigating is hard! Can't have criminals hide behind things like strong encryption! Ergo, no one can use encryption.

    That said, I'm hoping we're slowly getting to a tipping point on the entire privacy vs security discussion. 9/11 has happened long ago enough that the knee-jerk reactions are dying down, and people are starting to question what we're doing in order to make sure 3000 people don't die over the course of a few years.

  • by gnasher719 (869701) on Friday July 26, 2013 @12:27PM (#44391891)
    1. A company shouldn't have my password stored anywhere in a form that they can decrypt it.
    2. A company shouldn't have the answers to my security questions stored anywhere in a form that they can decrypt it.

    That makes it very easy then: "We would gladly comply with your request, but sorry, we can't".
  • I've always wondered... what stops people from issuing fake FISA orders? I mean, if anyone challenges them, you just say they don't have the clearance. FISA *IS* catch-22.

    You can't even go after someone issuing such an order with "impersonating a federal officer" -- as unless you're the President of the US, /how would you know/?

    I imagine a terror group could make a pretty quick job of any public works under the guise of FISA.

  • by Marrow (195242) on Friday July 26, 2013 @01:02PM (#44392269)

    About these penetrations. You would think there would be daily broadcasts from anonymous or somebody indicating which systems have been hacked by the government. Its like people arent talking about it much at all.

  • Re:Name and Shame (Score:4, Interesting)

    by Rob the Bold (788862) on Friday July 26, 2013 @01:25PM (#44392495)

    TFA says the companies resisted - the shame here belongs on the US Government

    More interesting would be to know the names of the companies who didn't resist and thus didn't make any noise at all . . .

  • Change your site to use a JS-based multiple-hash-challenge algorithm so that the password itself is never sent over the network at all.

    See what Google does next, it seems that over the last few years they've been trying to make things harder for the NSA. In 2011 they added forward-secret SSL support.

  • by Anonymous Coward on Friday July 26, 2013 @02:05PM (#44392963)

    I think the point is that groups that thought the Gov were full of crap got targeted, and the media painted as lib versus con, when it is more like pro gov vs against gov. Plenty of lib groups think obama has lost the plot and all the tea party groups say he never had that plot to begin with.

    Alas, the lib groups got the stoners and the Con groups got the racists, and those two groups ruined everything.

  • Re:Sigh. (Score:4, Interesting)

    by eth1 (94901) on Friday July 26, 2013 @02:06PM (#44392973)

    It won't matter friend as the PTB has learned they have another "mother may I" magic word that works even better than terrorist, and that is pedo. If you think the whole "peed on a bush and became a sex offender" bit is bad you should look at the CP laws and how vaguely they have been written. According to a friend that works in the state crime lab you could draw a stick figure and stick a label under it saying "nekkid 10 year old" and be looking at several years in prison and otherwise sane people will happily let the feds have ANY power they ask for just by invoking the "for the children" meme, hell we've seen otherwise rational people on this very site willing to ignore any and all violations of privacy if it was "to stop teh pedos".

    Exactly... My tinfoil hat says that this would be really useful for dealing with people like Snowden. Can't find a woman that will claim he raped her? No problem, just use his credentials to post child porn somewhere. Congrats! You now have a blank check to do anything you want, and remove all public support for them in the process.

  • Re:Sigh. (Score:2, Interesting)

    by Burz (138833) on Friday July 26, 2013 @03:52PM (#44394141) Journal

    1,960 architects and engineers disagree with you [architects-engineers.org] and consider the official story to be questionable. Modern steel skyscrapers don't fall because of small fires, even if they burn for hours. The idea that an unplanned mishap would result in such a buiding's freefall--with no internal resistance--is an absurdity.

  • Re:Sigh. (Score:2, Interesting)

    by Burz (138833) on Friday July 26, 2013 @04:17PM (#44394377) Journal

    1,960 architects and engineers disagree with you [architects-engineers.org] and consider the official story to be questionable. Modern steel skyscrapers don't fall because of small fires, even if they burn for hours. The idea that an unplanned mishap would result in such a buiding's freefall--with no internal resistance--is an absurdity.

    Hello ModTroll...

For God's sake, stop researching for a while and begin to think!

Working...