Feds Allegedly Demanding User Passwords From Services

Posted by Unknown on Friday July 26, 2013 @04:03AM from the trust-no-one dept.

An anonymous reader writes "Following the /. story on the Feds demanding SSL keys, now comes news that the feds are demanding user passwords, and in some cases, the encryption algorithm and salt used. From the article: 'A second person who has worked at a large Silicon Valley company confirmed that it received legal requests from the federal government for stored passwords. Companies "really heavily scrutinize" these requests, the person said. "There's a lot of 'over my dead body.'" ... Some of the government orders demand not only a user's password but also the encryption algorithm and the so-called salt, according to a person familiar with the requests. ... Other orders demand the secret question codes often associated with user accounts.' I'm next expecting to see the regulation or law demanding that all users use plain text for all web transactions, to catch terrorists and for the children."

1 of 339 comments (clear)

Min score:

Reason:

Sort:

Re:Black Hat hears, and thinks... by Em+Adespoton · 2013-07-26 04:48 · Score: 5, Interesting

I've always wondered... what stops people from issuing fake FISA orders? I mean, if anyone challenges them, you just say they don't have the clearance. FISA *IS* catch-22.
You can't even go after someone issuing such an order with "impersonating a federal officer" -- as unless you're the President of the US, /how would you know/?
I imagine a terror group could make a pretty quick job of any public works under the guise of FISA.