Slashdot Mirror

← Back to Stories (view on slashdot.org)

Feds Allegedly Demanding User Passwords From Services

Posted by Unknown on from the trust-no-one dept.

An anonymous reader writes "Following the /. story on the Feds demanding SSL keys, now comes news that the feds are demanding user passwords, and in some cases, the encryption algorithm and salt used. From the article: 'A second person who has worked at a large Silicon Valley company confirmed that it received legal requests from the federal government for stored passwords. Companies "really heavily scrutinize" these requests, the person said. "There's a lot of 'over my dead body.'" ... Some of the government orders demand not only a user's password but also the encryption algorithm and the so-called salt, according to a person familiar with the requests. ... Other orders demand the secret question codes often associated with user accounts.' I'm next expecting to see the regulation or law demanding that all users use plain text for all web transactions, to catch terrorists and for the children."

13 of 339 comments (clear)

  1. Sigh. by Aerokii · · Score: 5, Insightful

    Coming up next, our newest feature: Things I wish surprised me, even a little.

    1. Re:Sigh. by Anonymous Coward · · Score: 5, Insightful

      It's not just 9/11, the fear of foreigners and the entire "it's us vs the world" attitude has become so ingrained into the American psyche that it'll take several generations to de-program them. Even now those Americans who are raising questions are only protesting against spying on American citizens, as if American citizens are more special than the rest of us humans.

      As long as the American people, and not just the government, continue their xenophobia they will just keep shooting themselves in the foot. None of us in the rest of the world want to have anything against USA, but the Americans keep doing everything they possible can to make the world hate their guts.

    2. Re:Sigh. by hairyfeet · · Score: 5, Insightful

      It won't matter friend as the PTB has learned they have another "mother may I" magic word that works even better than terrorist, and that is pedo. If you think the whole "peed on a bush and became a sex offender" bit is bad you should look at the CP laws and how vaguely they have been written. According to a friend that works in the state crime lab you could draw a stick figure and stick a label under it saying "nekkid 10 year old" and be looking at several years in prison and otherwise sane people will happily let the feds have ANY power they ask for just by invoking the "for the children" meme, hell we've seen otherwise rational people on this very site willing to ignore any and all violations of privacy if it was "to stop teh pedos".

      So I'm convinced we'll see more of our privacy wiped off the map and what is more the crowds will cheer when it happens because the feds will say the magic word. Hell we have at least 2 guys in prison right now for thoughtcrime by using the magic word, the guy who supposedly wrote the "pro pedo" book and a guy who was writing any disturbing thoughts he had in a diary by order of his therapist of all people, and in BOTH cases the ONLY thing they did was what I am doing right now and put their thoughts on a page, that's it, that's ALL they did.

      Now if that doesn't scare the hell out of you while illustrating just how powerful a word they have on their side? Well I don't know what will, I know it scares the hell out of me.

      --
      ACs don't waste your time replying, your posts are never seen by me.
  2. compelled speech and/or perjury? by DoofusOfDeath · · Score: 5, Insightful

    Can the government force me to make a public statement, attesting that it's true?

    Because it seems to me that the government using my private keys to sign a packet that I didn't create is substantially similar.

  3. Hmmm... by girlintraining · · Score: 5, Funny

    They can ask. All passwords are one-way hashed using a 16384 bit salt and run through 4,000 rounds of AES before being stored in the database. Over there in the corner is our custom-built core which does the password retrieval, comparison, and pass-fail out onto a RADIUS server. The network name is NSA_COCKBLOCK... feel free to have a copy of the algorithm and database.

    --
    #fuckbeta #iamslashdot #dicemustdie
  4. Re:Name and Shame by Saethan · · Score: 5, Insightful

    TFA says the companies resisted - the shame here belongs on the US Government

  5. Re:wow. we keep going more and more insane. by ebno-10db · · Score: 5, Insightful

    No doubt this is because terrorists/spies have changed tactics

    Or simply because the Feds can get away with it. KGB wannabees are like any other power hungry bastards - give them an inch and they'll take a mile. They want more because they want more. There may be some excuses they use to justify it, but the real reason is simply that they want more.

  6. how to make bureaucrats value privacy by bzipitidoo · · Score: 5, Insightful

    Names. Give us some names. I'd like to know who are these bureaucrats who ask for passwords? Then, I'd like to see them sweat over the possibility they might be censured, might lose their jobs.

    Let them experience how thrilling it is to have their dark glasses taken away, feel what it's like not to be faceless anymore. Then, maybe they'd appreciate privacy a little more.

    --
    Intellectual Property is a monopolistic, selfish, and defective concept. It is "tyranny over the mind of man"
  7. Re:Time to send out the papers... by hedwards · · Score: 5, Insightful

    Considering that the Tea Party hasn't been declared as such and that there has yet to be even one sedition trial for those numb nuts in congress that signed that fealty pledge to Grover Norquist, I think that it's rather unlikely that they'll charge you for sending people those documents.

  8. Re:Standing up to the Feds by dougmc · · Score: 5, Insightful

    What if you're an online start-up, with little legal know-how? Are you really going to resist demands from such a high level?

    If you have little legal know-how and are confronted with an important legal issue that could have serious ramifications if you screw it up, you consult with a lawyer.

    If you are smart, this is always the case, be you a startup, a large company or an individual.

    A small company probably won't have a lawyer on payroll, but certainly, they can still pick up the phone and call one. It'll cost some money, yes, but even small businesses need lawyers for lots of things, so the concept should not be foreign to them.

    Now, if you're saying that "legal know-how" means knowing when an issue is important and could have serious ramifications, well, that doesn't require much skill. If you receive a demand from the government of any sort and it's not something you're familiar with, a quick consultation with a lawyer would be prudent. Especially if it just plain sounds wrong.

    Now, your lawyer may very well advise you to just give them what they want, but still, asking him was the right thing to do.

    A bigger problem is the gag orders that tend to come with these orders, where you can't even tell somebody that you received them. You can generally still consult with a lawyer, but even so, they really do fly in the face of the rights we used to think we have.

  9. Re:Black Hat hears, and thinks... by Em+Adespoton · · Score: 5, Interesting

    I've always wondered... what stops people from issuing fake FISA orders? I mean, if anyone challenges them, you just say they don't have the clearance. FISA *IS* catch-22.

    You can't even go after someone issuing such an order with "impersonating a federal officer" -- as unless you're the President of the US, /how would you know/?

    I imagine a terror group could make a pretty quick job of any public works under the guise of FISA.

  10. Re:Time to send out the papers... by NeutronCowboy · · Score: 5, Informative

    While true, it leaves out the fun fact that this has been happening to many, many other organizations. See: http://www.npr.org/blogs/itsallpolitics/2013/06/25/195599362/Democrats-Want-Answers-On-Progressives-Targeted-By-IRS

    So no, the IRS wasn't targeting those groups because they don't agree with the administration. It targeted those groups because claiming 501c(4) status while advertising politically charged terms is a red flag. Finally, the link you're including has nothing to do with the IRS, with participating in public discourse or even with political discrimination. These speeches are PR events. As such, they are fairly tightly controlled. And quite frankly, I'm rolling my eyes at the comment that "we just wanted to watch the speech". I'd like to hear this story from some non-GOP-propaganda outlet before I even look further into it.

    --
    Those who can, do. Those who can't, sue.
  11. Re:the war is over by s.petry · · Score: 5, Insightful

    You can not blame it on stupid, when people are intentionally kept ignorant. For a minimum of 10 years, you are subjected to a program that creates servitude and removes people's ability to think. When people start to wake up, it's a rather alarming process. Not just because of the cognitive dissonance, but because there are numerous sources of fiction to frighten them back into a stupor.

    If you pick 5 people and start trying to teach them to think, you will be lucky to have made progress within 6 months. That however should be the goal of anyone that can see clearly. As people learn to think and can see for themselves it is imperative for you to ask them to do the same thing (go get 5 students).

    An enlightened society is something the people in power fear. They hated Socrates because he advocated an intellectual society, and countless others that came after him calling for the same thing. If you want to rankle the hairs of the established, start teaching people to think. Ad hominem and mockery are what they expect and adore.

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.