July 27, 2013

Feds tell Web firms to turn over user account passwords

Whether the National Security Agency or FBI has the legal authority to demand that an Internet company divulge a hashed password, salt, and algorithm remains murky.
"This is one of those unanswered legal questions: Is there any circumstance under which they could get password information?" said Jennifer Granick, director of civil liberties at Stanford University's Center for Internet and Society. "I don't know." Granick said she's not aware of any precedent for an Internet company "to provide passwords, encrypted or otherwise, or password algorithms to the government -- for the government to crack passwords and use them unsupervised." If the password will be used to log in to the account, she said, that's "prospective surveillance," which would require a wiretap order or Foreign Intelligence Surveillance Act order.  ***Read article at c/net***

No comments: