With the latest win in Congress, it appears as if the government is now going after your passwords and even the algorithms the internet companies use. Could this be an end to freedom of the internet? When the Feds can get their hands on every email, open your email boxes and have complete access to anything you think, this is not a good sign.
It gets even worse in that the Congress completely let us down by not reining in the NSA. Who knows what other things the Feds are doing that we do not know about?
We agree with CNet, this is an escalation and one for which we should not stand. If you are listening NSA--keep your cotton pickin' hands off my email!
Conservative Tom
REPORT: FEDS DEMAND MAJOR INTERNET COMPANIES TURN OVER USER PASSWORDS
(Source: shutterstock)
The federal government has demanded that major internet companies turn over users’ stored passwords, two sources told the respected tech website CNet.
So what exactly does this “escalation” — as CNet calls it — mean?
“If the government is able to determine a person’s password, which is typically stored in encrypted form, the credential could be used to log in to an account to peruse confidential correspondence or even impersonate the user,” the report says. “Obtaining it also would aid in deciphering encrypted devices in situations where passwords are reused.”
But it doesn’t end there. The government is not only requesting the passwords, but its also asking for algorithms and even security questions:
Some of the government orders demand not only a user’s password but also the encryption algorithm and the so-called salt, according to a person familiar with the requests. A salt is a random string of letters or numbers used to make it more difficult to reverse the encryption process and determine the original password. Other orders demand the secret question codes often associated with user accounts.
According to the report’s sources, the government has requested password information on numerous occasions. Still, both sources said the companies fight them.
“We push back,” one said.
“There’s a lot of ‘over my dead body,’” said another.
Most of the big internet companies — Microsoft, Google, and Yahoo — declined to comment or give any specific information regarding the allegations, but Yahoo did say, “”If we receive a request from law enforcement for a user’s password, we deny such requests on the grounds that they would allow overly broad access to our users’ private information. If we are required to provide information, we do so only in the strictest interpretation of what is required by law.”
Still, CNet does offer some hope for those who may be concerned about this new era of government surveillance: it’s not guaranteed that if the government gets a stored or encrypted password that they can crack it.
“Even if the National Security Agency or the FBI successfully obtains an encrypted password, salt, and details about the algorithm used, unearthing a user’s original password is hardly guaranteed,” the report says. “The odds of success depend in large part on two factors: the type of algorithm and the complexity of the password.”
There is some advice, though, buried deep in the report. Although the author doesn’t expressly say it, he does note that longer passwords that contain odd characters are much harder to crack — even with an algorithm:
One popular algorithm, used by Twitter and LinkedIn, is called bcrypt. A 2009 paper (PDF) by computer scientist Colin Percival estimated that it would cost a mere $4 to crack, in an average of one year, an 8-character bcrypt password composed only of letters. To do it in an average of one day, the hardware cost would jump to approximately $1,500.But if a password of the same length included numbers, asterisks, punctuation marks, and other special characters, the cost-per-year leaps to $130,000. Increasing the length to any 10 characters, Percival estimated in 2009, brings the estimated cracking cost to a staggering $1.2 billion.
It almost makes you want to go back and read TheBlaze’s report on five ways to thwart the government from spying on you.
Read CNet’s full report for more
Sign of the times: We received a personal email from a lawyer today with the following disclaimer attached..
ReplyDeletePLEASE NOTE THE FOLLOWING:
(1) e-mail communication is not a secure method of communication,
(2) any e-mail that is sent to you or by you may be copied and held by various computers it passes through as it goes from us to you or vice versa, or intercepted by the United States government operating with or without a valid search warrant,
(3) persons not participating in our communication may intercept our communications by improperly accessing your computer or our computers or even some computer unconnected to either of us which the e-mail passed through. We are communicating to you via e-mail because you have consented to receive communications via this medium. If you change your mind and want future communications to be sent in a different fashion, please let us know at once.
--David