The mass surveillance of ordinary citizens by the NSA has extended further beyond originally thought as secret documents revealed that the government has asked web firms to hand over details of user passwords, in addition to information.

This information could then be used to log into an account to view confidential correspondence or even impersonate the user. Obtaining it also would aid in deciphering encrypted devices in situations where passwords are reused. Industry sources also claim that despite heavy resistance to such requests, the government persists.

One source was quoted as saying: “I’ve certainly seen them ask for passwords. We push back.”

A second person who has worked at a large Silicon Valley company confirmed that it received legal requests from the federal government for stored passwords.

Tech giants, Google, Yahoo and Microsoft have not officially confirmed whether they receive such requests but they claim that they have legal teams which frequently deny requests that are fishing expeditions or are otherwise problematic.

Apple, Facebook, AOL, Verizon, AT&T, Time Warner Cable, and Comcast did not respond to queries about whether they have received requests for users’ passwords and how they would respond to them.

As of yet, it is unclear when such requests began, although it is thought that the Patriot Act has been the source of many such requests.

Sen. Ron Wyden, an Oregon Democrat who serves on the Senate Intelligence committee, said at a Washington event this week: “The authority of the government is essentially limitless.”

Although passwords are encrypted, modern computer software can crack the algorithm codes of the encryption fairly easily. A 14 character Windows XP password for example, can be cracked in six minutes.

If a password of the same length included numbers, asterisks, punctuation marks, and other special characters however, this would make it much more costly and time-consuming for the National Security Agency (NSA) and other attackers to infiltrate.

But another way in which the NSA have tried to extract passwords is to extract them from the server or network when the user logs in – which has been done before – or by installing a keylogger.

Jennifer Granick, director of civil liberties at Stanford University’s Center for Internet and Society said that such requests are illegal and she was unable to come up with a situation in which unauthorised and unlimited access to passwords could ever be justified.

She added that she was unsure of any situation in which asking web firms to “to provide passwords, encrypted or otherwise, or password algorithms to the government for the government to use them unsupervised, would be acceptable.

Impersonating someone by using their passwords is currently only available with a court order – although the NSA has often tried to circumvent this.

It should be noted that if technology giants like Microsoft and Facebook are given court orders which ban them from disclosing if your personal information has been sought, they are legally obligated to lie to you and are immune from any lawsuits that may ensue as a result.

In many cases, the courts which approve any requests for information are also secret.

Akashic Times is the UK’s only online, fully independent not-for-profit weekly newspaper that brings you real news from across the globe.

If you want to keep ahead of what is really going on in the world, subscribe to our newspaper via the subscribe button and join our Facebook & Twitter pages. Subscription is completely free ofcourse.

Leave a Reply

Your email address will not be published. Required fields are marked *


(Spamcheck Enabled)