Feds demand web companies turn over users’ passwords, encryption algorithms

William Green Contributor
Font Size:

The federal government has ordered major internet and tech companies to turn over their users’ passwords, according to two unnamed industry sources who spoke to CNET on Thursday.

Armed with someone’s password, the government could log into their account on any number of services and access private communications and other information.

“I’ve certainly seen them ask for passwords,” said one internet industry source who spoke on condition of anonymity. “We push back.”

A second source and Silicon Valley veteran confirmed that his company had received legal orders from the government for passwords.

Companies “really heavily scrutinize” these requests, the source said. “There’s a lot of ‘over my dead body.'”

Beyond just passwords, the government has also sought the specific algorithms the companies use in their encryption processes.

Silicon Valley’s biggest players refused to confirm whether or not they’d received such orders in the past, but representatives from both Google and Microsoft asserted that their companies had not and would not turn over user account data.

It’s unknown whether the password orders were individually targeted or were mass database requests in the same vein as the mass call records order served to Verizon and leaked by Edward Snowden. It’s also unclear how long companies have been receiving these orders.

The question of whether the National Security Agency or other law enforcement agencies have the legal power to demand passwords remains unresolved.

“This is one of those unanswered legal questions: Is there any circumstance under which they could get password information?” said Jennifer Granick, director of civil liberties at Stanford University’s Center for internet and Society. “I don’t know.”

According to Granick, if the feds were planning on using a password to log into an online account, they would be required to obtain a targeted wiretap warrant or a Foreign Intelligence Surveillance Act order.

The Justice Department has argued in a number of court cases that they retain broad authority to demand passwords. A federal judge in February 2012 upheld a man’s Fifth Amendment right to withhold the password for his encrypted external hard drive . In January 2012, however, a judge ruled with the government, asserting that a defendant could legally be ordered to turn over the password for his laptop.

Federal investigators have used more brazen tactics in the past in their quest for passwords, including breaking into suspects’ offices and installing programs on their computers that track and log keystrokes.

Follow William on Twitter