Following on the report that the feds have been trying to get master encryption keys
, Declan McCullagh now has a story about the feds also demanding user passwords
from those same companies. Once again, various sources insist that the companies do not hand over such info:
"I've certainly seen them ask for passwords," said one Internet industry source who spoke on condition of anonymity. "We push back."
A second person who has worked at a large Silicon Valley company confirmed that it received legal requests from the federal government for stored passwords. Companies "really heavily scrutinize" these requests, the person said. "There's a lot of 'over my dead body.'"
Similarly, Microsoft and Google both directly said that they would never do that, while other companies hadn't responded (or chose not to respond) by the time Declan went to press. Of course, as he notes, since most
tech companies now encrypt passwords, even if the companies were to hand over the hashed passwords, it's not guaranteed that the NSA can take that and decipher the actual password, though, it makes it easier. Still, just the fact that the companies are being asked for passwords seems like, once again, the feds going way beyond what they should be able to do.