via @Declan McCullagh “Feds tell Web firms to turn over user account passwords”

Posted on July 25, 2013


Do we really have end point safety, privacy and protection rights? in the digital information age as users of  Internet, technology networks and devices….. question I have been asking tech leaders as we use various web tools for our communication purposes,  as we access the Internet to connect over various  social networking sites. So as end users  do we have a say  when it comes to our own digital end point safety, protection or privacy right?

A question we should all be asking – will technology companies protect us?  Corporate Social Responsibility (CSR)  plays a big role here …..would you not agree? in the case of users to be given safety, protection RIGHTS when it comes to their information and data, in this case   I am talking of  activists who must have fundamental human rights when using technology for their own protection, safety and privacy  rights, in addition they must have end point rights and when it comes to their freedom to express  over the Internet and as they access social networking sites or using communication devices  in  many parts of the countries they live in.

In a  resolution report  last year, United Nations affirmed that human rights must also be protected on the Internet  and all people  should be allowed to express themselves freely and openly online, without fear of being disconnected.  All 47 members of the The United Nations’ Human Rights council signed a resolution to this effect  and unanimously backed the notion that freedom of expression online is a basic human right. “The same rights that people have offline must also be protected online, in particular freedom of expression, which is applicable regardless of frontiers and through any media of one’s choice,” issued by the U.N.  The same report also called upon leaders to “promote and facilitate access to the Internet” and recognizes “the global and open nature of the Internet as a driving force in accelerating progress towards development in its various forms.”
“It’s the first UN resolution that confirms that human rights in the internet realm must be protected with the same commitment as in the real world,” said US ambassador Eileen Chamberlain Donohoe  and Tunisian ambassador Moncef Baati agreed, citing the role that social networking websites played in ousting ex-president Zine El Abidine Ben Ali in 2011.
Likewise, social media has played a crucial role in movements like the Arab Spring, which some reports allude inspired the formation of this week’s U.N. resolution. Both China and Cuba, countries known for trying to limit Internet access to their citizens, expressed concern before joining the consensus

The Human Rights Council is a United Nations  body that monitors human rights progress and violations across all member countries. It has previously called the right to freedom and expression “one of the essential foundations of a democratic society” and has recognized the Internet’s importance in the “promotion and protection of the right to freedom of opinion and expression.” A separate United Nations report called Internet access a human right in June of last year UN Human Rights Council: First Resolution on Internet Free Speech

In the case of Edward Snowden – I am assuming the digital game may change when it comes to the rights and protection of innocent humanity and especially activists who may not have the same rights or protection as they utilize digital social media platforms and devices?

Recent news of the NSA collecting metadata of phone calls from communication companies, along with federal law enforcement seeming to continue to press for expansion of its ability to collect personal information online without warrants, has many concerned how safe their own digital  privacy is.

Although a Pew Research Center poll found 56 percent of Americans back the NSA’s spying on call records, many have still expressed outrage over what they feel is a breach of their expected privacy and have labeled the whistleblower of the classified government program a hero. Those concerned about their communication  & web privacy — may then be wondering: Is there anything to be done? Is full privacy even possible? in the 21st century as we are using 20th century technologies.

privacy & protection rights @mymulticast

privacy & protection rights @mymulticast

“Feds tell Web firms to turn over user account passwords”

Declan McCullagh
CNet News
July 25, 2013

The U.S. government has demanded that major Internet companies divulge users’ stored passwords, according to two industry sources familiar with these orders, which represent an escalation in surveillance techniques that has not previously been disclosed.

If the government is able to determine a person’s password, which is typically stored in encrypted form, the credential could be used to log in to an account to peruse confidential correspondence or even impersonate the user. Obtaining it also would aid in deciphering encrypted devices in situations where passwords are reused.

“I’ve certainly seen them ask for passwords,” said one Internet industry source who spoke on condition of anonymity. “We push back.”

A second person who has worked at a large Silicon Valley company confirmed that it received legal requests from the federal government for stored passwords. Companies “really heavily scrutinize” these requests, the person said. “There’s a lot of ‘over my dead body.’”

“If the government is able to determine a person’s password, which is typically stored in encrypted form, the credential could be used to log in to an account to peruse confidential correspondence or even impersonate the user,” the report says. “Obtaining it also would aid in deciphering encrypted devices in situations where passwords are reused.”

But it doesn’t end there. The government is not only requesting the passwords, but its also asking for algorithms and even security questions:

Some of the government orders demand not only a user’s password but also the encryption algorithm and the so-called salt, according to a person familiar with the requests. A salt is a random string of letters or numbers used to make it more difficult to reverse the encryption process and determine the original password. Other orders demand the secret question codes often associated with user accounts

Most of the big internet companies — Microsoft, Google, and Yahoo — declined to comment or give any specific information regarding the allegations, but Yahoo did say, “”If we receive a request from law enforcement for a user’s password, we deny such requests on the grounds that they would allow overly broad access to our users’ private information. If we are required to provide information, we do so only in the strictest interpretation of what is required by law.”

Still, CNet does offer some hope for those who may be concerned about this new era of government surveillance: it’s not guaranteed that if the government gets a stored or encrypted password that they can crack it.

“Even if the National Security Agency or the FBI successfully obtains an encrypted password, salt, and details about the algorithm used, unearthing a user’s original password is hardly guaranteed,” the report says. “The odds of success depend in large part on two factors: the type of algorithm and the complexity of the password.”

Full story here.

Google spied on British emails and computer passwords

David Barrett
London Telegraph
Oct 24, 2010

Computer passwords and entire emails from households across Britain have been copied by Google, the internet search giant, in a major privacy breach.

The company has admitted it downloaded personal data from wireless networks when its fleet of vehicles drove down residential roads taking photographs for its controversial Street View project.

Millions of internet users have potentially been affected.

One privacy campaigner described the intrusion as “absolutely scandalous” and called on Google to launch a full inquiry into the affair.

Full article here