The U.S. government has requested access to encrypted and stored passwords from major Internet companies such as Microsoft Corporation (NASDAQ:MSFT) and Google Inc. (NASDAQ:GOOG), CNET reports, citing two unnamed industry sources.
Several Internet and telecommunications companies, including Facebook Inc. (NASDAQ:FB), AOL Inc. (NYSE:AOL) and Verizon Communications Inc. (NYSE:VZ), didn’t respond to CNET’s request for comments.
Google, Microsoft and Yahoo! Inc. (NASDAQ:YHOO) declined to confirm whether they’d received such requests from the U.S. government. But Microsoft, Google and Yahoo spokespeople said they almost never release passwords.
Such requests can be legally tricky, especially if they come from law enforcement agents, who may produce court warrants attempting to justify their request.
“If we are required to provide information, we do so only in the strictest interpretation of what is required by law,” a Yahoo spokeswoman said to CNET.
Continue Reading Below
The FBI declined to comment.
Even if it receives encrypted password information, however, the government would still need to decode the passwords, which can be a tricky and costly technique.
But if they eventually obtain the decrypted password, government agents could browse correspondence or even impersonate users.
Key details about the alleged requests remain unclear, including when such requests started and whether the government seeks massive data caches of such information, or targets only specific users.
The legal context for such requests is also unclear.
“This is one of those unanswered legal questions: Is there any circumstance under which they could get password information?” said Jennifer Granick, director of civil liberties for Stanford University’s Center for Internet and Society, to CNET. “I don’t know.”
Still, Granick doesn’t know of any precedent under which an Internet company must provide such passwords.
Wiretap orders could be involved, and companies could be liable for releasing such passwords under the Stored Communications Act and the Computer Fraud and Abuse Act.