Password, Please

Online surveillance


In the wake of citizen outrage over the extent of the federal government's surveillance of online and phone data, the response from security state supporters has been consistent: The federal government's surveillance is broad but not deep. It is not listening to Americans' phone calls or reading their emails.

It appears, though, that the government is doing its best to make such depth possible. In July, Declan McCullagh, a senior writer at CNet who focuses on tech security and privacy, reported that federal agents have been attempting to get major Internet companies to reveal users' passwords and the encryption method used to protect them. McCullagh noted, "If the government is able to determine a person's password, which is typically stored in encrypted form, the credential could be used to log in to an account to peruse confidential correspondence or even impersonate the user."

Whether such an effort could be successful, or even has already been successful, is not fully known. Microsoft and Google told McCullagh they have not cooperated with any such requests, while refusing to confirm whether they've received any. Other companies are saying even less.

Even if the goal isn't direct surveillance, cracking passwords would allow the government to potentially bypass another legal issue: Whether suspects can be forced to provide access to password-protected data that could implicate them in crimes. Does such a demand violate a defendant's Fifth Amendment right against self-incrimination? The judiciary is currently struggling with the issue. In Wisconsin earlier this year, for example, a judge initially said that a man suspected of possessing child pornography could not be forced to provide the password to access his computer, but later the judge changed his mind. Being able to bypass the defendant entirely would render the conflict moot.