Feds tell Web firms to turn over user account passwords
Feds tell Web firms to turn over user account passwords
Secret demands mark escalation in Internet surveillance
by the federal government through gaining access to user passwords, which are
typically stored in encrypted form.
Declan McCullagh by Declan McCullagh July 25, 2013 11:26 AM PDT
The U.S. government has demanded that major Internet
companies divulge users' stored passwords, according to two industry sources
familiar with these orders, which represent an escalation in surveillance
techniques that has not previously been disclosed.
If the government is able to determine a person's
password, which is typically stored in encrypted form, the credential could be
used to log in to an account to peruse confidential correspondence or even
impersonate the user. Obtaining it also would aid in deciphering encrypted
devices in situations where passwords are reused.
"I've certainly seen them ask for passwords,"
said one Internet industry source who spoke on condition of anonymity. "We
push back."
A second person who has worked at a large Silicon Valley
company confirmed that it received legal requests from the federal government
for stored passwords. Companies "really heavily scrutinize" these
requests, the person said. "There's a lot of 'over my dead body.'"
Some of the government orders demand not only a user's
password but also the encryption algorithm and the so-called salt, according to
a person familiar with the requests. A salt is a random string of letters or
numbers used to make it more difficult to reverse the encryption process and
determine the original password. Other orders demand the secret question codes
often associated with user accounts.
A Microsoft spokesperson would not say whether the
company has received such requests from the government. But when asked whether
Microsoft would divulge passwords, salts, or algorithms, the spokesperson
replied: "No, we don't, and we can't see a circumstance in which we would
provide it."
Google also declined to disclose whether it had received
requests for those types of data. But a spokesperson said the company has
"never" turned over a user's encrypted password, and that it has a
legal team that frequently pushes back against requests that are fishing
expeditions or are otherwise problematic. "We take the privacy and
security of our users very seriously," the spokesperson said.
Apple, Yahoo, Facebook, AOL, Verizon, AT&T, Time
Warner Cable, and Comcast did not respond to queries about whether they have
received requests for users' passwords and how they would respond to them.
Richard Lovejoy, a director of the Opera Software
subsidiary that operates FastMail, said he doesn't recall receiving any such
requests but that the company still has a relatively small number of users compared
with its larger rivals. Because of that, he said, "we don't get a high
volume" of U.S. government demands.
The FBI declined to comment.
Some details remain unclear, including when the requests
began and whether the government demands are always targeted at individuals or
seek entire password database dumps. The Patriot Act has been used to demand
entire database dumps of phone call logs, and critics have suggested its use is
broader. "The authority of the government is essentially limitless"
under that law, Sen. Ron Wyden, an Oregon Democrat who serves on the Senate
Intelligence committee, said at a Washington event this week.
Large Internet companies have resisted the government's
requests by arguing that "you don't have the right to operate the account
as a person," according to a person familiar with the issue. "I don't
know what happens when the government goes to smaller providers and demands
user passwords," the person said.
An attorney who represents Internet companies said he has
not fielded government password requests, but "we've certainly had reset
requests -- if you have the device in your possession, than a password reset is
the easier way."
Cracking the codes
Even if the National Security Agency or the FBI
successfully obtains an encrypted password, salt, and details about the
algorithm used, unearthing a user's original password is hardly guaranteed. The
odds of success depend in large part on two factors: the type of algorithm and
the complexity of the password.
Algorithms, known as hash functions, that are viewed as
suitable for scrambling stored passwords are designed to be difficult to
reverse. One popular hash function called MD5, for instance, transforms the phrase
"National Security Agency" into this string of seemingly random
characters: 84bd1c27b26f7be85b2742817bb8d43b. Computer scientists believe that,
if a hash function is well-designed, the original phrase cannot be derived from
the output.
But modern computers, especially ones equipped with
high-performance video cards, can test passwords scrambled with MD5 and other
well-known hash algorithms at the rate of billions a second. One system using
25 Radeon-powered GPUs that was demonstrated at a conference last December
tested 348 billion hashes per second, meaning it would crack a 14-character
Windows XP password in six minutes.
Amid Apple developer site outage, users report
unauthorized password resets
The best practice among Silicon Valley companies is to
adopt far slower hash algorithms -- designed to take a large fraction of a
second to scramble a password -- that have been intentionally crafted to make
it more difficult and expensive for the NSA and other attackers to test every
possible combination.
One popular algorithm, used by Twitter and LinkedIn, is
called bcrypt. A 2009 paper by computer
scientist Colin Percival estimated that it would cost a mere $4 to crack, in an
average of one year, an 8-character bcrypt password composed only of letters.
To do it in an average of one day, the hardware cost would jump to
approximately $1,500.
But if a password of the same length included numbers,
asterisks, punctuation marks, and other special characters, the cost-per-year
leaps to $130,000. Increasing the length to any 10 characters, Percival
estimated in 2009, brings the estimated cracking cost to a staggering $1.2
billion.
As computers have become more powerful, the cost of
cracking bcrypt passwords has decreased. "I'd say as a rough ballpark, the
current cost would be around 1/20th of the numbers I have in my paper,"
said Percival, who founded a company called Tarsnap Backup, which offers
"online backups for the truly paranoid." Percival added that a
government agency would likely use ASICs -- application-specific integrated
circuits -- for password cracking because it's "the most cost-efficient --
at large scale -- approach."
While developing Tarsnap, Percival devised an algorithm
called scrypt, which he estimates can make the "cost of a hardware
brute-force attack" against a hashed password as much as 4,000 times
greater than bcrypt.
Bcrypt was introduced at a 1999 Usenix conference by
Niels Provos, currently a distinguished engineer in Google's infrastructure
group, and David Mazières, an associate professor of computer science at
Stanford University.
With the computers available today, "bcrypt won't
pipeline very well in hardware," Mazières said, so it would "still be
very expensive to do widespread cracking."
Even if "the NSA is asking for access to hashed
bcrypt passwords," Mazières said, "that doesn't necessarily mean they
are cracking them." Easier approaches, he said, include an order to
extract them from the server or network when the user logs in -- which has been
done before -- or installing a keylogger at the client.
Questions of law
Whether the National Security Agency or FBI has the legal
authority to demand that an Internet company divulge a hashed password, salt,
and algorithm remains murky.
"This is one of those unanswered legal questions: Is
there any circumstance under which they could get password information?"
said Jennifer Granick, director of civil liberties at Stanford University's
Center for Internet and Society. "I don't know."
Granick said she's not aware of any precedent for an
Internet company "to provide passwords, encrypted or otherwise, or
password algorithms to the government -- for the government to crack passwords
and use them unsupervised." If the password will be used to log in to the
account, she said, that's "prospective surveillance," which would
require a wiretap order or Foreign Intelligence Surveillance Act order.
If the government can subsequently determine the
password, "there's a concern that the provider is enabling unauthorized
access to the user's account if they do that," Granick said. That could,
she said, raise legal issues under the Stored Communications Act and the
Computer Fraud and Abuse Act.
The Justice Department has argued in court proceedings
before that it has broad legal authority to obtain passwords. In 2011, for
instance, federal prosecutors sent a grand jury subpoena demanding the password
that would unlock files encrypted with the TrueCrypt utility.
The Florida man who received the subpoena claimed the
Fifth Amendment, which protects his right to avoid self-incrimination, allowed
him to refuse the prosecutors' demand.
In February 2012, the U.S. Court of Appeals for the
Eleventh Circuit agreed, saying that because prosecutors could bring a criminal
prosecution against him based on the contents of the decrypted files, the man
"could not be compelled to decrypt the drives."
In January 2012, a federal district judge in Colorado
reached the opposite conclusion, ruling that a criminal defendant could be compelled
under the All Writs Act to type in the password that would unlock a Toshiba
Satellite laptop.
Both of those cases, however, deal with criminal
proceedings when the password holder is the target of an investigation -- and
don't address when a hashed password is stored on the servers of a company
that's an innocent third party.
"If you can figure out someone's password, you have
the ability to reuse the account," which raises significant privacy
concerns, said Seth Schoen, a senior staff technologist at the Electronic
Frontier Foundation.
Comments
Post a Comment