Privacy invasion on the web has reached a new level. The federal government has demanded web firms provide access to user passwords, and phishing emails have been filling email inboxes at an ever-increasing rate — making Internet security even more shaky in the wake of the leak of details about National Security Agency surveillance programs.
Under current NSA surveillance programs, the U.S. government is requesting access to users’ passwords, usually stored in encrypted form. This would allow federal spies to browse files with confidential correspondence, impersonate the account holder, and enhance their ability to decipher encrypted devices.
In May, hackers targeted at least 2 million users with phishing mail. Once opened, the email provides a link to an invisible malware download that infects personal computers in search of documents from company and government databases.
The everyday use and reliance on the Internet greatly increases each year, creating a large store of personal information and other data on the web. On a typical day last year, users sent 144 billion emails, posted 684,000 items of Facebook content and uploaded 72 hours of video to YouTube, the BBC reports.
The Patriot Act broadened the surveillance authority of the FBI and has been used to track phone call logs and databases. With Internet companies creating different security measures and encouraging stronger passwords from users, some of the federal demands are for the encryption algorithm, the mathematical formula used to convert electronic data to and from a format that can’t be read or understood by outside parties.
Also requested is the “salt,” a random string of numbers and letters used to make it more difficult to obtain the password, as well the secret question codes associated with user accounts, according to a CNet report.
It is unclear whether the federal government has legal authority to demand password retrieval information from Internet companies.
From July to December of last year, 68 percent of government requests to Google for user-identifying information were made under Electronic Communications Privacy Act subpoenas, which typically do not involve a judge-issued warrant. According to Google’s Transparency Report, only 22 percent of requests were made through search warrants, which are generally issued based on a belief that certain information is crime-related.
The Fourth Amendment to the U.S. Constitution protects the people’s right to “be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures,” but applies the right only in spatial terms. There is no clear consensus about whether it can be applied to information stored online.
Although the government may not delve into all the details it comes across, it’s hard to determine whether a user is still substantially safe from being searched and monitored. It’s also difficult for the user to figure out which emails are from real senders and which is a robotic hacking virus.
Clear warning signs are misspellings of company names and common words, as well as a long and strange sender address. But other times there are no visible hints. About 37.3 million users around the world were subjected to phishing attacks since last year. More than half the total involved fake copies of bank websites and other financial organizations, according to a recent Kaspersky report.
Phishing attacks that focus on employees of a specific company often try to disguise themselves as emails and websites that the employees visit regularly, making them more likely to be accepted as trusted mail, reports the Los Angeles Times.
It doesn’t appear that the urge for governmental Internet control and file hacking will slow down in a society where 90 percent of the world’s data has been created in the last two years. But having more transparency can allow the user to protect themselves in the tangled web that has been woven.
Phishing Schemes, Feds Demanding Passwords Make for a Scary