Legality of decrypting passwords

Discussion in 'Computer Security' started by onthax@gmail.com, Jun 30, 2008.

  1. Guest

    Hello,

    I am having an argument with a coworker, who thinks it is fine to
    decrypt users passwords to migrate files, as it is faster and more
    convenient than having the users resetting their passwords.

    I am sure this is almost never necessary, is a horrible invasion of
    privacy, and quite possibly illegal.

    Can anyone shed light on if this is legal or not, and if signing away
    your data to the company would extend to them having the right to
    decrypt your passwords?

    Any legal cases would be extra useful

    Cheers
    , Jun 30, 2008
    #1
    1. Advertising

  2. wrote:

    > I am having an argument with a coworker, who thinks it is fine to
    > decrypt users passwords to migrate files, as it is faster and more
    > convenient than having the users resetting their passwords.


    Why so complicated?

    Give yourself admin rights to the folders and move them - the only
    reason I could think of why you'd need to do this as a user is to take
    ownership of files AFTER you accidentally made the admin the owner
    (there's ways around that usally).

    Speaking of which - does anybody know a good command line tool that
    will take ownership of files from the login script?

    Some of my users have files that belong to the same user, but from a
    different domain - leftovers from a domain migration. Not an access
    problem, the user doesn't even notice, but it messes up with quotas :-(

    Juergen Nieveler
    --
    Door: Something a cat wants to be on the other side of
    Juergen Nieveler, Jun 30, 2008
    #2
    1. Advertising

  3. Guest

    On Jul 1, 3:38 am, Juergen Nieveler <>
    wrote:
    > wrote:
    > > I am having an argument with a coworker, who thinks it is fine to
    > > decrypt users passwords to migrate files, as it is faster and more
    > > convenient than having the users resetting their passwords.

    >
    > Why so complicated?
    >
    > Give yourself admin rights to the folders and move them - the only
    > reason I could think of why you'd need to do this as a user is to take
    > ownership of files AFTER you accidentally made the admin the owner
    > (there's ways around that usally).
    >
    > Speaking of which - does anybody know a good command line tool that
    > will take ownership of files from the login script?
    >
    > Some of my users have files that belong to the same user, but from a
    > different domain - leftovers from a domain migration. Not an access
    > problem, the user doesn't even notice, but it messes up with quotas :-(
    >
    > Juergen Nieveler
    > --
    > Door: Something a cat wants to be on the other side of


    Moving to a new mailsystem that uses different crypt functions for
    example.

    Not interested in company policy, but the law.
    , Jul 1, 2008
    #3
  4. Todd H. Guest

    writes:

    > Moving to a new mailsystem that uses different crypt functions for
    > example.
    >
    > Not interested in company policy, but the law.


    Well, the law sorta hinges on what employees have been told to expect,
    so if you aren't interested in company policy, you should be.

    This is an evolving area, and courts are defining the interpretations
    of the laws.

    The recent text messaging privacy ruling was the basis of this
    interview, but a lot of employer/employee privacy issues are still
    evolving, so anyone who tells you here what "the law" is is likely to
    be on the wrong side of an issue depending on how some court rules.
    The law on this stuff is a lot more maleable than you might expect, it
    seems.

    Have a listen to this interview from this week, and you'll hear from
    this law professor that employee expectations of privacy do factor in
    what policies they've agreed to upon becoming employees.

    http://www.npr.org/templates/story/story.php?storyId=91975527

    Best Regards,
    --
    Todd H.
    http://www.toddh.net/
    Todd H., Jul 1, 2008
    #4
  5. Unruh Guest

    Tell us which company you work for so we can all avoid it.
    a) you should not be able to decrypt the password. What kind of bad system
    do you use?
    b) It may be illegal, and it may definitely be against company policy.

    writes:

    >Hello,


    >I am having an argument with a coworker, who thinks it is fine to
    >decrypt users passwords to migrate files, as it is faster and more
    >convenient than having the users resetting their passwords.


    >I am sure this is almost never necessary, is a horrible invasion of
    >privacy, and quite possibly illegal.


    >Can anyone shed light on if this is legal or not, and if signing away
    >your data to the company would extend to them having the right to
    >decrypt your passwords?


    >Any legal cases would be extra useful


    >Cheers
    Unruh, Jul 1, 2008
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. CPTK

    Decrypting Files - Forgotten Password...

    CPTK, Jun 9, 2005, in forum: Computer Support
    Replies:
    7
    Views:
    581
    Shep©
    Jun 11, 2005
  2. Aaron Epstein

    decrypting dvd disk with dvd video recorder?

    Aaron Epstein, Sep 26, 2004, in forum: DVD Video
    Replies:
    0
    Views:
    502
    Aaron Epstein
    Sep 26, 2004
  3. John Brown

    Decrypting how to?

    John Brown, Dec 22, 2007, in forum: Computer Support
    Replies:
    16
    Views:
    1,317
    Plato
    Dec 27, 2007
  4. ChigbuaUmuenu

    Decrypting an encrypted password

    ChigbuaUmuenu, Oct 30, 2006, in forum: MCAD
    Replies:
    3
    Views:
    1,197
    ChigbuaUmuenu
    Nov 3, 2006
  5. elktron

    Decrypting passwords

    elktron, Feb 16, 2011, in forum: General Computer Support
    Replies:
    1
    Views:
    1,383
    elktron
    Feb 17, 2011
Loading...

Share This Page