Passwords

../_images/20120808085410-keys.png

There’s currently a search going on for a young girl that has disappeared roughly a week ago in Oslo. Not a good thing. Just follow the public newspapers or the twitter account of the local police to stay updated. But that’s not what this is about.

In This context the police is trying to figure out what happened before she disappeared, including following her digital steps on e.g. Facebook. This is reasonable and part of their work. Jumping on that an article in the newspaper aftenposten recommends to write down the password, put it in an envelope and give it to somebody you trust in emergencies:

[…] anbefaler Facebook-brukere å skrive opp passordet sitt, legge det i en forseglet konvolutt og gi den til noen man stoler på til bruk i nødstilfeller.[…]

Aftenposten

Æmm.. ja, well: no:

I see several reasons not to follow up this idea (it’s basically a bad idea, I think):

  • Do you trust the police enough to give them permanently your password to your social network? Why don’t you just give it to them in advance for secure keeping and just to use it in case of emergency? Why haven’t you done this already? Any reasons?

  • Where else did you use the password you used on your social network? Which other accounts would be accessible with that password? Do you really use every time a different password when you need to chose a password? Honestly?

  • Are there any accounts you use for resetting your password that will be send to you social network account instead? Those would be accessible as well.

  • Whom do you trust enough for not opening the envelope, reading the password and closing it again?

  • Be aware of that the legal terms of Facebook (chapter 4) in this case explicit not allow to compromise willingly your password.

From the investigators point-of-view I can understand their problem, of course. But that problem comes with the guarantee of free speech, the guarantee of a private life and the guarantee of being allowed to have personal secrets. That means of course that there will always be a situation where it would be useful for somebody to have access to it. Honestly (a quite a bit pessimistic as well): It will always be possible to _construct_ of setup a situation where it’s highly important to circumvent. I’m not getting started here ranting, sorry.

The article argues that the police still hasn’t gotten all the information in a different case though they’ve asked for it to the social network six months ago. Yes, I see the path the argumentation is following. Yes, it would be one solution to do it like that. Another one would be to finally force the social network company to apply to the laws that are valid in a country. That might be a bigger task, but it’s at least not allowing anybody to violate the law.

At the end it’s basically up to everybody himself. Fortunately. If you disagree: do it. If you agree, don’t do it. But don’t just do it because you think it’s a good idea because somebody who you think should know it best told you so. Think for yourself.