Orin Kerr writes:
Over at CNET, Declan McCullagh has an article claiming that “the U.S. government” is requesting passwords from service providers in online investigations, at least “according to two industry sources familiar with these orders.” I have a hard time understanding what is going on, or if there’s actually a “there” there from a legal perspective. Here’s why:
1) The article says that there are two sources that are familiar with this practice, but the sources are not named and we don’t know much about them or how often this practice occurs. All we know about the sources is that one “has worked at a large Silicon Valley company,” and another is in the “Internet industry.” The source who has worked in Silicon Valley suggests that this has happened more than once, as the relevant sentence refers to having seen “requests.” But the other sources quoted in the article are unfamiliar with the practice. And if the two sources are right, we don’t know if this happened in two cases over several years or if it is happening more often than that. If this is happening routinely, it’s a big story. But it’s hard to know what is going on factually.
Read more on The Volokh Conspiracy.