Microsoft Gave FBI Keys to Unlock Encrypted Data, Exposing Major Privacy Flaw
2 months ago
- #Encryption
- #Privacy
- #Law Enforcement
- FBI served Microsoft with a search warrant to provide BitLocker recovery keys for encrypted data on three laptops in Guam.
- BitLocker is encryption software on Windows PCs; Microsoft recommends storing keys on its servers, making them accessible via legal orders.
- Microsoft confirmed providing BitLocker recovery keys under valid legal orders, receiving about 20 requests annually.
- This is the first known instance of Microsoft providing encryption keys to law enforcement.
- Privacy experts criticize Microsoft for not offering stronger protection like Apple and Google, which allow encrypted cloud backups.
- Concerns raised about the breadth of data access BitLocker keys provide, potentially beyond the scope of investigations.
- Microsoft could offer hardware-based key storage (e.g., thumb drives) but it’s not the default setting.
- BitLocker encryption has proven impenetrable to law enforcement without keys, leading to reliance on Microsoft compliance.
- Experts warn that law enforcement will likely increase demands for encryption keys now that Microsoft has complied.