"Microsoft gave Windows users' BitLocker encryption keys for to US law enforcement officers, providing access to encrypted data, according to a news report. The US Federal Bureau of Investigation approached Microsoft with a search warrant in early 2025, seeking keys to unlock encrypted data stored on three laptops in a case of alleged fraud involving the COVID unemployment assistance program in Guam. As the keys were stored on a Microsoft server, Microsoft adhered to the legal order and handed over the encryption keys, Forbes reported on Friday."
"BitLocker is a widely used tool for securing data at rest, whether by individuals or enterprises managing hundreds or thousands of Windows devices. By default, many Windows installations back up BitLocker recovery keys to Microsoft's cloud services, where Microsoft can retrieve them if legally compelled with a valid order. Custody issue, not BitLocker BitLocker is designed to provide encryption for entire volumes, addressing the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned devices."
""BitLocker itself does not fail here. The software does what it is built to do, encrypts the disk, integrates into Windows, allows for easy recovery," said Sanchit Vir Gogia, chief analyst at Greyhound Research."
US authorities obtained BitLocker recovery keys from Microsoft's cloud after the FBI served a search warrant to access data on three laptops tied to alleged COVID unemployment fraud in Guam. Microsoft complied because the recovery keys were stored on its servers, allowing decrypted access despite full-disk BitLocker protection. BitLocker provides robust encryption and integrates with Windows, but many installations default to backing up keys to Microsoft's cloud where legal compulsion can force disclosure. The incident demonstrates that key custody, not encryption strength, determines whether encrypted enterprise data can be accessed by authorities.
Read at Computerworld
Unable to calculate read time
Collection
[
|
...
]