Microsoft Shared BitLocker Keys With FBI, Raising Privacy Fears

Microsoft Shared BitLocker Keys With FBI, Raising Privacy Fears

Briefly

"Microsoft is under scrutiny after it emerged that the company shared encryption keys with US law enforcement, an uncommon move that has alarmed privacy experts and reignited the debate over who truly controls encrypted data. According to Forbes staffer Thomas Brewster, Microsoft provided the FBI with BitLocker recovery keys that allowed investigators to unlock data on three encrypted laptops. The request came through a valid search warrant issued in a federal investigation in Guam into alleged fraud in the island's COVID-19 unemployment assistance program."

"Microsoft confirmed the practice to Forbes. "While key recovery offers convenience, it also carries a risk of unwanted access, so Microsoft believes customers are in the best position to decide... how to manage their keys," Microsoft spokesperson Charles Chamberlayne said. Chamberlayne added that Microsoft receives around 20 requests for BitLocker keys each year, though many cannot be fulfilled because users did not upload their keys to the cloud."

"The laptops were protected by BitLocker, Microsoft's full-disk encryption software that is enabled by default on many modern Windows PCs. While BitLocker is designed to keep data safe from unauthorized access, the case shows that protection depends heavily on where the recovery key is stored. BitLocker users can store recovery keys locally on a USB drive or another device, but Microsoft also encourages users to back them up to its cloud for convenience. That option makes it easier to regain access if a password is forgotten, but it also means Microsoft can access the keys if served with a legal order."