"If you think using Microsoft's BitLocker encryption will keep your data 100 percent safe, think again. Last year, Redmond reportedly provided the FBI with encryption keys to unlock the laptops of Windows users charged in a fraud indictment. The government case [PDF], which claims defendants in Guam fraudulently collected pandemic unemployment benefits, represents the first publicly known instance of Microsoft providing BitLocker keys, according to Forbes. BitLocker is a Windows security system that can encrypt data on storage devices."
"For either mode, Microsoft "typically" backs up BitLocker keys to its servers when the service gets set up from an active Microsoft account. "If you use a Microsoft account, the BitLocker recovery key is typically attached to it, and you can access the recovery key online," the company explains in its documentation. The situation is similar for managed devices. Microsoft provides the option to store keys elsewhere."
"Instead of selecting "Save to your Microsoft Account," customers can "Save to a USB flash drive," "Save to a file," or "Print the recovery key." But customers are encouraged to entrust keys to Microsoft because as long as they have access to the account online, they can recover the keys, effectively making Redmond their digital doorman. However, in such circumstances, customers no longer have total control over access to their data."
Microsoft reportedly provided the FBI with BitLocker recovery keys to unlock laptops in a fraud case, demonstrating that backed-up keys can be accessed by law enforcement. BitLocker encrypts storage devices and supports Device Encryption and BitLocker Drive Encryption modes. When BitLocker is set up with an active Microsoft account, recovery keys are typically backed up to Microsoft's servers, and managed devices often back up keys to an organization’s IT department. Users can instead save keys to a USB drive, a file, or print them. Relying on account-based backups allows account access to enable recovery and reduces user control over encrypted data. Apple offers a comparable iCloud-backed FileVault option.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]