- Microsoft confirms that the FBI can access BitLocker keys via valid legal orders
- Cloud accounts store unencrypted keys, enabling access by law enforcement; local accounts avoid this risk
- Senator Wyden criticizes practice; The FBI requests about 20 keys annually, mostly unsuccessfully
Microsoft has confirmed (via Forbes) it will hand over the user’s BitLocker encryption keys to the FBI if the agency requests them via a valid court order.
When a person installs Windows 11, they are asked to create a Microsoft account. That account can either be linked to the person’s cloud account or can be stored locally. In either case, the account contains all of the user’s data and is protected by a BitLocker encryption key, a cryptographic key that Windows uses to lock and unlock data on a drive protected by BitLocker Drive Encryption.
The cloud account is the default setting. While users can choose an on-premise one, Microsoft went to extra lengths to hide this fact, essentially encouraging users to the cloud-based one.
Convenience and risk
For users with cloud accounts, Microsoft also keeps the encryption keys in an unencrypted form, meaning the company can technically access user data or provide it to law enforcement when legally required. Clearly, Microsoft is framing it as “key recovery” rather than “backdoor access to people’s data”:
“While key recovery offers convenience, it also carries a risk of unwanted access, so Microsoft believes customers are in the best position to decide… how to manage their keys,” said Microsoft spokesman Charles Chamberlayne. Forbes.
Obviously, the confirmation raised quite a few eyebrows. US Senator Ron Wyden, for example, said so Forbes Microsoft’s behavior was “simply irresponsible”:
“Allowing ICE or other Trump operatives to secretly obtain a user’s encryption keys gives them access to that person’s entire digital life and risks the personal safety and security of users and their families,” he said.
Microsoft says the FBI makes about 20 such requests each year. Most of them cannot be fulfilled because people create accounts on the device instead of cloud accounts.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
