When Microsoft hands over encryption keys to the FBI, who’s really watching your data?
Microsoft complied with an FBI warrant to hand over BitLocker encryption keys for three laptops linked to a Guam unemployment fraud investigation. The company acknowledged that while key recovery offers convenience, it also carries risks of unwanted access. A Microsoft spokesperson stated:
"Customers can choose to store their encryption keys locally, in a location inaccessible to Microsoft, or in Microsoft’s cloud. We recognize that some customers prefer Microsoft’s cloud storage so we can help recover their encryption key if needed. While key recovery offers convenience, it also carries a risk of unwanted access."
Senator Ron Wyden criticized the move, calling it "irresponsible" for companies to "secretly turn over users’ encryption keys." Jennifer Granick of the ACLU raised additional concerns:
"foreign governments with questionable human rights records may also expect Microsoft to hand over keys to customer data."
This compliance contrasts with Apple’s 2016 refusal to unlock a San Bernardino shooter’s phone, which was backed by Google, Facebook, and Microsoft (less forcefully). The FBI eventually withdrew its 2016 case after hiring a third-party to bypass the phone’s encryption.
Source: TheVerge