Microsoft has provided the FBI with BitLocker recovery keys to unlock encrypted hard drives on seized laptops, according to a report by Forbes. The disclosure highlights a little-known but significant aspect of how default encryption works on many modern Windows PCs.
BitLocker, Microsoft’s full-disk encryption technology, is enabled by default on many Windows devices. In theory, it is designed to ensure that data stored on a locked and powered-off device remains inaccessible to anyone other than the owner. In practice, however, BitLocker recovery keys are often automatically backed up to Microsoft’s cloud unless users explicitly opt out.
That design choice means Microsoft retains the ability to access those keys and, when legally compelled, share them with authorities.
The case cited by Forbes involves a federal investigation into alleged fraud linked to the Pandemic Unemployment Assistance programme in Guam. Local outlets including Pacific Daily News and Kandit News previously reported that the FBI seized three laptops as part of the probe and later obtained a warrant compelling Microsoft to provide the BitLocker recovery keys needed to decrypt the drives.
According to Microsoft, this is not an isolated occurrence. The company told Forbes that it receives an average of around 20 requests per year from law enforcement agencies seeking BitLocker recovery keys. While Microsoft did not immediately respond to requests for comment from other outlets, the figures suggest a steady, if relatively small, stream of such disclosures.
The revelation has renewed criticism from security and privacy experts. Matthew Green, a cryptography professor at Johns Hopkins University, pointed out that storing recovery keys in the cloud creates risks that extend beyond government access.
Green warned that if Microsoft’s cloud infrastructure were compromised, attackers could potentially obtain recovery keys. While physical access to a device would still be required to decrypt a drive, the existence of centrally stored keys weakens the overall security model.
As governments continue to push for lawful access to encrypted data, and cloud breaches remain a recurring threat, the balance between convenience, security, and privacy in mainstream encryption tools like BitLocker is likely to face even closer scrutiny.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
