Microsoft Gave FBI a Set of BitLocker Encryption Keys To Unlock Suspects' Laptops (techcrunch.com)
- Reference: 0180645160
- News link: https://it.slashdot.org/story/26/01/23/1910235/microsoft-gave-fbi-a-set-of-bitlocker-encryption-keys-to-unlock-suspects-laptops
- Source link: https://techcrunch.com/2026/01/23/microsoft-gave-fbi-a-set-of-bitlocker-encryption-keys-to-unlock-suspects-laptops-reports/
> Microsoft [1]provided the FBI with the recovery keys to unlock encrypted data on the hard drives of three laptops as part of a federal investigation, Forbes [2]reported on Friday. Many modern Windows computers rely on full-disk encryption, called BitLocker, which is [3]enabled by default . This type of technology should prevent anyone except the device owner from accessing the data if the computer is locked and powered off.
>
> But, by default, BitLocker recovery keys are uploaded to Microsoft's cloud, allowing the tech giant -- and by extension law enforcement -- to access them and use them to decrypt drives encrypted with BitLocker, as with the case reported by Forbes. The case involved several people suspected of fraud related to the Pandemic Unemployment Assistance program in Guam, a U.S. island in the Pacific. Local news outlet Pacific Daily News [4]covered the case last year, reporting that a warrant had been served to Microsoft in relation to the suspects' hard drives.
>
> Kandit News, another local Guam news outlet, [5]also reported in October that the FBI requested the warrant six months after seizing the three laptops encrypted with BitLocker. [...] Microsoft told Forbes that the company sometimes provides BitLocker recovery keys to authorities, having received an average of 20 such requests per year.
[1] https://techcrunch.com/2026/01/23/microsoft-gave-fbi-a-set-of-bitlocker-encryption-keys-to-unlock-suspects-laptops-reports/
[2] https://www.forbes.com/sites/thomasbrewster/2026/01/22/microsoft-gave-fbi-keys-to-unlock-bitlocker-encrypted-data/
[3] https://www.theverge.com/2024/8/14/24220138/microsoft-bitlocker-device-encryption-windows-11-defaultz
[4] https://www.guampdn.com/news/another-unsealed-warrant-encrypted-data-seized-in-pua-fraud-investigation/article_1b98b770-daf5-436a-97f9-3a11f57accf5.html
[5] https://kanditnews.com/3rd-warrant-against-tenorio-unsealed-encrypted-computer-files-seized/
Is this a surprise? (Score:2)
I know MS has my keys. They're attached to the accounts. Every day, I get closer to switching to linux desktop.
Re: (Score:3)
They have the recovery keys. You can remove them if you like.
If you're paranoid, you can remove them, disable bitlocker, re-enabled it and this time choose not to send MS your keys.
Re: (Score:2)
You can download a copy of the keys and delete them from your MS account.
Re: (Score:2)
> and delete them from your MS account.
Yeah, right. I can also unformat my hard drive.
Nothing is ever deleted... (Score:2)
So nuke it, disable bitlocker, then re-enable it with a new key that isn't shared. Well, it's probably still shared. Microsoft can't be trusted.
BitLocker is fake disk encryption (*) (Score:2)
If someone else can get the key to unlock the drive, the drive isn't locked. The problem with BitLocker, at least in general, is that you don't control the passphrase or keys, and hence it's not really useful in the wider / greater context!
Look at LUKS, you control the passphrase, and if you choose, additive keys, and that means if law enforcement needs your drive, they can't side step you. The fact Microsoft can hand over the keys makes BitLocker functionally useless, and, really cuts to the core of t
Re: (Score:2)
> The fact Microsoft can hand over the keys makes BitLocker functionally useless,
If your only goal is to hide things from the police, who have a warrant. Criminals and ex-wives generally have a hard time getting those warrants.
It's good for what it's good for, which is not everything.
Re: (Score:2)
To be fair, I'd actually use Vera Crypt or another technology to hide anything sensitive, and then randomly generate a massive passphrased > 256 characters. Save it into a password manager, and then if I was arrested, I couldn't give you the code. Furthermore, set a massive PIM, over 10k, and you're fine. The main objective is that BitLocker isn't encryption if someone can hold the key.
Re: (Score:3)
Microsoft can only hand over the keys that you have saved in your online Microsoft Account. When you're setting up Bitlocker you're given the choice to do that or to save them as a file or to just see the key to write it down. You don't have to upload them to your MS Account and if you do you can still delete them from it.
Re: (Score:1)
That's why I put an asterisk, and you have to assume they don't have it, but with Microsoft, you can't trust them, so don't.
Same old rules (Score:1)
Never trust the Government. Never trust political parties. Never trust big tech companies. Never trust your employer. If you had data that could get you jailed or killed, don't put it anywhere where a guy with a warrant or a woodchipper can find you, legal or otherwise.
Gave is the wrong word in the title. (Score:2)
The FBI used a subpoena or warrant to obtain the private keys.
Re: (Score:2)
> The FBI used a subpoena or warrant to obtain the private keys.
I'm quite sure not everyone's encryption keys would be so easy to obtain with a piece of paper
Wait a second! (Score:1)
Wasn't there a story on Slashdot a few years back where Joe Average requested help from Microslop to gain access to their BitLocker keys after being locked out due to an update or hardware change, but was told in no uncertain terms that this was impossible as Microslop does not have access to them even if they were uploaded to the cloud.
Doesn't this now make that story a farce?
And how long (Score:2)
before they're for sale on the dark net? A few months? Less?
Clickbait title (Score:3)
All this means is Microsoft has your decryption keys by default but you can still easily turn that off.
And yeah of course Microsoft gave them the keys they would have had a warrant.
At least I hope they had a warrant. It's 2025 and that's not a guarantee anymore.
draining the swamp (Score:3)
Warrants are a form of wasteful bureaucracy that our strong, intelligent government is removing.
Re: (Score:2)
You're correct, you can absolutely not send them your keys. And if you don't trust them to fully delete them, you can re-Bitlocker your drive and make sure not to send them your keys this time (it's in the wizard you go through when you turn bitlocker on).
However, I *can* say that it has saved my ass before. This is because anything that makes a change to your SecureBoot environment (like, from linux for example- which is what happened to me) will render Windows unbootable without a recovery key, and if y