Microsoft handed BitLocker recovery keys to the FBI
Microsoft provided BitLocker recovery keys to investigators in a Guam Covid unemployment fraud probe, exposing risks of cloud-stored encryption keys and reigniting calls for stronger user control of keys.
- The FBI served Microsoft with a warrant and the company provided BitLocker recovery keys for three laptops in the Guam investigation.
- Microsoft says it supplies BitLocker keys when presented with a valid legal order and receives about 20 key requests a year.
- This is the first known instance of Microsoft handing BitLocker keys to law enforcement.
- Security experts say storing recovery keys in the cloud gives companies access to user data and creates a straightforward path for law enforcement to obtain full hard drive contents.
- Forensic teams say BitLocker is difficult to break without the recovery key, so Microsoft compliance likely enabled investigators to read the devices in this case