Microsoft to Provide BitLocker Keys Under Legal Orders
Microsoft has announced that it will supply encryption keys for data safeguarded by BitLocker on Windows PCs when it receives a legitimate warrant. This decision follows a case where the FBI requested keys to unlock data on laptops suspected of holding evidence related to Covid unemployment fraud in Guam.
BitLocker, a security feature on modern Windows systems, encrypts data, ensuring that only those with proper keys can access it. Users can opt to store these keys on their devices or use Microsoft’s cloud service. While cloud storage offers convenience in recovery, it poses risks of exposure to law enforcement requests.
In the Guam investigation, Microsoft complied with the FBI’s request for encryption keys. A Microsoft representative confirmed to Forbes that they provide BitLocker keys only upon receiving a valid legal request. Charles Chamberlayne, a Microsoft spokesperson, emphasized that the responsibility lies with customers on how to manage their keys to mitigate security risks.
“If Apple can do it, if Google can do it, then Microsoft can do it.”
This case marks the first known instance where Microsoft has handed over encryption keys to law enforcement. Previously, the company had resisted requests for backdoors in BitLocker. Senator Ron Wyden criticized tech firms for developing products that could secretly expose users’ encryption keys, claiming it endangers users’ privacy and security.
Experts express concerns about the implications of Microsoft complying with such requests, particularly regarding potential overreach by law enforcement. Jennifer Granick from the ACLU noted that governments with poor human rights records could also demand similar access to data.
Law enforcement agencies frequently ask tech companies for encryption keys or to weaken their security. However, companies like Apple have firmly declined such requests in the past. Experts urge Microsoft to enhance protections for consumers, suggesting alternatives such as storing keys on external drives.
With the knowledge that Microsoft will cooperate in similar cases, experts worry that law enforcement may increasingly pursue access to encryption keys. Matt Green remarked that once the government becomes accustomed to certain capabilities, it becomes challenging to retract them.
