Microsoft for the first time furnished the FBI with BitLocker recovery keys as part of a criminal inquiry, reports Forbes. Access became feasible because a user saved the encryption keys in their Microsoft account, rather than locally on the device.
Previously, the company asserted that it did not possess access to BitLocker keys, as they reside with the user. Nevertheless, cloud backup alters the threat paradigm: when keys are stored within a Microsoft account, they might be handed over to law enforcement agencies pursuant to a judicial warrant.
Senator Ron Wyden already censured the situation, labeling it a peril to cybersecurity and user privacy. According to him, many fail to grasp that the default setting for cloud key storage effectively renders encryption conditional.
At Microsoft, they stated that the choice of key storage method continues to rest with the user: the cloud offers data recovery convenience, while local storage provides peak privacy. Despite this, the firm emphasized that it discloses data only within the scope of lawful mandates.
The BitLocker incident demonstrates that Windows encryption is not completely “zero trust” if a user links keys to a cloud credential.
About the Author
