The tech giant said providing encryption keys was a standard response to a court order. But companies like Apple and Meta set up their systems so such a privacy violation isn’t possible.
The tech giant said it receives around 20 requests for BitLocker keys a year and will provide them to governments in response to valid court orders. But companies like Apple and Meta set up their systems so such a privacy violation isn’t possible.
Microsoft says it will provide encryption keys for Windows PC data protected by BitLocker where it has access to them and it's received a valid warrant.arly last year, the FBI served Microsoft with a search warrant, asking it to provide recovery keys to unlock encrypted data stored on three laptops. Federal investigators in Guam believed the devices held evidence that would help prove individuals handling the island’s Covid unemployment assistance program were part of a plot to steal funds. The data was protected with BitLocker, software that’s automatically enabled on many modern Windows PCs to safeguard all the data on the computer’s hard drive. BitLocker scrambles the data so that only those with a key can decode it. It’s possible for users to store those keys on a device they own, but Microsoft also recommends BitLocker users store their keys on its servers for convenience. While that means someone can access their data if they forget their password, or if repeated failed attempts to login lock the device, it also makes them vulnerable to law enforcement subpoenas and warrants.that it does provide BitLocker recovery keys if it receives a valid legal order. “While key recovery offers convenience, it also carries a risk of unwanted access, so Microsoft believes customers are in the best position to decide... how to manage their keys,” said Microsoft spokesperson Charles Chamberlayne. He said the company receives around 20 requests for BitLocker keys per year and in many cases, the user has not stored their key in the cloud making it impossible for Microsoft to assist.The Guam case is the first known instance where the Redmond, Washington company has provided any encryption key to law enforcement. Back in 2013, a Microsoft engineerthat it is “simply irresponsible for tech companies to ship products in a way that allows them to secretly turn over users' encryption keys.” “Allowing ICE or other Trump goons to secretly obtain a user’s encryption keys is giving them access to the entirety of that person’s digital life, and risks the personal safety and security of users and their families,” he added. This isn’t just an issue in the U.S. Jennifer Granick, surveillance and cybersecurity counsel at the ACLU, noted that foreign governments with questionable human rights records also demand data from tech giants like Microsoft. “Remote storage of decryption keys can be quite dangerous,” she said.Contact the reporter, Thomas Brewster, at tbrewster@forbes.com or +1 929-512-7964 on Signal. Law enforcement regularly asks tech giants to provide encryption keys, implement backdoor access or weaken their security in other ways. But other companies have refused. Apple in particular has repeatedly been asked for access to encrypted data in its cloud or on its devices. In awith the government in 2016, Apple fought an FBI order to help open phones belonging to terrorists who shot and killed 14 in San Bernardino, California. Ultimately, the FBI found a contractor to hack into the iPhones.the onus should be on Microsoft to provide stronger protection for consumers’ personal devices and data. Apple, with its comparable FileVault and Passwords systems, and Meta’s WhatsApp messaging app also allow users to backup data on their apps and store a key in the cloud. However, both also allow the user to put the key in an encrypted file in the cloud, making law enforcement requests for it useless. Neither are reported to have turned over encryption keys of any kind in the past. “This is private data on a private computer and they made the architectural choice to hold access to that data. They absolutely should be treating it like something that belongs to the user,” said Matt Green, cryptography expert and associate professor at the Johns Hopkins University Information Security Institute. “If Apple can do it, if Google can do it, then Microsoft can do it. Microsoft is the only company that's not doing this,” he added. “It's a little weird… The lesson here is that if you have access to keys, eventually law enforcement is going to come.” Granick raised concerns about the breadth of information that the FBI could obtain if agents get access to data protected by BitLocker. “The keys give the government access to information well beyond the time frame of most crimes, everything on the hard drive,” she said. “Then we have to trust that the agents only look for information relevant to the authorized investigation, and do not take advantage of the windfall to rummage around.” In the Guam case, the court docket shows the warrant was successfully executed. The lawyer for defendant Charissa Tenorio, who pleaded not guilty, said the information provided to her by the case’s prosecutors included information from her client’s computer and that it included references to BitLocker keys that Microsoft had provided the FBI. The case is ongoing. Both Green and Granick said Microsoft could have users install a key on a piece of hardware like a thumb drive, which would act as a backup or recovery key. Microsoft does allow for that option, but it’s not the default setting for BitLocker on Windows PCs. Without the encryption keys from Microsoft, the FBI would’ve struggled to get any useful data from the computers. BitLocker’s encryption algorithms have proven impenetrable to prior law enforcement attempts to break in, according to ain a court document that his agency did “not possess the forensic tools to break into devices encrypted with Microsoft BitLocker, or any other style of encryption.” In one previous case, federal investigators obtained keys by discovering that a Now that the FBI and other agencies know Microsoft will comply with warrants similar to the Guam case, they’ll likely make more demands for encryption keys, Green said. “My experience is, once the U.S. government gets used to having a capability, it's very hard to get rid of it.”
Bitlocker Keys Windows Encryption Fbi Guam Privacy Apple Meta
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Mom Finds Police Keys Inside Her Preschooler's BackpackRachel Paula Abrahamson is an entertainment journalist-turned-lifestyle reporter living in Boston. She covers parenting, pop culture, and news for TODAY.com — and fancies herself an expert on all things twin-related! In 2024, Rachel received an NBC Gem Award (Going the Extra Mile) for her contributions to NBC.
Read more »
The Elder Scrolls IV: Oblivion Remastered Is Deeply Discounted Right Now (But Keys Are Limited)Save big on The Elder Scrolls IV: Oblivion Remastered with Fanatical’s latest deal. Get the Deluxe Edition for $35.39 (41% off) or the Standard Edition for $28.99 for a limited time on PC.
Read more »
Erratic Trump Speech Sparks Calls to ‘Take the Keys’ AwayThe president’s rambling address to the World Economic Forum has sparked fresh concerns.
Read more »
Madison Keys Advances to Australian Open Third Round, Pegula Also VictoriousMadison Keys, the defending champion, overcame a second-set challenge to defeat Ashlyn Krueger and move into the third round of the Australian Open. Jessica Pegula also secured a dominant victory in her match, while Novak Djokovic was set to play later in the day.
Read more »
'Finding Her Edge' Review: Netflix's New Skating Romance Series Is the Perfect 'Summer I Turned Pretty' ReplacementMadelyn Keys and Cale Ambrozic in 'Finding Her Edge'.
Read more »
Microsoft investigating outage affecting Microsoft 365, Outlook and other servicesMicrosoft services are down for thousands of users, according to tracking service Downdetector.
Read more »