Microsoft provided the FBI with the recovery keys to unlock encrypted data on the hard drives of three laptops as part of a federal investigation, according to a Forbes report.
Many modern Windows computers rely on a full-disk encryption feature called BitLocker, which is enabled by default. This technology is designed to prevent anyone except the device owner from accessing the data if the computer is locked and powered off. However, by default, BitLocker recovery keys are uploaded to Microsoft’s cloud. This allows the company, and by extension law enforcement with proper legal authority, to access and use those keys to decrypt drives.
The case involved several people suspected of fraud related to the Pandemic Unemployment Assistance program in Guam, a U.S. island territory. A local news outlet reported last year that a warrant had been served to Microsoft in relation to the suspects’ hard drives. Another local outlet reported that the FBI requested the warrant six months after seizing the three laptops encrypted with BitLocker.
A Microsoft spokesperson did not immediately respond to a request for comment. Microsoft told Forbes that the company sometimes provides BitLocker recovery keys to authorities, receiving an average of 20 such requests per year.
Beyond the privacy implications of a company holding recovery keys, cryptography expert Matthew Green raised a potential risk scenario. He pointed out that malicious hackers could compromise Microsoft’s cloud infrastructure, something that has occurred several times in recent years, and gain access to these recovery keys. Hackers would still need physical access to the hard drives to use any stolen recovery keys.
Green noted that these security concerns have been known for years. He stated that Microsoft’s inability to secure critical customer keys is starting to make it an outlier from the rest of the industry.