Microsoft Reportedly Turned Over BitLocker Encryption Keys to the FBI

Microsoft handed over encryption keys for its laborious drive encryption software program BitLocker to the FBI final 12 months, complying with a search warrant tied to a fraud investigation in Guam. This marks the primary recognized case of the tech large offering BitLocker restoration keys to regulation enforcement.

Forbes reported on Friday that Microsoft turned over restoration keys for BitLocker, permitting the FBI to entry information saved on three seized laptops. BitLocker comes enabled by default on many Home windows PCs and is designed to encrypt a pc’s information in case it’s misplaced or stolen.

BitLocker encryption might be unlocked utilizing a restoration key saved regionally on a person’s system, however Microsoft additionally encourages customers to again up their restoration keys to the cloud. That backup could make information restoration simpler if a person forgets their password, but it surely additionally creates a pathway for regulation enforcement and doubtlessly hackers to entry a person’s information.

Microsoft didn’t instantly reply to a request for remark from Gizmodo. Nevertheless, a spokesperson advised Forbes that “Whereas key restoration provides comfort, it additionally carries a danger of undesirable entry, so Microsoft believes prospects are in the most effective place to determine… the right way to handle their keys.”

He added that Microsoft receives roughly 20 requests for BitLocker restoration keys annually, however is unable to conform in instances the place the keys aren’t backed up within the cloud.

The particular request cited within the report comes from a federal investigation right into a fraud ring tied to the Pandemic Unemployment Help program in Guam. A number of folks had been charged within the case, together with members of the family of the island’s Lieutenant Governor, Josh Tenorio.

Native information retailers reported final summer season that unsealed search warrants revealed that investigators had been searching for BitLocker restoration keys for 3 computer systems seized throughout an FBI raid of a enterprise owned by the lieutenant governor’s sister, Charissa Tenorio. The data present that Microsoft complied with the request on February 10, 2025.

Past this particular case, the information has raised alarms among the many cybersecurity neighborhood. Matthew Inexperienced, a cryptography knowledgeable at Johns Hopkins, took to Bluesky to share his considerations over how simple it gave the impression to be for authorities to acquire the keys.

“As soon as upon a time you would assume (largely) that any Federal regulation enforcement company doing this might be working inside the bounds of the regulation. These days, who is aware of. I certain wouldn’t wish to be a journalist counting on Bitlocker,” Inexperienced wrote, linking to a information article about an FBI raid on the house of Washington Submit reporter Hannah Natanson.

He additionally warned that the convenience with which Microsoft was in a position to hand over the keys implies that “anybody who compromises their cloud infrastructure (and customer support infrastructure, or can forge a believable LE request) can doubtlessly entry that information.”