- Microsoft confirms FBI can access BitLocker keys via valid legal orders
- Cloud accounts store unencrypted keys, enabling law enforcement access; local accounts avoid this risk
- Senator Wyden criticizes practice; FBI requests about 20 keys yearly, mostly unsuccessful
Microsoft has confirmed (via Forbes) it will hand over user BitLocker encryption keys to the FBI if the agency requests them via a valid legal order.
When a person installs Windows 11, they are asked to create a Microsoft account. That account can either be tied to the person’s cloud account, or can be stored locally. In both cases, the account holds all of the user’s data, and is protected by a BitLocker encryption key, a cryptographic key Windows uses to lock and unlock data on a drive protected by BitLocker Drive Encryption.
The cloud account is the default setting. While users can opt for a local one, Microsoft put in extra effort to hide that fact, essentially prodding users towards the cloud-based one.
Convenience and risk
For users with cloud accounts, Microsoft also retains the encryption keys in an unencrypted form, which means the company can technically access user data or provide it to law enforcement when legally required. Obviously, Microsoft frames it as “key recovery”, instead of “backdoor access to people’s data”:
“While key recovery offers convenience, it also carries a risk of unwanted access, so Microsoft believes customers are in the best position to decide… how to manage their keys,” Microsoft spokesperson Charles Chamberlayne told Forbes.
Obviously, the confirmation raised quite a few eyebrows. US Senator Ron Wyden, for example, told Forbes Microsoft’s the behavior was “simply irresponsible”:
“Allowing ICE or other Trump goons to secretly obtain a user’s encryption keys is giving them access to the entirety of that person’s digital life, and risks the personal safety and security of users and their families,” he said.
Microsoft says that the FBI makes roughly 20 such requests every year. Most of them can’t be met because people create on-device accounts, instead of cloud ones.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
https://cdn.mos.cms.futurecdn.net/jbgtifp3AGCUESp9PxEXwh-970-80.jpg
Source link
