Microsoft recently complied with an FBI warrant, providing encryption recovery keys to unlock data on suspects’ laptops involved in a fraud case in Guam. The laptops were encrypted using BitLocker, a default full-disk encryption feature on Windows computers. While BitLocker is designed to secure data from unauthorized access, the keys are stored in Microsoft’s cloud, allowing the company and law enforcement access to decrypt drives when necessary.
The case highlights the privacy concerns associated with tech companies holding recovery keys. Security experts, including Johns Hopkins professor Matthew Green, caution against potential risks if hackers compromise Microsoft’s cloud infrastructure, gaining access to these keys. Despite Microsoft receiving around 20 similar requests annually, questions persist regarding the security of customer data and the implications of third-party access to encryption keys.
Source: TechCrunch