Microsoft Reportedly Turned Over BitLocker Encryption Keys to the FBI

Microsoft handed over encryption keys for its exhausting drive encryption software program BitLocker to the FBI final 12 months, complying with a search warrant tied to a fraud investigation in Guam. This marks the primary recognized case of the tech big offering BitLocker restoration keys to regulation enforcement.

Forbes reported on Friday that Microsoft turned over restoration keys for BitLocker, permitting the FBI to entry knowledge saved on three seized laptops. BitLocker comes enabled by default on many Home windows PCs and is designed to encrypt a pc’s knowledge in case it’s misplaced or stolen.

BitLocker encryption may be unlocked utilizing a restoration key saved regionally on a consumer’s machine, however Microsoft additionally encourages customers to again up their restoration keys to the cloud. That backup could make knowledge restoration simpler if a consumer forgets their password, but it surely additionally creates a pathway for regulation enforcement and probably hackers to entry a consumer’s knowledge.

Microsoft didn’t instantly reply to a request for remark from Gizmodo. Nevertheless, a spokesperson instructed Forbes that “Whereas key restoration affords comfort, it additionally carries a threat of undesirable entry, so Microsoft believes prospects are in the most effective place to resolve… easy methods to handle their keys.”

He added that Microsoft receives roughly 20 requests for BitLocker restoration keys annually, however is unable to conform in instances the place the keys will not be backed up within the cloud.

The particular request cited within the report comes from a federal investigation right into a fraud ring tied to the Pandemic Unemployment Help program in Guam. A number of individuals have been charged within the case, together with relations of the island’s Lieutenant Governor, Josh Tenorio.

Native information shops reported final summer season that unsealed search warrants revealed that investigators have been in search of BitLocker restoration keys for 3 computer systems seized throughout an FBI raid of a enterprise owned by the lieutenant governor’s sister, Charissa Tenorio. The data present that Microsoft complied with the request on February 10, 2025.

Past this particular case, the information has raised alarms among the many cybersecurity neighborhood. Matthew Inexperienced, a cryptography skilled at Johns Hopkins, took to Bluesky to share his considerations over how simple it gave the impression to be for authorities to acquire the keys.

“As soon as upon a time you can assume (largely) that any Federal regulation enforcement company doing this is able to be working inside the bounds of the regulation. These days, who is aware of. I positive wouldn’t wish to be a journalist counting on Bitlocker,” Inexperienced wrote, linking to a information article about an FBI raid on the house of Washington Submit reporter Hannah Natanson.

He additionally warned that the convenience with which Microsoft was in a position to hand over the keys signifies that “anybody who compromises their cloud infrastructure (and customer support infrastructure, or can forge a believable LE request) can probably entry that knowledge.”