Surrender as a service: Microsoft unlocks BitLocker for feds
If you’re serious about encryption, keep control of your encryption keys
If you think using Microsoft’s BitLocker encryption will keep your data 100 percent safe, think again. Last year, Redmond reportedly provided the FBI with encryption keys to unlock the laptops of Windows users charged in a fraud indictment.
The government case [PDF], which claims defendants in Guam fraudulently collected pandemic unemployment benefits, represents the first publicly known instance of Microsoft providing BitLocker keys, according to Forbes.
BitLocker is a Windows security system that can encrypt data on storage devices. It supports two modes: Device Encryption, a mode designed to simplify security, and BitLocker Drive Encryption, an advanced mode.
For either mode, Microsoft “typically” backs up BitLocker keys to its servers when the service gets set up from an active Microsoft account. “If you use a Microsoft account, the BitLocker recovery key is typically attached to it, and you can access the recovery key online,” the company explains in its documentation.
The situation is similar for managed devices. “If you’re using a device that’s managed by your work or school, the BitLocker recovery key is typically backed up and managed by your organization’s IT department,” the company says.
Microsoft provides the option to store keys elsewhere. Instead of selecting “Save to your Microsoft Account,” customers can “Save to a USB flash drive,” “Save to a file,” or “Print the recovery key.”
Read Details Here:
https://www.theregister.com/2026/01/23/surrender_as_a_service_microsoft/
