Microsoft Reportedly Turned Over BitLocker Encryption Keys to the FBI

Microsoft handed over encryption keys for its laborious drive encryption software program BitLocker to the FBI final 12 months, complying with a search warrant tied to a fraud investigation in Guam. This marks the primary identified case of the tech large offering BitLocker restoration keys to regulation enforcement.

Forbes reported on Friday that Microsoft turned over restoration keys for BitLocker, permitting the FBI to entry knowledge saved on three seized laptops. BitLocker comes enabled by default on many Home windows PCs and is designed to encrypt a pc’s knowledge in case it’s misplaced or stolen.

BitLocker encryption will be unlocked utilizing a restoration key saved regionally on a consumer’s machine, however Microsoft additionally encourages customers to again up their restoration keys to the cloud. That backup could make knowledge restoration simpler if a consumer forgets their password, but it surely additionally creates a pathway for regulation enforcement and doubtlessly hackers to entry a consumer’s knowledge.

Microsoft didn’t instantly reply to a request for remark from Gizmodo. Nevertheless, a spokesperson advised Forbes that “Whereas key restoration affords comfort, it additionally carries a threat of undesirable entry, so Microsoft believes clients are in the very best place to determine… the way to handle their keys.”

He added that Microsoft receives roughly 20 requests for BitLocker restoration keys annually, however is unable to conform in circumstances the place the keys will not be backed up within the cloud.

The precise request cited within the report comes from a federal investigation right into a fraud ring tied to the Pandemic Unemployment Help program in Guam. A number of folks had been charged within the case, together with members of the family of the island’s Lieutenant Governor, Josh Tenorio.

Native information shops reported final summer time that unsealed search warrants revealed that investigators had been looking for BitLocker restoration keys for 3 computer systems seized throughout an FBI raid of a enterprise owned by the lieutenant governor’s sister, Charissa Tenorio. The information present that Microsoft complied with the request on February 10, 2025.

Past this particular case, the information has raised alarms among the many cybersecurity group. Matthew Inexperienced, a cryptography knowledgeable at Johns Hopkins, took to Bluesky to share his considerations over how simple it gave the impression to be for authorities to acquire the keys.

“As soon as upon a time you might assume (principally) that any Federal regulation enforcement company doing this might be working throughout the bounds of the regulation. These days, who is aware of. I certain wouldn’t need to be a journalist counting on Bitlocker,” Inexperienced wrote, linking to a information article about an FBI raid on the house of Washington Submit reporter Hannah Natanson.

He additionally warned that the benefit with which Microsoft was in a position to hand over the keys implies that “anybody who compromises their cloud infrastructure (and customer support infrastructure, or can forge a believable LE request) can doubtlessly entry that knowledge.”