Microsoft confirms the possibility of transferring BitLocker keys to intelligence agencies

Microsoft has admitted that it can transfer BitLocker encryption keys to law enforcement agencies in cases where the user stores them in the cloud of his Microsoft account. This is reported by Forbes.

The company confirmed that it provides such keys on the basis of an existing court order, noting that the Federal Bureau of Investigation in the United States presents about two dozen such requests each year. This practice distinguishes Microsoft from Apple and Google, which have repeatedly stated that there is no technical way to unlock the encrypted devices of their users.

How BitLocker works and where the key is stored

BitLocker is a disk encryption system built into Windows, designed to protect data in the event of loss or theft of the device. When encryption is activated, the system creates a backup recovery key without which access to the encrypted disk is impossible.

Windows offers several ways to save this key, including printing, writing to USB media or saving to the cloud Microsoft account. If the user chooses the cloud option, the key is stored on the company’s servers and, if there is a court order, can be transferred to law enforcement agencies.

Security and trust issues

It is currently unknown whether BitLocker keys are stored on Microsoft servers in plain text or in encrypted form. At the same time, the very fact that they can be transferred means that the company has technical access to this data. This raises additional questions about the security of recovery keys stored in the cloud and potential risks for users.

A Microsoft representative noted that cloud storage of keys is indeed convenient, but it can also have risks of unauthorized access. In this regard, the company advises users to weigh the pros and cons for themselves and decide whether to store the key in the cloud or choose a local storage method.