Microsoft gave U.S. federal brokers the digital keys wanted to unlock three encrypted laptops linked to an enormous COVID unemployment rip-off in Guam.
This case reveals how cloud-stored encryption keys can assist legislation enforcement, but in addition raises massive privateness worries for on a regular basis customers.
Early final 12 months, in 2025, FBI investigators in Guam acquired a search warrant for Microsoft. They wished restoration keys for 3 laptops tied to a plot stealing funds from the island’s COVID reduction program.
Crooks had dealt with unemployment help and pocketed tens of millions. The laptops held proof of the crime, however sturdy encryption blocked entry.
BitLocker, Microsoft’s built-in device on many Home windows PCs, locked the info tightly. It scrambles recordsdata so solely the best key can unscramble them. With out it, the drives keep sealed even from homeowners who neglect passwords.
How BitLocker Keys Work and the Cloud Danger
BitLocker activates robotically on newer Home windows units to guard laborious drives. Customers decide the place to avoid wasting the 48-digit restoration key:
On a USB drive or printed paper, they management.
Or in Microsoft’s cloud servers for simple entry.
Storing within the cloud helps for those who lock your self out after flawed password tries. But it surely opens a backdoor. Legislation enforcement can demand the important thing with a legitimate warrant, and Microsoft should hand it over.
In Guam, that’s precisely what occurred. Brokers acquired the keys and cracked the laptops open.
Microsoft instructed Forbes it follows authorized orders for BitLocker keys. Spokesperson Charles Chamberlayne mentioned: “Whereas key restoration gives comfort, it additionally carries a threat of undesirable entry, so Microsoft believes clients are in the very best place to resolve… find out how to handle their keys.”
The corporate will get about 20 such requests yearly. Usually, it might probably’t assist as a result of customers didn’t save keys within the cloud. Microsoft urges individuals to assume twice about cloud storage for max privateness.
This isn’t new; tech giants like Apple and Google face related calls for. But it surely spotlights BitLocker’s double edge: nice safety from hackers, but susceptible to authorities subpoenas.
Specialists say: Export your key offline. Use {hardware} like YubiKey for higher safety. As scams evolve, balancing comfort and privateness stays key.
Observe us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to characteristic your tales.
