Microsoft gave FBI set of BitLocker encryption keys to unlock suspects' laptops

Except the steps to to that are disable bitlocker, create a local user account (assuming you initially signed in with a Microsoft account because Ms now forces it on you for home editions of windows), delete your existing keys from OneDrive, then re-encrypt using your local account and make sure not to sign into your Microsoft account or link it to Windows again.

A much more sensible default would be to give the user a choice right from the beginning much like how Apple does it. When you go through set up assistant on mac, it doesn't assume you are an idiot and literally asks you up front "Do you want to store your recovery key in iCloud or not?"

Once the feature exists, it's much easier to use it by accident. A finger slip, a bug in a Windows update, or even a cosmic ray flipping the "do not upload" bit in memory, could all lead to the key being accidentally uploaded. And it's a silent failure: the security properties of the system have changed without any visible indication that it happened.

Yes. The thing is: Microsoft made the design decision to copy the keys to the cloud, in plaintext. And they made this decision with the full knowledge that the cops could ask for the data.

You can encrypt secrets end-to-end - just look at how password managers work - and it means the cops can only subpoena the useless ciphertext. But Microsoft decided not to do that.

I dread to think how their passkeys implementation works.

It's 2026. The abuses of corporations are well documented. Anyone who still chooses Windows of their own volition is quite literally asking for it and they deserve everything that happens to them.

The real issue is that you can't be sure that the keys aren't uploaded even if you opt out.

At this point, the only thing that can restore trust in Microsoft is open sourcing Windows.

This is a part of Settings that you will never see at a passing glance, so it's easy to forget that you may have it on.

I'd also like to gently push back against the cynicism expressed about having a feature like this. There are more people who benefit from a feature like this than not. They're more likely thinking "I forgot my password and I want to get the pictures of my family back" than fully internalizing the principles and practices of self custody - one of which is that if you lose your keys, you lose everything.

In my humble opinion: the current state is better than no encryption at all. For example: Laptop theft, scavengers trying to find pictures, etc. And if you think you are target of either Microsoft or the law enforcement manage your keys yourself or go straight to Linux.

Bitlocker on by default (even if Microsoft does have the keys and complies with warrants) is still a hell if a lot better than the old default of no encryption. At least some rando can't steal your laptop, pop out the HDD, and take whatever data they want.

False. If you only put the keys on the Microsoft account, and Microsoft closes your account for whatever reason, you are done.

They can fight the warrant, if you don't at least object to it then "giving the keys away" is not an incorrect characterization.

However a hostile foreign government has less control over me.

As such using a tool of a hostile foreign government (Microsoft) needs to be understood and avoided.

I’m not sure how you’re criticizing the “gave” framing when you’re describing and stating Microsoft literally giving the keys to the FBI.

Often it is the case that companies hand over private data to law enforcement just by being asked for it nicely, no warrant needed.

While it is true that NSLs or other coercion tactics will force them to give out the keys, it is also true that this is only possible because Microsoft implemented a fatally flawed system where they have access to the keys.

Any system where a third party has access to cleartext or the keys to decrypt to cleartext is completely broken and must not be used.

So, yes. That is how it works: 1) Microsoft forces users to online accounts 2) Bitlocker keys are stored in an insecure manner allowing any US agency to ask for them. I intentionally say "ask for them" because the US government is a joke with respect to respecting its own citizens privacy [1] at this point.

This type of apologetic half-truth on behalf of a multi-billion dollar corporation is getting old fast.

[0] https://www.forbes.com/sites/thomasbrewster/2026/01/22/micro... [1] https://www.npr.org/2026/01/23/nx-s1-5684185/doge-data-socia...

> It protects their data in the event that someone steals the laptop, but still allows them to recover their own data later from the hard drive.

It allows /anyone/ to recover their data later. You don't have to be a "purist" to hate this.

We know iCloud has configurations that can’t disclosed, and I wonder if there is a middle ground between if you loose the recovery key you are stuffed and maybe have a recovery key unblocked by a password similar to ssh keys

I have W11 w a local account and no bitlocker on my desktop computer, but the sheer amount of nonsense MS has been doing these days has really made me question if 'easy modding*' is really enough of a benefit for me to not just nuke it and install linux yet again

* You can get the MO2 mod manager running under linux, but it's a pain, much like you can also supposedly run executable mods (downgraders, engine patches, etc) in the game's context, but again, pain

I'd be more concerned about access to cloud data (emails, photos, files.)

You mean "Install Linux",because that's easier than dealing with the steps required to do that on Windows

So all the state needs to get into your laptop is to get access from Apple to your iCloud account.

I recently needed to make a bootable key and found that Rufus out of the box allows you to modify the installer, game changer.

Absolutely not. If my laptop tells me that it is encrypted by default, I don't like that the default is to also hold a copy of the keys in case big brother wants them.

Call me a "privacy purist" all you want, but it shouldn't be normal to expect the government to have access to a key to your house.

I think the reasonable default here would be to not upload to MS severs without explicit consent about what that means in practise. I suspect if you actually asked the average person if they're okay with MS having access to all of the data on their device (including browser history, emails, photos) they'd probably say no if they could.

Maybe I'm wrong though... I admit I have a bad theory of mind when it comes to this stuff because I struggle to understand why people don't value privacy more.

Companies know that putting themselves in a position where they can betray their users, means they will be forced to do so. Famously demonstrated when Apple had to ban the Hong Kong protest app [1]. Yet they continue to do it, don't inform their users, and in the rare occasion that they offer an alternative, it is made unclear and complicated and easy to get wrong [2].

They deserve every ounce of blame.

[1] https://www.bbc.com/news/technology-49919459

[2] https://news.ycombinator.com/item?id=46736345

The choice is not between honoring the warrant and breaking the law.

They can go to a judge and fight the warrant. Other companies have done this.

Microsoft won’t, one more reason I will never use anything from them.

These two statements are in no way mutually exclusive. Microsoft is gobbling up your supposedly private encryption keys because they love cops and want an excuse to give your supposedly private data to cops.

Microsoft could simply not collect your keys and then would have no reason or excuse to hand them to cops.

Microsoft chose to do this.

Do not be charitable to fascists.

Definitely agree that choices like these are the most sane for the default user experience and that having these advanced options for power users to do with it what they want is a fair compromise. Wish more people were open to designing software for the average person and compromising on a middle ground the benefits both kinds of users.

Will they shoot me in head?

What if I truly forgot the password to my encrypted drive? Will they also shoot me in the head?

But Microsoft chose to keep them plain text, and thus they are, and will continue to be abused.

We must not victim blame. This is absolutely corruption on microsofts part.

can they compel testimony? keys, passcodes and the like are usually considered testimony. did they try? the usual story here is that they don't have to, that the big corporations will turn over any info they have on request because they can and the government makes a better friend than a single user. the article mentions 20 "requests" per year on average but doesn't say anything about the government using force.

I agree with your conclusion though: data you share with anyone is data you've shared with everyone and that includes your encryption keys. if that matters to you, then you need to take active steps to ensure your own security because compelled or not, the cloud providers aren't here to help keep you safe.

There is always a choice.

Which are both choices. Microsoft can for sure choose to block the government and so can individual workers. Let's not continue the fascism-enabling narratives of "no choice."

Tl;dr - "Basically, you’re either dealing with Mossad or not-Mossad. If your adversary is not-Mossad, then you’ll probably be fine if you pick a good password and don’t respond to emails from ChEaPestPAiNPi11s@ virus-basket.biz.ru. If your adversary is the Mossad, YOU’RE GONNA DIE AND THERE’S NOTHING THAT YOU CAN DO ABOUT IT" (Mickens, 2014)

but they didn't do so.

and it's surely just a coincidence, because m$ has always been such an ethical company.

and it's surely not by design to centralize power by locking out competing criminals from the user's data, but not themselves.

</s>

>This is why the FBI can compel Microsoft to provide the keys.

>in my opinion it's the reasonable default

I really can't imagine what kind of person would say that with a straight face. Hanlon's razor be damned, I have to ask: are you a Microsoft employee or investor?

Most of the comments are fire and resistance, but they commonly take ragebait and run with the assumptions built-in to clickbait headlines.

> Too many tech workers decided to rollover for the government and that's why we are in this mess now.

I take it you've never worked at a company when law enforcement comes knocking for data?

The internet tough guy fantasy where you boldly refuse to provide the data doesn't last very long when you realize that it just means you're going to be crushed by the law and they're getting the data anyway.

It has nothing to do with the state and has to do with getting the RSUs to pay the down payment for a house in a HCOL area in order to maybe have children before 40 and make the KPIs so you don't get stack-ranked into the bottom 30% and fired at big tech, or grinding 996 to make your investors richest and you rich-ish in the process if you're unlikely enough to exit in the upper decile with your idea. This doesn't include the contingent of people who fundamentally believe in the state, too.

Most people are activists only to the point of where it begins to impede on their comfort.

There was no “back in the day” where big tech was on our side. Stop being a poser

False. You can design truly end-to-end encrypted secure system and then the state comes at you and says that this is not allowed, period. [1]

[1] https://medium.com/@tahirbalarabe2/the-encryption-dilemma-wh...

  govt := new_govt
  terrorist := you

s/workers/Corporations/

The people going 'well of course' or 'this is for the user' drive me insane here because as said, there are secure ways you can build a key escrow system so that your data and systems are actually secure. From a secure design standpoint it feels more and more like we're living in Idiocracy as people argue insecure solutions are secure actually and perfectly acceptable.

Trying to resist building ethically questionable software usually means quitting or being fired from a job.

Hackernews is a public forum, and the people here change constantly. "Back in the day" there were mostly posts about LISP and startup equity. It's obviously not the same people here now.

> Too many tech workers decided to rollover for the government

Again, not the same group of people. In the 2000s "tech workers" might have mostly been Californians. Now they're mostly in India. Differing perspectives on government, to be sure.

> lazy engineers build lazy key escrow

Hey you should know this one, because it's something that HAS stayed constant since "back in the day": The engineers have absolutely no say in this whatsoever.

That's it. That's the whole thing. Whatever "secure system" you build will not have this property and users will lose their data, be mad at you, and eventually you'll have to turn it off by default leaving everyone's data in plaintext. It's a compromise that improves security for people who previously left their disk unencrypted. It changes nothing for people who previously did their own key management.

You won't be able to turn the first group into the second group. That's HN's "Average Familiarity" fallacy. The fact that basically every 2FA system has a means of recovering your account by removing it should tell you that even technical people are shit at key management.

When you get high up in an org, choosing Microsoft is the equivalent of the old "nobody ever got fired for buying IBM". You are off-loading responsibility. If you ever get high up at a fortune 500 company, good luck trying to get off of behemoths like Microsoft.

It isn't really about the government. It's about a bunch of people trying to convince you that the locked-down proprietary closed source corporate crap that they use isn't in and of itself a security risk, no matter what the quality of the code that you've never seen is. Apple, Microsoft, Google etc. aren't your friends; no matter how brand loyal you are, they'll never care whether you're alive or dead.

FOSS isn't your friend either, but they're not asking you to trust them. Any exposure to these world spanning juggernaut military and intelligence contractor companies is a security hole. It's insane that people (thinking of Europeans now) get fired up to switch from this stuff because Trump but not because of course you should. Instead they're busy calling being suspicious of Microsoft old and hatred of Apple's customer corral stuck up and the desire to own your own machine fanatical and judgemental. Have you ever considered that you've been programmed to say and encourage dumb stuff that is completely against your own interests and supports the interests of the people who sell things to you?

You're convinced by the argument that people dumber than you have to be protected from their own machines (by corporations who have no interest in or obligation to protect them) - have you ever thought that people are saying the same thing about you? That you have to be protected from writing things you shouldn't write or talking to people you shouldn't be talking to? And the world isn't a meritocracy: the people on the top are inbred creeps. You've given up your freedom to dummies with marketing departments.

So now I just use whatever I want. Someone else can be a tech moralist.

I'm glad the knee-jerk absolutists are marginal, for one. A world run by you people would be much worse for anyone who isn't you.

What happens if you forget your backup keys?

At this point I think all of the modern, widely used symmetric cryptography that humans have invented will never be broken in practice, even by another more technologically advanced civilization.

On the asymmetric side, it's a different story. It seems like we were in a huge rush to standardize because we really needed to start PQ encrypting data in transit. All the lattice stuff still seems very green to me. I put P(catastrophic attack) at about 10% over the next decade.

Privacy is not a crime.

I've tried to get them to use the web version of office, I've tried to get them to use OnlyOffice and LibreOffice, I've even tried showing them LaTeX as a last ditch effort, but no, if it isn't true Microsoft Branded Office 2024, the topic isn't even worth discussing [1].

I'm sure there are technical reasons why Wine can't run Office 2024, and I am certainly not trying to criticize the wine developers at all, but until I can show Wine running full-fat MS Office, my parents will always "miss" Windows.

To be clear, I hate MS Office. I do not miss it on Linux. I'm pretty sure my parents could get by just fine with LibreOffice or OnlyOffice or Google Docs, but they won't hear it.

I've also tried to get them to use macOS, since that does have a full-fat MS Office, I've even offered to buy them Macbooks so they can't claim it's "too expensive", and they still won't hear it. I love my parents but they can be stubborn.

[1] Before you accuse me of pushing for "developer UI", LaTeX was not something I led with. I tried the more "normy-friendly" options first.

Fedora is my recommendation. I remind people Fedora is not Arch. Fedora is a consumer grade OS that is so good, I don't lump it in with the word Linux.

Though that doesn't mean Microsoft couldn't implement a way of storing these keys so that they can't be accessed by Microsoft. Still better than nothing though.

Apple has that figured out. Your keys can be stored in your cloud synced keychain but only you can decrypt that keychain.

That’s why they couldn’t help the FBI to decrypt devices even when compelled.

Microsoft should have done the same. They should never find themselves in a place where they can be compromised like this.

Will this make people care? Probably not, but you never know.

And because of Bitlocker, their encryption is worth nothing in the end.

> if these people were using Linux, their laptops wouldn't be encrypted

Maybe, maybe not. Ubuntu and Fedora both have FDE options in the installer. That's objectively more honest and secure than forcing a flawed default in my opinion.

LUKS isn't all rainbows and butterflies either [https://news.ycombinator.com/item?id=46708174]. This vulnerability has been known for years, and despite this, nothing has been done to address it.

Furthermore, if you believe that Microsoft products are inherently compromised and backdoored, running VeraCrypt instead of BitLocker on Windows likely won’t significantly improve your security. Implementing a VeraCrypt backdoor would be trivial for Microsoft.

PGP WDE was a preferred corporate solution, but now you have to trust Broadcom.

We now know that BitLocker is not secure, and an intelligent open source dev saying that was probably knowingly not saying the truth.

The best explanation to me is that this was said under duress, because somebody wanted people to move away from the good TrueCrypt to something they could break.

[1] https://truecrypt.sourceforge.net

[2] https://en.wikipedia.org/wiki/TrueCrypt#End_of_life_announce...

As a US company, it's certainly true that given a court order Apple would have to provide these keys to law enforcement. That's why getting the architecture right is so important. Also check out iCloud Advanced Data Protection for similar protections over the rest of your iCloud data.

[0] https://sixcolors.com/post/2025/09/filevault-on-macos-tahoe-...

As of macOS Tahoe, the FileVault key you (optionally) escrow with Apple is stored in the iCloud Keychain, which is cryptographically secured by HSM-backed, rate-limited protections.

You can (and should) watch https://www.youtube.com/watch?v=BLGFriOKz6U&t=1993s for all the details about how iCloud is protected.

Of course Apple offers a similar feature. I know lots of people here are going to argue you should never share the key with a third party, but if Apple and Microsoft didn't offer key escrow they would be inundated with requests from ordinary users to unlock computers they have lost the key for. The average user does not understand the security model and is rarely going to store a recovery key at all, let alone safely.

> https://support.apple.com/en-om/guide/mac-help/mh35881/mac

Apple will escrow the key to allow decryption of the drive with your iCloud account if you want, much like Microsoft will optionally escrow your BitLocker drive encryption key with the equivalent Microsoft account feature. If I recall correctly it's the default option for FileVault on a new Mac too.

Except for that time they didn't.

https://www.apple.com/customer-letter/

But given PRISM, I'm sure Apple will just give it up.

If you open the BitLocker control panel applet your drive(s) will be labelled as "Bitlocker waiting for activation".

As far as I can see this particular case is a straightforward search warrant. A court absolutely has the power to compel Microsoft to hand over the keys.

The bigger question is why Microsoft has the recovery feature at all. But honestly I believe Microsoft cares so little about privacy and security that they would do it just to end the "help customers who lose their key" support tickets, with no shady government deal required. I'd want to see something more than speculation to convince me otherwise.

If I earn my living from a company that doesn't make Linux versions, should i still switch?

Should my customers?

It's a great idea, and my work does not touch the internet, but the confusing variations of linux do not a happy workfoce make.

Your 'lord and saviour' can fuck off, with all the others, I prefer science.

This news piece from a non-tech organization will help educate non-tech people.

Well you can't really wait until the conviction to collect evidence in a criminal trial.

There are several stages that law enforcement must go through to get a warrant like this. The police didn't literally phone up Microsoft and ask for the keys to someone's laptop on a hunch. They had to have already confiscated the laptop, which means they had to have collected enough early evidence to prove suspicion and get a judge to sign off and so on.