MS confirms it will give the FBI your Windows PC data encryption key if asked

Posted by blacktulip 2 hours ago

Comments

Comment by cornholio 37 minutes ago

Beyond the crypto architecture debate, I don't really understand how could anyone imagine a world where MS could just refuse such a request. How exactly would we draft laws to this effect, "the authorities can subpoena for any piece of evidence, except when complying to such a request might break the contractual obligations of a third party towards the suspect"?

Do we really, really, fully understand the implications of allowing for private contracts that can trump criminal law?

Comment by hermanzegerman 25 minutes ago

They could just ask before uploading your encryption key to the cloud. Instead they force people to use a Microsoft Account to set up their windows and store the key without explicit consent

Comment by cornholio 15 minutes ago

That's a crypto architecture design choice, MS opted for the user-friendly key escrow option instead of the more secure strong local key - that requires a competent user setting a strong password and saving recovery codes, understanding the disastrous implication of a key loss etc.

Given the abilities of the median MS client, the better choice is not obvious at all, while "protecting from a nation-state adversary" was definitely not one of the goals.

Comment by wobfan 10 minutes ago

While you're right, they also went out of their way to prevent competent users from using local accounts and/or not upload their BitLocker keys.

I could understand if the default is an online account + automatic key upload, but only if you add an opt-out option to it. It might not even be visible by default, like, idk, hide it somewhere so that you can be sure that the median MS user won't see it and won't think about it. But just fully refusing to allow your users to decide against uploading the encryption key to your servers is evil, straight up.

Comment by p_ing 23 minutes ago

Forcing implies there are zero ways to begin with a local only account (or other non-Microsoft Account). That's simply not true.

Comment by ExoticPearTree 7 minutes ago

Encrypt the BL key with the user's password? I mean there are a lot of technical solutions besides "we're gonna keep the BL keys in the clear and readily available for anyone".

Comment by 23 minutes ago

Comment by b65e8bee43c2ed0 14 minutes ago

I don't think that many people here are naive enough to believe that any business would fight the government for the sake of its customers. I think most of us are simply appalled by this blatantly malicious behavior. I'm not buying all these "but what if the user is an illiterate, senile 90-year-old with ADHD, huh?" attempts to rationalize it away. it's the equivalent of the guy who installed your door keeping a copy of your keys by unspoken default - "what if your toddler locks himself out, huh?"

I know the fucking police can just break my door down, but I ain't giving anyone my fucking keys, out of principle.

Comment by jMyles 19 minutes ago

> Do we really, really, fully understand the implication of allowing private contracts that trump criminal law?

...it's not that at all. We don't want private contracts to enshrine the same imbalances of power; we want those imbalances rendered irrelevant.

We hope against hope that people who have strength, money, reputation, legal teams, etc., will be as steadfast in asserting basic rights as people who have none of those things.

We don't regard the FBI as a legitimate institution of the rule of law, but a criminal enterprise and decades-long experiment in concentration of power. The constitution does not suppose an FBI, but it does suppose that 'no warrant shall issue but upon probable cause... particularly describing the place to be searched, and the persons or things to be seized' (emphasis mine). Obviously a search of the complete digital footprint and history of a person is not 'particular' in any plain meaning of that word.

...and we just don't regard the state as having an important function in the internet age. So all of its whining and tantrums and pepper spray and prison cells are just childish clinging to a power structure that is no longer desirable.

Comment by caseysoftware 9 minutes ago

Due to Third Party Doctrine, Microsoft doesn't even NEED a "legal order." It's merely a courtesy which they could change at any time.

Based on the sheer number of third parties we're required to use for our day to day lives, that is ridiculous and Third Party Doctrine should be eliminated.

Ref: https://en.wikipedia.org/wiki/Third-party_doctrine

Comment by jxdxbx 17 minutes ago

If tech companies implemented real, e2e encryption for all user data, there would be a huge outcry, as the most notable effect would be lots of people losing access to their data irrevocably.

I'm all for criticizing tech companies but it's pointless to demand the impossible.

Comment by rocqua 9 minutes ago

Just say "we are storing your keys on our servers so you won't lose them" and follow that with either "do you trust us" or even "we will share this key with law enforcement if compelled". Would be fine. Let people make these decisions.

Besides, bit ocker keys are really quite hard to lose.

Comment by zzzeek 3 minutes ago

is it just me or would "Microsoft refuses to comply with a legal search warrant" be an actual, surprising news story? like of course MSFT is going to hand over to authorities whatever they ask for if there's a warrant, imagine if they didn't (hint: not good for business. their customers are governments and large institutions, a reputation for "going rogue" would damage their brand quite a bit)

Comment by takoid 13 minutes ago

Related discussion from yesterday: https://news.ycombinator.com/item?id=46735545

Comment by shoknawe 1 hour ago

Veracrypt https://veracrypt.io/en/Home.html

Comment by sandworm101 43 minutes ago

https://linuxmint.com/

https://ubuntu.com/download/desktop

https://archlinux.org/

https://www.kali.org/get-kali/#kali-platforms

https://fedoraproject.org/

Every bad day for microsoft is yet another glorious day for linux.

Comment by smartmic 30 minutes ago

> Every bad day for microsoft is yet another glorious day for linux.

Nah. If that were the case, Linux would dominate personal computer statistics. The reality is that most mainstream users just don't care. But, of course, that won't stop us.

Comment by dmichulke 10 minutes ago

One could almost say "Embrace the penguin"

Comment by jmclnx 13 minutes ago

You forgot to list Slackware :)

http://www.slackware.com/

http://slackware.osuosl.org/slackware64-current/ChangeLog.tx...

Comment by ntoskrnl_exe 56 minutes ago

Pretty sure the same applies to all the passwords/passkeys/2FA codes stored in the Authenticator app with cloud backup on.

Comment by zekica 35 minutes ago

Only if that authenticator/password manager app is not end-to-end encrypted.

Comment by mcsniff 19 minutes ago

No, not "only". E2EE is now used as a dog whistle.

Who holds/controls the keys on both ends?

Comment by sokoloff 27 minutes ago

Headline says “…if asked”

Article and facts are “…if served with a valid legal order compelling it”

∴ Headline is clickbait.

Comment by iammjm 9 minutes ago

You are arguing semantics, whereas the point is that A) they have your keys, and B) they will give them away if they will have to

Comment by politelemon 1 hour ago

The major OS vendors (apple, google, ms) are complicit in data turnover and have been for over ten years now. It has been reported multiple times so I'm struggling to see the angle being projected here. This feels like click harvesting got the HN "Microsoft bad" crowd.

Comment by sillyfluke 35 minutes ago

The segment of the population that is the target of political vindictiveness from the FBI seems to have changed somewhat with this administration so it makes sense to remind people of the vulnerabilities from time to time.

Comment by 40 minutes ago

Comment by internet2000 1 hour ago

The San Bernardino iPhone case proves that Apple is very much so not complicit.

Comment by pjmlp 58 minutes ago

The Apple that offers gold statues to authoritarian regimes would certainly behave differently.

People also forget how they kind of always played ball in similar governments.

Comment by cromka 1 hour ago

This was a decade ago, before the big tech went to brown nose Trump on live TV. We live in different reality nowadays. Apple doesn't even market their encryption and safety anymore, like they did on massive billboards all over the world.

Comment by internet2000 1 hour ago

They've only done more since 2016.

Lockdown mode: https://support.apple.com/en-us/105120

Advanced Data Protection for iCloud: https://support.apple.com/en-us/108756

Comment by cromka 1 hour ago

Sure, but these are all mere statements. You don't know if they fully back that until there's a public standoff with law enforcement/administration and there weren't any in recent years. Yet at the same time it's hard to believe there were no attempts from that government to decrypt some devices they needed. So the fact we hear nothing about it is also an information to me. Sure, this is all speculation, but all things considered...

Besides, they fully comply with Chinese requirements, so...

PS. Others report Filevault keys are also being backed to iCloud since September and they didn't tell anyone: https://sixcolors.com/post/2025/09/filevault-on-macos-tahoe-...

Comment by jonplackett 14 minutes ago

He headline misleading - they will give it if there’s a court order, not just if asked.

Still crap but the headline is intentionally inaccurate for clickbaiting

Comment by rwmj 10 minutes ago

Microsoft confirms it will obey the law.

Comment by cromka 1 hour ago

Any reason to believe Apple won't do the same with whatever we backup in iCloud?

Comment by GeekyBear 8 minutes ago

Any American company will hand over data stored on their server (that they have access to) in response to a warrant.

Apple provides an optional encryption level (ADP) where they don't have a copy of your encryption key.

When Apple doesn't have the encryption key, they can't decrypt your data, so they can't provide a copy of the decrypted data in response to a warrant.

They explain the trade off during device setup: If Apple doesn't have a copy of the key, they can't help you if you should lose your copy of the key.

Comment by microtonal 14 minutes ago

Last time I onboarded a Mac (a few months ago), it would very explicitly ask if you want to enable support for remote FileVault unlocking.

That said, they could also roll out a small patch to a specific device to extract the keys. When you really want to be safe (and since you can be a called a 'left extremist' for moving your car out of the way, that now includes a lot of people), probably use Linux with LUKS.

Comment by nickmccann 1 hour ago

If you have advanced data protection enabled, Apple claims: “No one else can access your end-to-end encrypted data — not even Apple — and this data remains secure even in the case of a data breach in the cloud.”

https://support.apple.com/en-us/102651

Comment by Noaidi 57 minutes ago

Please read this section of Apple's own document before you talk about their "advanced data protection".

The following information may be available from iCloud if a user has enabled Advanced Data Protection for iCloud:

https://www.apple.com/legal/privacy/law-enforcement-guidelin...

Do you think Tim Cook gave that gold bar to Trump for nothing?

Comment by KellyCriterion 47 minutes ago

>>Do you think Tim Cook gave that gold bar to Trump for nothing?

Not in US - THANKS for this hint: I googled it! Wow!!! The both do bribery (offering&accepting) in front of the recording camera in a government building!!

Relly "impressive" :-X

Comment by cromka 1 hour ago

Yeah, the problem is whether they already bent over for Trump admin or not yet.

Comment by Noaidi 55 minutes ago

Yes, I know this sounds conspiratorial, but I think the whole Liquid Ass thing was a rush to put some other software in Apple products to appease the Trump admin.

For example, it is new in Tahoe that they store your filevault encryption key in your icloud keychain without telling you.

https://sixcolors.com/post/2025/09/filevault-on-macos-tahoe-...

Comment by eddyg 50 minutes ago

Which is a very good thing.

iCloud is much more secure than most people realize because most people don’t take the 30 minutes to learn how it is architected.

You can (and should) watch https://www.youtube.com/watch?v=BLGFriOKz6U&t=1993s for all the details about how iCloud is protected, but especially the time-linked section. :)

Comment by ionwake 41 minutes ago

I dont need to know anything about icloud to know this repy doesnt answer the "they didnt tell anyone" part which naturally makes me suspicious.

Comment by cromka 51 minutes ago

My conspiration theory about Liquid Ass is their hardware for past 5 years was so good that they needed to make people finally upgrade it. My Air M1 16GB worked absolutely fine until it slowed down immensely on macOS 26.

Comment by Hamuko 1 hour ago

iCloud login is still optional on macOS. Can't download stuff from the App Store and I think some continuity things require iCloud, but otherwise pretty solid.

Comment by daft_pink 1 hour ago

At least they’re honest.

Comment by unixhero 18 minutes ago

Stallman was correct

Comment by davidguetta 1 hour ago

Lol it's been 20 years now that the whole world should stop to be all surprised pikachu about that.

Comment by michaelt 1 hour ago

For a long time, if you used full disk encryption, the encryption key never left your machine. If you forgot your password, the data was gone - tough luck, should have made a backup. That's still how it works on Linux.

Pretty surprising they'd back up the disk encryption secrets to the cloud at all, IMHO, let alone that they'd back it up in plaintext.

Comment by TeMPOraL 50 minutes ago

That's why full disk encryption was always a no-go for approximately all computer users, and recommending it to someone not highly versed in technology was borderline malicious.

"Tough luck, should have made a backup" is higher responsibility than securing anything in meatspace, including your passport or government ID. In the real world, there is always a recovery path. Security aficionados pushing non-recoverable traps on people are plain disconnected from reality.

Microsoft has the right approach here with Bitlocker defaults. It's not merely about UX - it's about not setting up traps and footguns that could easily cause harm to people.

Comment by B1FIDO 54 minutes ago

Well, for a consumer notebook or mobile device, the threat model typically envisions a thief grabbing it from a coffeehouse or hotel room. So your key needs to be safeguarded from the opportunist who possesses your hardware illegally.

Linux can be fairly well-secured against state-level threat actors, but honestly, if your adversary is your own nation-state, then no amount of security is going to protect you!

For Microsoft and the other consumer-OS vendors, it is typically a bad user-experience for any user, particularly a paying subscriber, to lose access to their account and their cloud apps. There are many ways to try and cajole the naïve user into storing their recovery key somewhere safe, but the best way is to just do it for them.

A recovery key stored in the user's own cloud account is going to be secure from the typical threats that consumers will face. I, for one, am thankful that there is peace of mind both from the on-device encryption, as well as the straightforward disaster recovery methods.

Comment by jordanb 42 minutes ago

The problem is mass-surveillance and dragnets. Obviously if the state wants to go after you no laws will protect you. As we've seen they can even illegally collect evidence and then do a parallel construction to "launder" the evidence.

But One-drive is essentially a mass-surveillance tool. It's a way to load the contents of every single person's computer into Palentir or similar tools and, say, for instance, "give me a list of everyone who harbors anti-ICE sentiments."

By the way my windows computer nags me incessantly about "setting up backups" with no obvious way to turn off the nags, only a "remind me later" button. I assume at some point the option to not have backups will go away.

Comment by B1FIDO 22 minutes ago

I agree that "cloud storage" paradigms are a sea change from the status quo of the old days. My father has a file cabinet at home and keys on his keychain, wherein he stores all his important paperwork. There is no way anyone's getting in there except by entering his home and physically intruding on those drawers. Dad would at least notice the search and seizure, right?

What is just as crazy as cloud storage, is how you "go paperless" with all your service providers. Such as health care, utility bills, banks, etc. They don't print a paper statement and send it to your snail mail box anymore. They produce a PDF and store it in their cloud storage and then you need to go get it when you want/need it.

The typical consumer may never go get their paperwork from the provider's cloud. It is as if they said "Hey this document's in our warehouse! You need to drive across town, prove your identity, and look at it while you're here! ...You may not be permitted to take it with you, either!"

So I've been rather diligent and proactive about going to get my "paperless documents" from the various providers, and storing them in my own cloud storage, because, well, at least it's somewhere I can access it. I care a lot more about paying my medical bills, and accounting for my annual taxes, than someone noticing that I harbor anti-jew sentiment. I mean, I think they already figured that part out.

Comment by michaelt 24 minutes ago

> Well, for a consumer notebook or mobile device, the threat model typically envisions a thief grabbing it from a coffeehouse or hotel room.

...in which case having a cloud backup of the full disk encryption key is pointless, because you don't have access to the disk any more.

Comment by B1FIDO 1 minute ago

> pointless

Full-disk encryption is the opposite of pointless, my dude! Now the notebook thief cannot access my data! That is the entire point!

No, I cannot recover the data from an HDD or SSD that I don't possess. But neither can the thief. The thief cannot access the keys in my cloud. Isn't that the point?

The thief may have stolen a valuable piece of kit, but now all she has is hardware. Not my data.

Comment by hsuduebc2 1 hour ago

Exactly. Being again and again surprised that corporations will defend you for literally no reason is kinda delusional.

Comment by cromka 1 hour ago

That's a reductionist view. Apple, at least, based a big portion of their image on privacy and encryption. If a company does that and is then proven otherwise, it does a tremendous damage to the brand and stock value and is something shareholders would absolutely sue the board and CEO for. Things like these happened many times in the past.

This isn't that simple.

Comment by _blk 59 minutes ago

A Proton model makes this very simple: full cooperation and handover and virtually nothing to be extracted from the data. Size is somewhat of a metadata, ip connection points and maybe date of first use and when data changes occurred... I'm all for law enforcement, but that job has to be old-school Proof of Work bound and not using blanket data collection and automated speeding ticket mailer.

But I guess it's not done more because the free data can't be analyzed and sold.

Comment by FabHK 9 minutes ago

"US firm confirms it will comply with US law if asked."

Comment by dist-epoch 56 minutes ago

Everybody should have access to your hard drive, not just the FBI, so please do not encrypt your hard-drive.

If you encrypt your drive and upload the key to Microsoft, you are engaging in anti-competitive behavior since you give them access to your data, but not also to the local thief.

Just don't encrypt your drive if you cant be bothered to secure your key. Encryption-neutrality.

Comment by SketchySeaBeast 1 hour ago

Duplicate story. Previous discussion here. https://news.ycombinator.com/item?id=46735545

Edit: Nevermind.

Comment by cromka 1 hour ago

No it isn't. This is an evolution of that story.

Comment by zb3 40 minutes ago

The problem is not that they will give the key (government can force them - this is expected), but that they even have the key in the first place.. I bet this is done without proper consent, or with choice like "yes" vs "maybe later"..

Comment by modzu 12 minutes ago

not your keys? not your crypto

Comment by lovebeans 1 hour ago

Yes and this is a good thing. No organization, no matter how large or powerful, should be beyond the reach of the law.

Comment by stabbles 58 minutes ago

That's a false dichotomy. You can hold an organization accountable to the law without requiring them to maintain a "master key" to your private data.

Comment by lovebeans 55 minutes ago

It isn't required.

Comment by preisschild 1 hour ago

Ideally they wouldnt even have this key / the private data in the first place

Comment by lovebeans 57 minutes ago

The user can opt out of this if they want.

Comment by Noaidi 1 hour ago

Apple will do this too. Your laptop encryption key is stored in your keychain (without telliing you!). All is needed is a warrant for your iCloud account and they also have access to your laptop.

sixcolors.com/post/2025/09/filevault-on-macos-tahoe-no-longer-uses-icloud-to-store-its-recovery-key/

Comment by _blk 56 minutes ago

Thanks, that's good to know. I suspect WhatsApp's "we're fully E2E encrypted" would be similar too.

Comment by cedws 52 minutes ago

It's most software. Cryptography is user-unfriendly. The mechanisms used to make it user friendly sacrifice security.

There's a saying that goes "not your keys not your crypto" but this really extends to everything. If you don't control the keys something else does behind the scenes. A six digit PIN you use to unlock your phone or messaging app doesn't have enough entropy to be secure, even to derive a key-encryption-key.

If you pass a KDF with a hardness of ~5 seconds a four digit PIN to derive a key, then you can brute force the whole 10,000 possible PINs in ~13 hours. After ~6.5 hours you would have a 50% chance of guessing correctly. Six digit PIN would take significantly longer, but most software uses a hardness nowhere near 5 seconds.

Comment by eddyg 47 minutes ago

Wrong.

You can (and should) watch all of https://www.youtube.com/watch?v=BLGFriOKz6U&t=1993s for the details about how iCloud is protected by HSMs and rate limits to understand why you’re wrong, but especially the time-linked section… instead of spreading FUD about something you know nothing about.

Comment by lingrush4 35 minutes ago

Very different phrasing between the headline and the subtitle:

> Microsoft confirms it will give the FBI your Windows PC data encryption key if asked

> Microsoft says it will hand those over to the FBI if requested via legal order

Microsoft complying with legal orders is not news. But why hire actual journalists when you can just lie in your headlines and still get clicks?

Comment by expedition32 47 minutes ago

Honestly I have no problem with this but I do remember a lot of gaslighting about how America is free and Europe a totalitarian state.