Microsoft says sure, it'll hand over your encrypted data to the FBI: 'The lesson here is that if you have access to keys, eventually law enforcement is going to come'

Microsoft has said it will provide the authorities with encryption keys for any Windows PC data protected by Bitlocker, where it has received a warrant to do so. The admission comes after the FBI served Microsoft with a search warrant in early 2025 (thanks, Forbes) compelling it to provide the keys for data held and encrypted on three laptops that, the Feds claim, contained evidence proving Covid-related fraud on Guam.

The data in question was protected with BitLocker, which is automatically enabled on most modern Windows PCs to encrypt the PC's hard drive. Users can choose to store the keys on a separate device, or via Microsoft's cloud service (which is the default option). In the Guam case the keys had been stored on Microsoft's servers, and were provided to the authorities.

"While key recovery offers convenience, it also carries a risk of unwanted access, so Microsoft believes customers are in the best position to decide how to manage their keys," said Microsoft spokesperson Charles Chamberlayne, adding that the company receives around 20 such requests per year. If the decryption key is not stored on Microsoft's servers, the company can't do anything.

So: don't say you haven't been warned. Though as far back as 2005, when Microsoft launched Bitlocker, there have been claims that the FBI and other security agencies asked the firm to include a backdoor.

It is "simply irresponsible for tech companies to ship products in a way that allows them to secretly turn over users' encryption keys," said Democratic Senator Ron Wyden. "Allowing ICE or other Trump goons to secretly obtain a user’s encryption keys is giving them access to the entirety of that person’s digital life, and risks the personal safety and security of users and their families."

It seems unlikely that Microsoft will change tack here, so the best bet for anyone concerned about such issues is to look elsewhere. Apple is notably different in this area, having previously fought an FBI order to help the agency access iPhones belonging to terrorists involved in the 2015 San Bernardino shooting. In that case, the FBI ultimately bypassed Apple. Both it and Meta allow keys to be stored on their servers but, crucially, allow users to encrypt the files, meaning no third parties can access them.

"This is private data on a private computer and they made the architectural choice to hold access to that data," said Matt Green, cryptography expert from Johns Hopkins University. "If Apple can do it, if Google can do it, then Microsoft can do it. Microsoft is the only company that's not doing this. It's a little weird…

"The lesson here is that if you have access to keys, eventually law enforcement is going to come. My experience is, once the U.S. government gets used to having a capability, it's very hard to get rid of it."

The warrant in the Guam case has been successfully executed. The case itself is ongoing and the lawyer for defendant Charissa Tenorio, who pleaded not guilty, said prosecutors had information from her client’s computer that included references to BitLocker keys provided to the FBI.