Comment by michaelt
1 day ago
> If your company has data that the police want and they can get a warrant, you have no choice but to give it to them.
Yes. The thing is: Microsoft made the design decision to copy the keys to the cloud, in plaintext. And they made this decision with the full knowledge that the cops could ask for the data.
You can encrypt secrets end-to-end - just look at how password managers work - and it means the cops can only subpoena the useless ciphertext. But Microsoft decided not to do that.
I dread to think how their passkeys implementation works.
> Yes. The thing is: Microsoft made the design decision to copy the keys to the cloud, in plaintext. And they made this decision with the full knowledge that the cops could ask for the data.
Apple does this too. So does Google. This is nothing new.
It's a commonly used feature by the average user who loses their password or their last device.
During set up, they even explicitly inform the user that their bitlocker keys are being backed up to the cloud. And, you can still choose to use bitlocker without key escrow.
Nah, Apple doesn't do this.
If the user's MacOS FileVault disk encryption key is "stored in iCloud" it resides in the users iCloud Keychain which is end-to-end encrypted. This creates a situation similar to the iPhone, where Apple does not have the ability to access the user's data and therefore cannot comply with a warrant for access (which really annoys organizations like the FBI and Interpol)
Where did you get that they are stored in plaintext?
It doesn't matter how it's stored. So long as it isn't E2EE, they (and anyone who can ask for it) will be able to access the drives
The title of the article: "Microsoft gave FBI set of BitLocker encryption keys to unlock suspects' laptops"
Doesn’t say they were stored in plaintext.