The headline is misleading. It says that Microsoft will provide the key if asked, but the linked statement to Forbes says Microsoft will provide the key if it receives a valid legal order.
These have different meanings. Microsoft is legally entitled to refuse a request from law enforcement, and subject to criminal penalties if it refuses a valid legal order.
It does illustrate a significant vulnerability in that Microsoft has access to user keys by default. The public cannot be sure that Microsoft employees or criminals are unable to access those keys.
Nah, you’re just not reading carefully. You must parse everything about this stuff carefully as the words are always crafted. It’s usually more productive to read with a goal to understand what isn’t said as opposed to what is said.
They said “legal order”, which includes a variety of things ranging from administrative subpoenas to judicial warrants. Generally they say warrant if that was used.
A “request” is “Hi Microsoft man, would you please bypass your process and give me customer data?” That doesn’t happen unless it’s for performative purposes. (Like when the FBI was crying about the San Bernardino shooter’s iPhone) Casual asks are problematic for police because it’s difficult to use that information in court.
What exactly was requested sounds fishy as the article states that Microsoft only gets 20 a year, and is responsive to 9 or fewer requests. Apple seems to get more and typically is more responsive. (https://www.apple.com/legal/transparency/us.html)
The other weird thing is that the Microsoft spokesman named in the Forbes article is an external crisis communications consultant. Why an use external guy firewalled from the business for what is a normal business process?
>the article states that Microsoft only gets 20 a year, and is responsive to 9 or fewer requests. Apple seems to get more and typically is more responsive.
That just makes me think that Windows is generally less secure and there are likely a larger number of instances where the AHJ doesn't have to request help from Microsoft to access the data.
> Microsoft is legally entitled to refuse a request from law enforcement, and subject to criminal penalties if it refuses a valid legal order.
This is a problem, because Microsoft operates in a lot of jurisdictions, but one of them always wants to be the exception and claims that it has jurisdiction over all the others. Not that I personally am of the opinion, that it is wise for the other jurisdiction to trust Microsoft, but if MS wants to secure operating in the other jurisdiction it needs to separate itself from that outsider.
Note that they say "legal order" not, specifically, "warrant". Now remember that government agencies have internal memos instructing them that no warrants are needed for them to do things like the 4th amendment, stop citizens, detain citizens, "arrest" citizens, etc.
It's a catchy meme for sure, but when people actually start to believe - like for real, not just the usual talking shit that passes for "conversation" with normal people - that law enforcement officers are worse thugs than regular thugs -- that's a fast way to turn into a failed state, where that actually is true.
Causality here actually works both ways, because in free(ish) societies, law enforcement derives its authority more from people's intersubjective belief in that authority, and less from actual use of force.
Exactly. The discussion should center on the fact that Microsoft's shift was a contingency, not a technical necessity. It cannot have escaped them that their design choices create a legal point of entry for data requests that they are then obligated to fulfill, which would not have been the case with proper end-to-end encryption; in that case they would have told authorities that they simply cannot fulfill these requests.
Crucially, the headline says Microsoft will provide the key if asked by the FBI, which implies a state entity with legal power that extends beyond a typical person's assumptions of "rule of law" and "due process," let alone ethics.
Typical person assumes that FBI is chasing aliens (from outer space) and hardened criminals so bad the local police can't handle them. At least that's what American TV teaches us.
Now CIA, on the other hand, ... well, they won't need to ask for the crypto keys anyway.
Yes, "asked" versus "ordered" is meaningfully misleading, especially in this context.
There is reasonable suspicion, some might argue evidence, that Microsoft voluntarily cooperated with U.S. Intelligence Community without being compelled by a court order, the most famous instances being leaked in the Snowden disclosures.
To be fair to Microsoft, here's their updated statement (emphasis mine):
"Microsoft confirmed to Forbes that it does provide BitLocker recovery keys if it receives a valid legal order. “While key recovery offers convenience, it also carries a risk of unwanted access, so Microsoft believes customers are in the best position to decide... how to manage their keys,” said Microsoft spokesperson Charles Chamberlayne."
I would guess that the FBI never asks Microsoft for encryption keys without a valid legal order because it knows Microsoft will demand one, and because the FBI rarely has possession of suspect devices without a warrant to search for them and obtain their contents.
It could be a bigger obstacle for other agencies. CBP can hold a device carried by someone crossing the border without judicial oversight. ICE is in the midst of a hiring surge and from what I've read lately, has an abbreviated screening and training process likely not matching the rigor of the FBI. Local law enforcement agencies vary greatly.
It’s immensely misleading. At least with a valid legal order we are still living by rule of law. With the recent actions I can’t say ICE is acting by rule of law.
Broader context isWindows defaults to making their access to your data legally accessible. Their entire windows platform and one drive defaults to this insecurity
Inlight of fascism coming to Democratic cities and anyone documenting it being a registered domestic terrorist...well thats pretty f'n insecure by default.
The latter is not news, it's the way it has been for quite some time, not just for IT providers, but for businesses in general.
If you are running any kind of service, you should learn how warrants work in the country you are hosting in, come the time, if your service grows, eventually you will have to comply with an order.
If you want anything else you will have to design your system such that you can't even see the data, ala Telegram. And even then, you will get into pretty murky waters.
CALEA and courts have compelled companies to install systems that allow them to track/record targets' communications and data, even if their own systems weren't designed with such abilities in mind.
From[1]:
> USA telecommunications providers must install new hardware or software, as well as modify old equipment, so that it doesn't interfere with the ability of a law enforcement agency (LEA) to perform real-time surveillance of any telephone or Internet traffic.
That's a distinction without a difference. Microsoft should structure Windows such that they're unable to comply with such an order, however legal. There are practical cryptographic ways to do it: Microsoft just doesn't want to. Shame on them.
It is pretty uncontroverisal that the owner, in the sense of having responsibility and ultimate control, should control the cryptographic keys. I think the disagreement here is who owns the computer.
Microsoft is legally entitled to refuse absent a warrant, but generally all it takes is a phone call from the FBI to get big tech to cough up any authenticating info they actually have.
> The headline is misleading. It says that Microsoft will provide the key if asked, but the linked statement to Forbes says Microsoft will provide the key if it receives a valid legal order.
This is an odd thing to split hairs over IMO. Warrants or subpoenas or just asking nicely, whatever bar you want to set, is a secondary concern. The main issue is they can and will hand the keys to LEO’s at all.
If you don’t like the behavior of a company voluntarily doing something, your problem is with that company. If you don’t like a company complying with the law, your problem is with the law. It is unreasonable to expect anyone or any company to break the law or violate a court order to protect you.
If you don’t trust the institutions issuing those court orders, that is an entirely reasonable stance but it should be addressed at its root cause using our democratic process, however rapidly eroding that process may seem to be.
The fourth amendment protects against warrantless search and seizure, it is not carte blanche to fill up your hard drive with child porn and expect Microsoft to fall on their swords to protect you.
I hate MS as much as anyone else, but I don't have a problem with them doing this. Legally they have to comply if they have evidence in a legal action. Maybe they are at fault for not solely relying on the TPM, or not giving users informed consent about using the cloud, but I cannot fault them for not going to battle for civil liberties when they can't even implement notepad without screwing it up.
Beyond the crypto architecture debate, I don't really understand how could anyone imagine a world where MS could just refuse such a request. How exactly would we draft laws to this effect, "the authorities can subpoena for any piece of evidence, except when complying to such a request might break the contractual obligations of a third party towards the suspect"?
Do we really, really, fully understand the implications of allowing for private contracts that can trump criminal law?
They could just ask before uploading your encryption key to the cloud.
Instead they force people to use a Microsoft Account to set up their windows and store the key without explicit consent
That's a crypto architecture design choice, MS opted for the user-friendly key escrow option instead of the more secure strong local key - that requires a competent user setting a strong password and saving recovery codes, understanding the disastrous implication of a key loss etc.
Given the abilities of the median MS client, the better choice is not obvious at all, while "protecting from a nation-state adversary" was definitely not one of the goals.
It makes sense if you consider the possibility of a secret deal between the government and a giant corporation. The deal is that people's data is never secure.
The alternative is just not having FDE on by default, it really isn't "require utterly clueless non-technical users to go through complicated opt-in procedure for backups to avoid losing all their data when they forget their password".
And AFAICT, they do ask, even if the flow is clearly designed to get the user to back up their keys online.
> How exactly would we draft laws to this effect, "the authorities can subpoena for any piece of evidence, except when complying to such a request might break the contractual obligations of a third party towards the suspect"?
Perhaps in this case they should be required to get a warrant rather than a subpoena?
A subpoena (specifically a subpoena duces tecum[1]) is the legal instrument that a court or other legal agency uses to compel someone to provide evidence. Seems entirely appropriate in this case.
[1] The other kind is subpoena testificandum, which compels someone to testify.
Encrypt the BL key with the user's password? I mean there are a lot of technical solutions besides "we're gonna keep the BL keys in the clear and readily available for anyone".
For something as widely adopted as Windows, the only sensible alternative is to not encrypt the disk by default.
The default behavior will never ever be to "encrypt the disk by a key and encrypt the key with the user's password." It just doesn't work in real life. You'll have thousands of users who lost access to their disks every week.
This is a bit tricky as it couples the user's password with the disk encryption key. If a user changes the password they would then need to change the encryption key, or remember the previous (possibly compromised) password. A better option is to force the user to record a complex hash, but that's never going to be user friendly when it comes to the average computer user.
Basically, we need better education about the issue, but as this is the case with almost every contentious issue in the world right now, I can't imagine this particular issue will bubble to the top of the awareness heap.
I thought this was what happened. Clearly not :( That’s the idea with services like 1Password (which I suppose is ultimately doing the same thing) - you need both the key held on the device and the password.
I suppose this all falls apart when the PC unlock password is your MS account password, the MS account can reset the local password. In Mac OS / Linux, you reset the login password, you loose the keychain.
At this point, end-to-end encryption is a solved problems when password managers exist. Not doing it means either Microsoft doesn't care enough, or is actually interested on keeping it this way
This is being reported on because it seems newsworthy and a departure from the norm.
Apple also categorically says they refuse such requests.
It's a private device. With private data. Device and data owned by the owner.
Using sleight of hand and words to coax a password into a shared cloud and beyond just seems to indicate the cloud is someone else's computer, and you are putting the keys to your world and your data insecurely in someone else's computer.
Should windows users assume their computer is now a hostile and hacked device, or one that can be easily hacked and backdoored without their knowledge to their data?
The Bernardino incident is a very different issue where Apple refused to use its own private key to sign a tool that would have unlocked any iPhone. There is absolutely no comparison between Apple's and MS conduct here because the architectures of the respective systems are so different (but of course, that's a choice each company made).
Should Apple find itself with a comparable decryption key in its possession, it would have little options but to comply and hand it over.
Firstly, Apple does not refuse such requests. In fact, it was very widely publicized in the past couple of weeks that Apple has removed Advanced Data Protection for users in the UK. So while US users still enjoy Advanced Data Protection from Apple, UK users do not.
It is entirely possible that Apple's Advanced Data Protection feature is removed legally by the US as well, if the regime decides they want to target it. I suspect there are either two reasons why they do not: Either the US has an additional agreement with Apple behind the scenes somewhere, OR the US regime has not yet felt that this was an important enough thing to go after.
There is precedent in the removal, Apple has shown they'll do the removal if asked/forced. What makes you think they wouldn't do the same thing in the US if Trump threatened to ban iPhone shipments from China until Apple complied?
The options for people to manage this stuff themselves are extremely painful for the average user for many reasons laid out in this thread. But the same goes for things like PGP keys. Managing PGP keys, uploading to key servers, using specialized mail clients, plugging in and unplugging the physical key, managing key rotation, key escrow, and key revocation. And understanding the deep logic behind it actually requires a person with technical expertise in this particular solution to guide people. It's far beyond what the average end user is ever going to do.
> don't really understand how could anyone imagine a world where MS could just refuse such a request
By simply not having the ability to do so.
Of course Microsoft should comply with the law, expecting anything else is ridiculous. But they themselves made sure that they had the ability to produce the requested information.
Right, Microsoft have the ability to recover the key, because average people lose their encryption keys and will blame Microsoft if they can't unlock their computer and gain access to their files. BitLocker protects you from someone stealing your computer to gain access to your files, that's it. It's no good in a corporate setting or if you're worried about governments spying on you.
I'm honestly not entirely convinced that disk encryption be enabled by default. How much of a problem was stolen personal laptops really? Corporate machine, sure, but leave the master key with the IT department.
Microsoft killed local accounts in Windows 11 and made this the default path by users: Your private encryption keys are sent to Microsoft in a way that requires no other keys. This is a failure and doesn't happen on systems like LUKS. I understand Microsoft wants to be able to look nice and unlock disks when people forget their passwords, but doing so allows anyone to exploit this. Windows systems and data are more vulnerable because of this tradeoff they made.
Sure that's valid, they do need to conply with legal orders. But they don't need to store bitlocker keys in the first place, they only need to turn over data they actually have.
I don't think that many people here are naive enough to believe that any business would fight the government for the sake of its customers. I think most of us are simply appalled by this blatantly malicious behavior. I'm not buying all these "but what if the user is an illiterate, senile 90-year-old with ADHD, huh?" attempts to rationalize it away. it's the equivalent of the guy who installed your door keeping a copy of your keys by unspoken default - "what if your toddler locks himself out, huh?"
I know the police can just break down my door, but that doesn't mean I should be ok with some random asshole having my keys.
> Do we really, really, fully understand the implication of allowing private contracts that trump criminal law?
...it's not that at all. We don't want private contracts to enshrine the same imbalances of power; we want those imbalances rendered irrelevant.
We hope against hope that people who have strength, money, reputation, legal teams, etc., will be as steadfast in asserting basic rights as people who have none of those things.
We don't regard the FBI as a legitimate institution of the rule of law, but a criminal enterprise and decades-long experiment in concentration of power. The constitution does not suppose an FBI, but it does suppose that 'no warrant shall issue but upon probable cause... particularly describing the place to be searched, and the persons or things to be seized' (emphasis mine). Obviously a search of the complete digital footprint and history of a person is not 'particular' in any plain meaning of that word.
...and we just don't regard the state as having an important function in the internet age. So all of its whining and tantrums and pepper spray and prison cells are just childish clinging to a power structure that is no longer desirable.
I think legally the issue was adjudicated by analogy to a closed safe: while the exact contents of the safe is unknown beforehand, it is reasonable it will contain evidence, documents, money, weapons etc. that are relevant, so if a warrant can be issued in that case compelling a locksmith to open it, then by analogy it can be issued against an encrypted device.
Without doubt, this analogy surely breaks down as society changes to become more digital - what about a Google Glass type of device that records my entire life, or the glasses of all people detected around me? what about the device where I uploaded my conscience, can law enforcement simply probe around my mind and find direct evidence of my guilt? Any written constitution is just a snapshot of a social contract at a particular historical time and technological development point, so it cannot serve as the ultimate source of truth regarding individual rights - the contract is renegotiated constantly through political means.
My question was more general: how could we draft that new social contract to the current age, how could we maintain the balance where the encrypted device of a suspected child predator and murderer is left encrypted, despite the fact that some 3rd party has the key, because we agreed that is the correct way to balance freedoms and law enforcement? It just doesn't sound stable in a democracy, where the rules of that social contract can change, it would contradict the moral intuitions of the vast majority.
Actual freedom starts with freedom of thought which requires spaces that you can truly believe are safe. The push for the surveillance world is rapidly eroding the places someone can not only be safe to think but feel safe to think in. The 'feel safe' is deeply important here. The arguments of 'if you have nothing to hide' do not make anyone feel safe, they do the opposite and they chill free thought.
The second, very clear, argument is that the state can't be trusted in the long run. Period. Maybe you love your elected officials today but tomorrow they could be actively out to harm you. Every tool we allow the state to use needs to be viewed with this level of extreme skepticism and even very clear benefits need to be debated vigorously.
Encryption, and technologies like it, may allow hiding criminal activity but they also provide people a sense of security to think freely and stave off political power grabs. We recognize the fundamental right to free speech and give great latitude to it even when it is harmful and hateful, we need to recognize the fundamental right to free thought and recognize that encryption and similar tools are critical to it.
Exactly! I agree about feeling free to think is important. I am a legal immigrant here on the green card, and I was randomly looking at my iCloud photos, and there were two of them where I was wearing a 2024 elections t-shirt of the losing side. The t-shirt was given to me as a gag gift, and I just had taken a picture of it to show it to the sender for giggles.
Now looking at this old image. I had second thoughts. What if on the border crossing some officer sees a t-shirt and doesn't agree with it? Maybe I should delete the image. And it's not the first time I want to go post something online, but I've stopped myself. What if it comes back and bites me? Even though it might be an innocuous tweet, nothing egregious, but I just don't want to engage. And this is how freedom goes. This feels as bad as it was growing up in the Soviet Union.
You should definitely delete that image, as people have been denied entry or arrested at borders based on their social media history and pictures on their phone.
I don't understand this, it's actually baffling. Why was the question being asked to begin with let along a whole post being made about this? If they have a legal request from a law enforcement agency of any country they operate in, they either comply or see executives in prison.
Is how bitlocker works not well known perhaps? I don't think it's a secret. The whole schtick is that you get to manage windows computers in a corporate fleet remotely, that includes being able to lock-out or unlock volumes. The only other way to do that would be for the person using the device to store the keys somewhere locally, but the whole point is you don't trust the people using the computers, they're employees. If they get fired, or if they lose the laptop, them being the only people who can unlock the bitlocker volume is a very bad situation. Even that aside, the logistics of people switching laptops, help desk getting a laptop and needing to access the volume and similar scenarios have to be addressed. Nothing about this and how bitlocker works is new.
Even in the safer political climates of pre-2025, you're still looking at prosecution if you resist a lawful order. You can fight gag-orders, or the legality of a request, but without a court order to countermand the feds request, you have to comply.
Microsoft would do the same in China, Europe, middle east,etc.. the FBI isn't special.
Sure, I don't disagree but that isn't what this discussion is about. It's about a lawful publicized request. For microsoft, they don't need any leverages, they can just use a FISA order, they can force you to keep it a secret. Their leverage is federal prison.
I’m not trying to defend Microsoft, but I think people are being a bit dramatic. It's a fairly reasonable default setting for average users who simply want their data protected from theft. On the other hand, users should be able to opt out from the outset, and above all, without having to fiddle with the manage-bde CLI or group policy settings.
With Intel Panther Lake (I'm not sure about AMD), Bitlocker will be entirely hardware-accelerated using dedicated SoC engines – which is a huge improvement and addresses many commonly known Full Disk Encryption vulnerabilities. However, in my opinion some changes still need to be made, particularly for machines without hardware acceleration support:
- Let users opt out of storing recovery keys online during setup.
- Let users choose between TPM or password based FDE during setup and let them switch between those options without forcing them to deal with group policies and the CLI.
- Change the KDF to a memory-hard KDF - this is important for both password and PIN protected FDE. It's 2026 - we shouldn't be spamming SHA256 anymore.
- Remove the 20 char limit from PIN protectors and make them alphanumerical by default. Windows 11 requires TPM 2.0 anyway so there's no point in enforcing a 20 char limit.
- Enable TPM parameter encryption for the same reasons outlined above.
It’s not that simple because most people will instinctively click ‘no’ without fully understanding the risks. They'll assume that as long as they don't forget their password, it’ll be fine – which is the case on Macs because, unlike PCs, Mac hardware is locked down. Mac users won’t ever be required to enter a recovery key just because they’ve installed an update.
> If you don’t think Intel put back doors into that then I fear for the future.
If that’s what you’re worried about, you shouldn’t be using computers at all. I can pretty much guarantee that Linux will adopt SoC based hardware acceleration because the benefits – both in performance and security – outweigh the theoretical risks.
If you are not typing in a passphrase or plugging in a device containing a key to unlock your disk then the secret exists somewhere else. Chances are that secret is available to others. The root issue here is that the user is not being made clearly aware of where the secret is stored and what third party(s) have access to it or reasonably might be able to get access to it.
These sorts of things should be very unsurprising to the people who depend on them...
Due to Third Party Doctrine, Microsoft doesn't even NEED a "legal order." It's merely a courtesy which they could change at any time.
Based on the sheer number of third parties we're required to use for our day to day lives, that is ridiculous and Third Party Doctrine should be eliminated.
Sure. You voluntarily use windows. You could use something else or nothing so you chose to use it. You are not compelled to use it by law. You are just strongly compelled by a small carrot and a large stick. The same applies to a smart phone BTW.
The default setting is a good mix of protecting people from the trouble they’re far more likely to run into (someone steals their laptop) while still allowing them back in if they forget their password. The previous default setting was no encryption at all which is worse in every case.
The way it is is important. Otherwise getting locked out is very easy. I think booting into safemode or messing with specific bios settings / certain bios updates enough to lock you out.
> Every bad day for microsoft is yet another glorious day for linux.
Nah. If that were the case, Linux would dominate personal computer statistics. The reality is that most mainstream users just don't care. But, of course, that won't stop us.
And before that and before Trucrypt many used Jetico BestCrypt [1] not free... It can pretend the OS disk is invalid until a passphrase is typed. Only useful to fool smash-and-grab trash level thieves but I found it entertaining.
Either way once the Windows OS volume is unlocked it's all moot. There are many other ways to access ones machine remotely such as pushing a targeted update to the specific machine OS agnostic but easiest on Windows as Windows update fires off all the time despite patches being on a specific Tuesday. This method applies to phones as well, beyond the JTAG encryption bypass at power-up. Then a gag order is applied.
Everybody should have access to your hard drive, not just the FBI, so please do not encrypt your hard-drive.
If you encrypt your drive and upload the key to Microsoft, you are engaging in anti-competitive behavior since you give them access to your data, but not also to the local thief.
Just don't encrypt your drive if you cant be bothered to secure your key. Encryption-neutrality.
For a long time, if you used full disk encryption, the encryption key never left your machine. If you forgot your password, the data was gone - tough luck, should have made a backup. That's still how it works on Linux.
Pretty surprising they'd back up the disk encryption secrets to the cloud at all, IMHO, let alone that they'd back it up in plaintext.
That's why full disk encryption was always a no-go for approximately all computer users, and recommending it to someone not highly versed in technology was borderline malicious.
"Tough luck, should have made a backup" is higher responsibility than securing anything in meatspace, including your passport or government ID. In the real world, there is always a recovery path. Security aficionados pushing non-recoverable traps on people are plain disconnected from reality.
Microsoft has the right approach here with Bitlocker defaults. It's not merely about UX - it's about not setting up traps and footguns that could easily cause harm to people.
Well, for a consumer notebook or mobile device, the threat model typically envisions a thief grabbing it from a coffeehouse or hotel room. So your key needs to be safeguarded from the opportunist who possesses your hardware illegally.
Linux can be fairly well-secured against state-level threat actors, but honestly, if your adversary is your own nation-state, then no amount of security is going to protect you!
For Microsoft and the other consumer-OS vendors, it is typically a bad user-experience for any user, particularly a paying subscriber, to lose access to their account and their cloud apps. There are many ways to try and cajole the naïve user into storing their recovery key somewhere safe, but the best way is to just do it for them.
A recovery key stored in the user's own cloud account is going to be secure from the typical threats that consumers will face. I, for one, am thankful that there is peace of mind both from the on-device encryption, as well as the straightforward disaster recovery methods.
That's a reductionist view. Apple, at least, based a big portion of their image on privacy and encryption. If a company does that and is then proven otherwise, it does a tremendous damage to the brand and stock value and is something shareholders would absolutely sue the board and CEO for. Things like these happened many times in the past.
A Proton model makes this very simple: full cooperation and handover and virtually nothing to be extracted from the data. Size is somewhat of a metadata, ip connection points and maybe date of first use and when data changes occurred...
I'm all for law enforcement, but that job has to be old-school Proof of Work bound and not using blanket data collection and automated speeding ticket mailer.
But I guess it's not done more because the free data can't be analyzed and sold.
If tech companies implemented real, e2e encryption for all user data, there would be a huge outcry, as the most notable effect would be lots of people losing access to their data irrevocably.
I'm all for criticizing tech companies but it's pointless to demand the impossible.
Just say "we are storing your keys on our servers so you won't lose them" and follow that with either "do you trust us" or even "we will share this key with law enforcement if compelled". Would be fine. Let people make these decisions.
Besides, bit ocker keys are really quite hard to lose.
is it just me or would "Microsoft refuses to comply with a legal search warrant" be an actual, surprising news story? like of course MSFT is going to hand over to authorities whatever they ask for if there's a warrant, imagine if they didn't (hint: not good for business. their customers are governments and large institutions, a reputation for "going rogue" would damage their brand quite a bit)
When someone is arrested, the police can get a subpoena to enter your house, right?
There they can collect evidence regarding the case.
Digital protections should exist, but should they exist beyond what is available in the physical world? If so, why?
I think the wording of this is far too lenient and I understand the controversy of "if asked" vs "valid legal order", neither of which strictly say "subpoena", and of course, the controversy of how laws are interpreted/ignored in one country in particularly (yes, I'm looking at you USA).
Should there be a middle ground? Or should we always consider anything that is digital off-limits?
Crazier question: what’s wrong with a well-intentioned surveillance state? Preventing crime is a noble goal, and sometimes I just don’t think some vague notion of privacy is more important than that.
I sometimes feel that the tech community would find the above opinion far more outlandish than the general population would.
tl;dw: A well-intentioned surveillance state may, in fact, love the beings they are surveilling. They may fall in love so deeply, that they want to become like us. I know it's a revolutionary concept.
If you have advanced data protection enabled, Apple claims:
“No one else can access your end-to-end encrypted data — not even Apple — and this data remains secure even in the case of a data breach in the cloud.”
Last time I onboarded a Mac (a few months ago), it would very explicitly ask if you want to enable support for remote FileVault unlocking.
That said, they could also roll out a small patch to a specific device to extract the keys. When you really want to be safe (and since you can be a called a 'left extremist' for moving your car out of the way, that now includes a lot of people), probably use Linux with LUKS.
iCloud login is still optional on macOS. Can't download stuff from the App Store and I think some continuity things require iCloud, but otherwise pretty solid.
Except you’re not coerced (near enough forced?) to use an account password managed by MS on Apple. Until MS themselves publish, for home users, how to set up without an MS account, I’m considering it forced.
Title should read "Microsoft confirms it will give the FBI your Windows PC data encryption key if court-ordered to do so".
Just because the article is click bait doesn't mean the HN entry needs to be, too.
Sure, the fact that MS has your keys at all is no less problematic for it, but the article clearly explains that MS will do this if legally ordered to do so. Not "when the FBI asks for it".
Which is how things work: when the courts order you to do something, you either do that thing, or you are yourself violating the law.
Not surprising. The whole Win11 feels like a spy-tool for the government. Just that "recall" anti-feature nobody needs - except for those who want to sniff and spy after people.
The origin of this is a Forbes article[0] where the quote is: "Microsoft confirmed to Forbes that it does provide BitLocker recovery keys if it receives a valid legal order."
It's already established that your disk encryption keys are in the Microsoft cloud whether you want them there or not. It's just a small step from there to your local government having the key too. Some governments claim to respect the privacy of their citizens, but there are always exceptions. Most governments likely have direct access to the keys, and don't even need to make the request.
The headline is slightly misleading. Microsoft can only provide the key if you are using a Microsoft Account which automatically escrows the BitLocker recovery key to OneDrive.
If you use a Local Account (which requires bypassing the OOBE internet check during setup) or explicitly disable key backup, the key never leaves the TPM. The issue isn't the encryption algorithm its the convenience selection.
This team was able to execute and investigate the loss of over $85,000.00 Usdt of I and my friend we have started getting our refunds and we are grateful
Apple will do this too. Your laptop encryption key is stored in your keychain (without telliing you!). All is needed is a warrant for your iCloud account and they also have access to your laptop.
It's most software. Cryptography is user-unfriendly. The mechanisms used to make it user friendly sacrifice security.
There's a saying that goes "not your keys not your crypto" but this really extends to everything. If you don't control the keys something else does behind the scenes. A six digit PIN you use to unlock your phone or messaging app doesn't have enough entropy to be secure, even to derive a key-encryption-key.
If you pass a KDF with a hardness of ~5 seconds a four digit PIN to derive a key, then you can brute force the whole 10,000 possible PINs in ~13 hours. After ~6.5 hours you would have a 50% chance of guessing correctly. Six digit PIN would take significantly longer, but most software uses a hardness nowhere near 5 seconds.
You can (and should) watch all of https://www.youtube.com/watch?v=BLGFriOKz6U&t=1993s for the details about how iCloud is protected by HSMs and rate limits to understand why you’re wrong, but especially the time-linked section… instead of spreading FUD about something you know nothing about.
The major OS vendors (apple, google, ms) are complicit in data turnover and have been for over ten years now. It has been reported multiple times so I'm struggling to see the angle being projected here. This feels like click harvesting got the HN "Microsoft bad" crowd.
The segment of the population that is the target of political vindictiveness from the FBI seems to have changed somewhat with this administration so it makes sense to remind people of the vulnerabilities from time to time.
This was a decade ago, before the big tech went to brown nose Trump on live TV. We live in different reality nowadays. Apple doesn't even market their encryption and safety anymore, like they did on massive billboards all over the world.
The problem is not that they will give the key (government can force them - this is expected), but that they even have the key in the first place.. I bet this is done without proper consent, or with choice like "yes" vs "maybe later"..
This issue aside, if anyone has the keys what value are they in the end? Has Microsoft ever refused to unlock someone's pc stating that they could not technically do that? Isn't storing keys like this akin to storing passwords in clear text?
My wife is an insurance litigation attorney and regularly requests social media data from Microsoft, Meta, etc. for people. Generally they hand it over without issue; I think Apple is the only one to have pushed back at times.
Why Microsoft stores the encryption keys of the users in their servers? Key recovery is convenient, but in my opinion it should exist the "opt out" option, without MS being involved in the key storage in their datacenters.
This is no different to Apple placing the encryption key for Filevault as plaintext on disk when it is turned off (the default). Both companies make it easy for you to recover data in event of a catastrophe.
No surprises here. There are people out there warning this would happen soon or later, and urging people to stop using Microsoft products, but of course, nobody cared about it as usual.
I do find it quite interesting how people support this idea (because they got a warrant), but are vehemently against the idea of backdooring encryption.
Technically it is possible to configure butlocker using passphrase instead of a TPM. It is not easy though. It is configured via GPO. However it is not a local account password. It is a separate passphrase which you need to provide early in boot process, similar to LUKS on linux systems. It works on windows computers without TPM, i’m not sure is it supported on systems that actually have TPM available.
it is perhaps mildly surprising that they have access to user encryption keys, but anyone surprised, over 20 years post-Patriot Act, that an American corporation is willing to cooperate with American federal law enforcement has maybe not been paying attention.
Which is really galling when you consider how many Windows 11 users have inadvertently been locked out of their own bought-and-paid-for computers thanks to BitLocker.
I have no idea what you mean. If the user keys were protected, that would not put Microsoft beyond the reach of the law. To Microsoft it's just a few bytes they never do anything with.
The headline is misleading. It says that Microsoft will provide the key if asked, but the linked statement to Forbes says Microsoft will provide the key if it receives a valid legal order.
These have different meanings. Microsoft is legally entitled to refuse a request from law enforcement, and subject to criminal penalties if it refuses a valid legal order.
It does illustrate a significant vulnerability in that Microsoft has access to user keys by default. The public cannot be sure that Microsoft employees or criminals are unable to access those keys.
Nah, you’re just not reading carefully. You must parse everything about this stuff carefully as the words are always crafted. It’s usually more productive to read with a goal to understand what isn’t said as opposed to what is said.
They said “legal order”, which includes a variety of things ranging from administrative subpoenas to judicial warrants. Generally they say warrant if that was used.
A “request” is “Hi Microsoft man, would you please bypass your process and give me customer data?” That doesn’t happen unless it’s for performative purposes. (Like when the FBI was crying about the San Bernardino shooter’s iPhone) Casual asks are problematic for police because it’s difficult to use that information in court.
What exactly was requested sounds fishy as the article states that Microsoft only gets 20 a year, and is responsive to 9 or fewer requests. Apple seems to get more and typically is more responsive. (https://www.apple.com/legal/transparency/us.html)
The other weird thing is that the Microsoft spokesman named in the Forbes article is an external crisis communications consultant. Why an use external guy firewalled from the business for what is a normal business process?
>the article states that Microsoft only gets 20 a year, and is responsive to 9 or fewer requests. Apple seems to get more and typically is more responsive.
That just makes me think that Windows is generally less secure and there are likely a larger number of instances where the AHJ doesn't have to request help from Microsoft to access the data.
2 replies →
Hans George Gadamer over here with the advanced hermeneutic
> Microsoft is legally entitled to refuse a request from law enforcement, and subject to criminal penalties if it refuses a valid legal order.
This is a problem, because Microsoft operates in a lot of jurisdictions, but one of them always wants to be the exception and claims that it has jurisdiction over all the others. Not that I personally am of the opinion, that it is wise for the other jurisdiction to trust Microsoft, but if MS wants to secure operating in the other jurisdiction it needs to separate itself from that outsider.
Or maybe not stash everybody's keys?
You're arguing for corporate sovereignty.
I think you need to rethink your position.
2 replies →
Note that they say "legal order" not, specifically, "warrant". Now remember that government agencies have internal memos instructing them that no warrants are needed for them to do things like the 4th amendment, stop citizens, detain citizens, "arrest" citizens, etc.
The same way you cannot be sure that FBI is not criminals
It's a catchy meme for sure, but when people actually start to believe - like for real, not just the usual talking shit that passes for "conversation" with normal people - that law enforcement officers are worse thugs than regular thugs -- that's a fast way to turn into a failed state, where that actually is true.
Causality here actually works both ways, because in free(ish) societies, law enforcement derives its authority more from people's intersubjective belief in that authority, and less from actual use of force.
7 replies →
Exactly. The discussion should center on the fact that Microsoft's shift was a contingency, not a technical necessity. It cannot have escaped them that their design choices create a legal point of entry for data requests that they are then obligated to fulfill, which would not have been the case with proper end-to-end encryption; in that case they would have told authorities that they simply cannot fulfill these requests.
Crucially, the headline says Microsoft will provide the key if asked by the FBI, which implies a state entity with legal power that extends beyond a typical person's assumptions of "rule of law" and "due process," let alone ethics.
This is all paraphrasing. The closest paraphrase of the original statement to Forbes, from Forbes' article, is:
> Microsoft confirmed to Forbes that it does provide BitLocker recovery keys if it receives a valid legal order.
I suspect the FBI part was added editorially since this specific legal order came from the FBI.
Typical person assumes that FBI is chasing aliens (from outer space) and hardened criminals so bad the local police can't handle them. At least that's what American TV teaches us.
Now CIA, on the other hand, ... well, they won't need to ask for the crypto keys anyway.
Is it meaningfully misleading? How often is this an obstacle for the FBI?
Yes, "asked" versus "ordered" is meaningfully misleading, especially in this context.
There is reasonable suspicion, some might argue evidence, that Microsoft voluntarily cooperated with U.S. Intelligence Community without being compelled by a court order, the most famous instances being leaked in the Snowden disclosures.
To be fair to Microsoft, here's their updated statement (emphasis mine):
"Microsoft confirmed to Forbes that it does provide BitLocker recovery keys if it receives a valid legal order. “While key recovery offers convenience, it also carries a risk of unwanted access, so Microsoft believes customers are in the best position to decide... how to manage their keys,” said Microsoft spokesperson Charles Chamberlayne."
10 replies →
I would guess that the FBI never asks Microsoft for encryption keys without a valid legal order because it knows Microsoft will demand one, and because the FBI rarely has possession of suspect devices without a warrant to search for them and obtain their contents.
It could be a bigger obstacle for other agencies. CBP can hold a device carried by someone crossing the border without judicial oversight. ICE is in the midst of a hiring surge and from what I've read lately, has an abbreviated screening and training process likely not matching the rigor of the FBI. Local law enforcement agencies vary greatly.
2 replies →
It’s immensely misleading. At least with a valid legal order we are still living by rule of law. With the recent actions I can’t say ICE is acting by rule of law.
Having said that I won’t go back to Windows.
Broader context isWindows defaults to making their access to your data legally accessible. Their entire windows platform and one drive defaults to this insecurity
Inlight of fascism coming to Democratic cities and anyone documenting it being a registered domestic terrorist...well thats pretty f'n insecure by default.
The latter is not news, it's the way it has been for quite some time, not just for IT providers, but for businesses in general.
If you are running any kind of service, you should learn how warrants work in the country you are hosting in, come the time, if your service grows, eventually you will have to comply with an order.
If you want anything else you will have to design your system such that you can't even see the data, ala Telegram. And even then, you will get into pretty murky waters.
CALEA and courts have compelled companies to install systems that allow them to track/record targets' communications and data, even if their own systems weren't designed with such abilities in mind.
From[1]:
> USA telecommunications providers must install new hardware or software, as well as modify old equipment, so that it doesn't interfere with the ability of a law enforcement agency (LEA) to perform real-time surveillance of any telephone or Internet traffic.
[1] https://en.wikipedia.org/wiki/Communications_Assistance_for_...
I’m sure there was a time in my life I would have taken those two sentences to mean the same thing but that time is long past.
That's a distinction without a difference. Microsoft should structure Windows such that they're unable to comply with such an order, however legal. There are practical cryptographic ways to do it: Microsoft just doesn't want to. Shame on them.
It is pretty uncontroverisal that the owner, in the sense of having responsibility and ultimate control, should control the cryptographic keys. I think the disagreement here is who owns the computer.
Exactly
Microsoft is legally entitled to refuse absent a warrant, but generally all it takes is a phone call from the FBI to get big tech to cough up any authenticating info they actually have.
In a society where laws don’t mean anything “valid legal orders” can quickly be drafted up even if not legal.
> The headline is misleading. It says that Microsoft will provide the key if asked, but the linked statement to Forbes says Microsoft will provide the key if it receives a valid legal order.
This is an odd thing to split hairs over IMO. Warrants or subpoenas or just asking nicely, whatever bar you want to set, is a secondary concern. The main issue is they can and will hand the keys to LEO’s at all.
If you don’t like the behavior of a company voluntarily doing something, your problem is with that company. If you don’t like a company complying with the law, your problem is with the law. It is unreasonable to expect anyone or any company to break the law or violate a court order to protect you.
If you don’t trust the institutions issuing those court orders, that is an entirely reasonable stance but it should be addressed at its root cause using our democratic process, however rapidly eroding that process may seem to be.
The fourth amendment protects against warrantless search and seizure, it is not carte blanche to fill up your hard drive with child porn and expect Microsoft to fall on their swords to protect you.
7 replies →
The even-more-main-issue is that there is > 0 number of people who thought they wouldn’t
1 reply →
I hate MS as much as anyone else, but I don't have a problem with them doing this. Legally they have to comply if they have evidence in a legal action. Maybe they are at fault for not solely relying on the TPM, or not giving users informed consent about using the cloud, but I cannot fault them for not going to battle for civil liberties when they can't even implement notepad without screwing it up.
1 reply →
Beyond the crypto architecture debate, I don't really understand how could anyone imagine a world where MS could just refuse such a request. How exactly would we draft laws to this effect, "the authorities can subpoena for any piece of evidence, except when complying to such a request might break the contractual obligations of a third party towards the suspect"?
Do we really, really, fully understand the implications of allowing for private contracts that can trump criminal law?
They could just ask before uploading your encryption key to the cloud. Instead they force people to use a Microsoft Account to set up their windows and store the key without explicit consent
That's a crypto architecture design choice, MS opted for the user-friendly key escrow option instead of the more secure strong local key - that requires a competent user setting a strong password and saving recovery codes, understanding the disastrous implication of a key loss etc.
Given the abilities of the median MS client, the better choice is not obvious at all, while "protecting from a nation-state adversary" was definitely not one of the goals.
26 replies →
It makes sense if you consider the possibility of a secret deal between the government and a giant corporation. The deal is that people's data is never secure.
It's a nightmare actually.
The alternative is just not having FDE on by default, it really isn't "require utterly clueless non-technical users to go through complicated opt-in procedure for backups to avoid losing all their data when they forget their password".
And AFAICT, they do ask, even if the flow is clearly designed to get the user to back up their keys online.
5 replies →
Forcing implies there are zero ways to begin with a local only account (or other non-Microsoft Account). That's simply not true.
6 replies →
> How exactly would we draft laws to this effect, "the authorities can subpoena for any piece of evidence, except when complying to such a request might break the contractual obligations of a third party towards the suspect"?
Perhaps in this case they should be required to get a warrant rather than a subpoena?
A subpoena (specifically a subpoena duces tecum[1]) is the legal instrument that a court or other legal agency uses to compel someone to provide evidence. Seems entirely appropriate in this case.
[1] The other kind is subpoena testificandum, which compels someone to testify.
3 replies →
Encrypt the BL key with the user's password? I mean there are a lot of technical solutions besides "we're gonna keep the BL keys in the clear and readily available for anyone".
For something as widely adopted as Windows, the only sensible alternative is to not encrypt the disk by default.
The default behavior will never ever be to "encrypt the disk by a key and encrypt the key with the user's password." It just doesn't work in real life. You'll have thousands of users who lost access to their disks every week.
3 replies →
This is a bit tricky as it couples the user's password with the disk encryption key. If a user changes the password they would then need to change the encryption key, or remember the previous (possibly compromised) password. A better option is to force the user to record a complex hash, but that's never going to be user friendly when it comes to the average computer user.
Basically, we need better education about the issue, but as this is the case with almost every contentious issue in the world right now, I can't imagine this particular issue will bubble to the top of the awareness heap.
4 replies →
I thought this was what happened. Clearly not :( That’s the idea with services like 1Password (which I suppose is ultimately doing the same thing) - you need both the key held on the device and the password.
I suppose this all falls apart when the PC unlock password is your MS account password, the MS account can reset the local password. In Mac OS / Linux, you reset the login password, you loose the keychain.
3 replies →
At this point, end-to-end encryption is a solved problems when password managers exist. Not doing it means either Microsoft doesn't care enough, or is actually interested on keeping it this way
2 replies →
This make little to no sense.
This is being reported on because it seems newsworthy and a departure from the norm.
Apple also categorically says they refuse such requests.
It's a private device. With private data. Device and data owned by the owner.
Using sleight of hand and words to coax a password into a shared cloud and beyond just seems to indicate the cloud is someone else's computer, and you are putting the keys to your world and your data insecurely in someone else's computer.
Should windows users assume their computer is now a hostile and hacked device, or one that can be easily hacked and backdoored without their knowledge to their data?
The Bernardino incident is a very different issue where Apple refused to use its own private key to sign a tool that would have unlocked any iPhone. There is absolutely no comparison between Apple's and MS conduct here because the architectures of the respective systems are so different (but of course, that's a choice each company made).
Should Apple find itself with a comparable decryption key in its possession, it would have little options but to comply and hand it over.
1 reply →
Firstly, Apple does not refuse such requests. In fact, it was very widely publicized in the past couple of weeks that Apple has removed Advanced Data Protection for users in the UK. So while US users still enjoy Advanced Data Protection from Apple, UK users do not.
It is entirely possible that Apple's Advanced Data Protection feature is removed legally by the US as well, if the regime decides they want to target it. I suspect there are either two reasons why they do not: Either the US has an additional agreement with Apple behind the scenes somewhere, OR the US regime has not yet felt that this was an important enough thing to go after.
There is precedent in the removal, Apple has shown they'll do the removal if asked/forced. What makes you think they wouldn't do the same thing in the US if Trump threatened to ban iPhone shipments from China until Apple complied?
The options for people to manage this stuff themselves are extremely painful for the average user for many reasons laid out in this thread. But the same goes for things like PGP keys. Managing PGP keys, uploading to key servers, using specialized mail clients, plugging in and unplugging the physical key, managing key rotation, key escrow, and key revocation. And understanding the deep logic behind it actually requires a person with technical expertise in this particular solution to guide people. It's far beyond what the average end user is ever going to do.
4 replies →
> don't really understand how could anyone imagine a world where MS could just refuse such a request
By simply not having the ability to do so.
Of course Microsoft should comply with the law, expecting anything else is ridiculous. But they themselves made sure that they had the ability to produce the requested information.
Right, Microsoft have the ability to recover the key, because average people lose their encryption keys and will blame Microsoft if they can't unlock their computer and gain access to their files. BitLocker protects you from someone stealing your computer to gain access to your files, that's it. It's no good in a corporate setting or if you're worried about governments spying on you.
I'm honestly not entirely convinced that disk encryption be enabled by default. How much of a problem was stolen personal laptops really? Corporate machine, sure, but leave the master key with the IT department.
Microsoft killed local accounts in Windows 11 and made this the default path by users: Your private encryption keys are sent to Microsoft in a way that requires no other keys. This is a failure and doesn't happen on systems like LUKS. I understand Microsoft wants to be able to look nice and unlock disks when people forget their passwords, but doing so allows anyone to exploit this. Windows systems and data are more vulnerable because of this tradeoff they made.
Sure that's valid, they do need to conply with legal orders. But they don't need to store bitlocker keys in the first place, they only need to turn over data they actually have.
I don't think that many people here are naive enough to believe that any business would fight the government for the sake of its customers. I think most of us are simply appalled by this blatantly malicious behavior. I'm not buying all these "but what if the user is an illiterate, senile 90-year-old with ADHD, huh?" attempts to rationalize it away. it's the equivalent of the guy who installed your door keeping a copy of your keys by unspoken default - "what if your toddler locks himself out, huh?"
I know the police can just break down my door, but that doesn't mean I should be ok with some random asshole having my keys.
Assume good intent. If Microsoft didn't escrow the keys, the next HN post would be "mIcR0SofT Ate mY chILDhooD pHOTos!!"
1 reply →
Have the recipient server be owned by a priest and API metadata that says it's a confession
> Do we really, really, fully understand the implication of allowing private contracts that trump criminal law?
...it's not that at all. We don't want private contracts to enshrine the same imbalances of power; we want those imbalances rendered irrelevant.
We hope against hope that people who have strength, money, reputation, legal teams, etc., will be as steadfast in asserting basic rights as people who have none of those things.
We don't regard the FBI as a legitimate institution of the rule of law, but a criminal enterprise and decades-long experiment in concentration of power. The constitution does not suppose an FBI, but it does suppose that 'no warrant shall issue but upon probable cause... particularly describing the place to be searched, and the persons or things to be seized' (emphasis mine). Obviously a search of the complete digital footprint and history of a person is not 'particular' in any plain meaning of that word.
...and we just don't regard the state as having an important function in the internet age. So all of its whining and tantrums and pepper spray and prison cells are just childish clinging to a power structure that is no longer desirable.
I think legally the issue was adjudicated by analogy to a closed safe: while the exact contents of the safe is unknown beforehand, it is reasonable it will contain evidence, documents, money, weapons etc. that are relevant, so if a warrant can be issued in that case compelling a locksmith to open it, then by analogy it can be issued against an encrypted device.
Without doubt, this analogy surely breaks down as society changes to become more digital - what about a Google Glass type of device that records my entire life, or the glasses of all people detected around me? what about the device where I uploaded my conscience, can law enforcement simply probe around my mind and find direct evidence of my guilt? Any written constitution is just a snapshot of a social contract at a particular historical time and technological development point, so it cannot serve as the ultimate source of truth regarding individual rights - the contract is renegotiated constantly through political means.
My question was more general: how could we draft that new social contract to the current age, how could we maintain the balance where the encrypted device of a suspected child predator and murderer is left encrypted, despite the fact that some 3rd party has the key, because we agreed that is the correct way to balance freedoms and law enforcement? It just doesn't sound stable in a democracy, where the rules of that social contract can change, it would contradict the moral intuitions of the vast majority.
1 reply →
Actual freedom starts with freedom of thought which requires spaces that you can truly believe are safe. The push for the surveillance world is rapidly eroding the places someone can not only be safe to think but feel safe to think in. The 'feel safe' is deeply important here. The arguments of 'if you have nothing to hide' do not make anyone feel safe, they do the opposite and they chill free thought.
The second, very clear, argument is that the state can't be trusted in the long run. Period. Maybe you love your elected officials today but tomorrow they could be actively out to harm you. Every tool we allow the state to use needs to be viewed with this level of extreme skepticism and even very clear benefits need to be debated vigorously.
Encryption, and technologies like it, may allow hiding criminal activity but they also provide people a sense of security to think freely and stave off political power grabs. We recognize the fundamental right to free speech and give great latitude to it even when it is harmful and hateful, we need to recognize the fundamental right to free thought and recognize that encryption and similar tools are critical to it.
Exactly! I agree about feeling free to think is important. I am a legal immigrant here on the green card, and I was randomly looking at my iCloud photos, and there were two of them where I was wearing a 2024 elections t-shirt of the losing side. The t-shirt was given to me as a gag gift, and I just had taken a picture of it to show it to the sender for giggles. Now looking at this old image. I had second thoughts. What if on the border crossing some officer sees a t-shirt and doesn't agree with it? Maybe I should delete the image. And it's not the first time I want to go post something online, but I've stopped myself. What if it comes back and bites me? Even though it might be an innocuous tweet, nothing egregious, but I just don't want to engage. And this is how freedom goes. This feels as bad as it was growing up in the Soviet Union.
You should definitely delete that image, as people have been denied entry or arrested at borders based on their social media history and pictures on their phone.
2 replies →
Expect your door to come crashing in any second now. I hope I am joking about this.
I hear Canada is nice though.
I don't understand this, it's actually baffling. Why was the question being asked to begin with let along a whole post being made about this? If they have a legal request from a law enforcement agency of any country they operate in, they either comply or see executives in prison.
Is how bitlocker works not well known perhaps? I don't think it's a secret. The whole schtick is that you get to manage windows computers in a corporate fleet remotely, that includes being able to lock-out or unlock volumes. The only other way to do that would be for the person using the device to store the keys somewhere locally, but the whole point is you don't trust the people using the computers, they're employees. If they get fired, or if they lose the laptop, them being the only people who can unlock the bitlocker volume is a very bad situation. Even that aside, the logistics of people switching laptops, help desk getting a laptop and needing to access the volume and similar scenarios have to be addressed. Nothing about this and how bitlocker works is new.
Even in the safer political climates of pre-2025, you're still looking at prosecution if you resist a lawful order. You can fight gag-orders, or the legality of a request, but without a court order to countermand the feds request, you have to comply.
Microsoft would do the same in China, Europe, middle east,etc.. the FBI isn't special.
>Microsoft would do the same in China, Europe, middle east,etc.. the FBI isn't special.
One would presume US agencies has leverage to access global data.
Sure, I don't disagree but that isn't what this discussion is about. It's about a lawful publicized request. For microsoft, they don't need any leverages, they can just use a FISA order, they can force you to keep it a secret. Their leverage is federal prison.
I’m not trying to defend Microsoft, but I think people are being a bit dramatic. It's a fairly reasonable default setting for average users who simply want their data protected from theft. On the other hand, users should be able to opt out from the outset, and above all, without having to fiddle with the manage-bde CLI or group policy settings.
With Intel Panther Lake (I'm not sure about AMD), Bitlocker will be entirely hardware-accelerated using dedicated SoC engines – which is a huge improvement and addresses many commonly known Full Disk Encryption vulnerabilities. However, in my opinion some changes still need to be made, particularly for machines without hardware acceleration support:
- Let users opt out of storing recovery keys online during setup.
- Let users choose between TPM or password based FDE during setup and let them switch between those options without forcing them to deal with group policies and the CLI.
- Change the KDF to a memory-hard KDF - this is important for both password and PIN protected FDE. It's 2026 - we shouldn't be spamming SHA256 anymore.
- Remove the 20 char limit from PIN protectors and make them alphanumerical by default. Windows 11 requires TPM 2.0 anyway so there's no point in enforcing a 20 char limit.
- Enable TPM parameter encryption for the same reasons outlined above.
>It's a fairly reasonable default setting for average users who simply want their data protected from theft.
Apple asks you when you set up your Mac if you want to do this. You can just ask the user, Microsoft!
It’s not that simple because most people will instinctively click ‘no’ without fully understanding the risks. They'll assume that as long as they don't forget their password, it’ll be fine – which is the case on Macs because, unlike PCs, Mac hardware is locked down. Mac users won’t ever be required to enter a recovery key just because they’ve installed an update.
If you don’t think Intel put back doors into that then I fear for the future.
> If you don’t think Intel put back doors into that then I fear for the future.
If that’s what you’re worried about, you shouldn’t be using computers at all. I can pretty much guarantee that Linux will adopt SoC based hardware acceleration because the benefits – both in performance and security – outweigh the theoretical risks.
2 replies →
If you are not typing in a passphrase or plugging in a device containing a key to unlock your disk then the secret exists somewhere else. Chances are that secret is available to others. The root issue here is that the user is not being made clearly aware of where the secret is stored and what third party(s) have access to it or reasonably might be able to get access to it.
These sorts of things should be very unsurprising to the people who depend on them...
Due to Third Party Doctrine, Microsoft doesn't even NEED a "legal order." It's merely a courtesy which they could change at any time.
Based on the sheer number of third parties we're required to use for our day to day lives, that is ridiculous and Third Party Doctrine should be eliminated.
Ref: https://en.wikipedia.org/wiki/Third-party_doctrine
>people who voluntarily give information to third parties
Is it the case with BitLocker? The voluntary part.
Sure. You voluntarily use windows. You could use something else or nothing so you chose to use it. You are not compelled to use it by law. You are just strongly compelled by a small carrot and a large stick. The same applies to a smart phone BTW.
From a legal perspective yes since the government didn't force you to
Headline says “…if asked”
Article and facts are “…if served with a valid legal order compelling it”
∴ Headline is clickbait.
You are arguing semantics, whereas the point is that A) they have your keys, and B) they will give them away if they will have to
No, that’s binary thinking. The degree to which they will resist giving them away matters.
I’d much rather they require a warrant than just give it to any enforcement agency that sends them an email asking. The former is what I expect.
It’s really just A. Point B is pretty much just derived from there.
No, that's how I interpreted the headline.
asked, not ordered. Seems fine.
I would prefer “it is impossible for Microsoft to give the keys because that’s not how their encryption works”.
That’s the case if you change a setting.
The default setting is a good mix of protecting people from the trouble they’re far more likely to run into (someone steals their laptop) while still allowing them back in if they forget their password. The previous default setting was no encryption at all which is worse in every case.
You can change it it you like.
The way it is is important. Otherwise getting locked out is very easy. I think booting into safemode or messing with specific bios settings / certain bios updates enough to lock you out.
Veracrypt https://veracrypt.io/en/Home.html
https://linuxmint.com/
https://ubuntu.com/download/desktop
https://archlinux.org/
https://www.kali.org/get-kali/#kali-platforms
https://fedoraproject.org/
Every bad day for microsoft is yet another glorious day for linux.
> Every bad day for microsoft is yet another glorious day for linux.
Nah. If that were the case, Linux would dominate personal computer statistics. The reality is that most mainstream users just don't care. But, of course, that won't stop us.
3 replies →
You forgot to list Slackware :)
http://www.slackware.com/
http://slackware.osuosl.org/slackware64-current/ChangeLog.tx...
And MacOS, which I suspect may be the more obvious choice for many users.
4 replies →
To people on HN considering the switch, maybe. My family has zero interest or intention of trying any of these. It stops with me.
1 reply →
One could almost say "Embrace the penguin"
And before that and before Trucrypt many used Jetico BestCrypt [1] not free... It can pretend the OS disk is invalid until a passphrase is typed. Only useful to fool smash-and-grab trash level thieves but I found it entertaining.
Either way once the Windows OS volume is unlocked it's all moot. There are many other ways to access ones machine remotely such as pushing a targeted update to the specific machine OS agnostic but easiest on Windows as Windows update fires off all the time despite patches being on a specific Tuesday. This method applies to phones as well, beyond the JTAG encryption bypass at power-up. Then a gag order is applied.
[1] - https://jetico.com/data-encryption/encrypt-hard-drives-bestc...
Let us not forget that the predecessor to VeraCrypt, TrueCrypt, was suddenly discontinued and users were told they should migrate to BitLocker.
There were questions about their motivation at the time. There still are questions.
Pretty sure the same applies to all the passwords/passkeys/2FA codes stored in the Authenticator app with cloud backup on.
Use 1Password or similar instead. They’re keyed against a key they don’t have access to.
How do you avoid losing that key?
2 replies →
Only if that authenticator/password manager app is not end-to-end encrypted.
No, not "only". E2EE is now used as a dog whistle.
Who holds/controls the keys on both ends?
1 reply →
That's right, and Microsoft Authenticator isn't.
Everybody should have access to your hard drive, not just the FBI, so please do not encrypt your hard-drive.
If you encrypt your drive and upload the key to Microsoft, you are engaging in anti-competitive behavior since you give them access to your data, but not also to the local thief.
Just don't encrypt your drive if you cant be bothered to secure your key. Encryption-neutrality.
Related discussion from yesterday: https://news.ycombinator.com/item?id=46735545
Lol it's been 20 years now that the whole world should stop to be all surprised pikachu about that.
For a long time, if you used full disk encryption, the encryption key never left your machine. If you forgot your password, the data was gone - tough luck, should have made a backup. That's still how it works on Linux.
Pretty surprising they'd back up the disk encryption secrets to the cloud at all, IMHO, let alone that they'd back it up in plaintext.
That's why full disk encryption was always a no-go for approximately all computer users, and recommending it to someone not highly versed in technology was borderline malicious.
"Tough luck, should have made a backup" is higher responsibility than securing anything in meatspace, including your passport or government ID. In the real world, there is always a recovery path. Security aficionados pushing non-recoverable traps on people are plain disconnected from reality.
Microsoft has the right approach here with Bitlocker defaults. It's not merely about UX - it's about not setting up traps and footguns that could easily cause harm to people.
17 replies →
Well, for a consumer notebook or mobile device, the threat model typically envisions a thief grabbing it from a coffeehouse or hotel room. So your key needs to be safeguarded from the opportunist who possesses your hardware illegally.
Linux can be fairly well-secured against state-level threat actors, but honestly, if your adversary is your own nation-state, then no amount of security is going to protect you!
For Microsoft and the other consumer-OS vendors, it is typically a bad user-experience for any user, particularly a paying subscriber, to lose access to their account and their cloud apps. There are many ways to try and cajole the naïve user into storing their recovery key somewhere safe, but the best way is to just do it for them.
A recovery key stored in the user's own cloud account is going to be secure from the typical threats that consumers will face. I, for one, am thankful that there is peace of mind both from the on-device encryption, as well as the straightforward disaster recovery methods.
5 replies →
Exactly. Being again and again surprised that corporations will defend you for literally no reason is kinda delusional.
That's a reductionist view. Apple, at least, based a big portion of their image on privacy and encryption. If a company does that and is then proven otherwise, it does a tremendous damage to the brand and stock value and is something shareholders would absolutely sue the board and CEO for. Things like these happened many times in the past.
This isn't that simple.
2 replies →
A Proton model makes this very simple: full cooperation and handover and virtually nothing to be extracted from the data. Size is somewhat of a metadata, ip connection points and maybe date of first use and when data changes occurred... I'm all for law enforcement, but that job has to be old-school Proof of Work bound and not using blanket data collection and automated speeding ticket mailer.
But I guess it's not done more because the free data can't be analyzed and sold.
1 reply →
If tech companies implemented real, e2e encryption for all user data, there would be a huge outcry, as the most notable effect would be lots of people losing access to their data irrevocably.
I'm all for criticizing tech companies but it's pointless to demand the impossible.
Just say "we are storing your keys on our servers so you won't lose them" and follow that with either "do you trust us" or even "we will share this key with law enforcement if compelled". Would be fine. Let people make these decisions.
Besides, bit ocker keys are really quite hard to lose.
is it just me or would "Microsoft refuses to comply with a legal search warrant" be an actual, surprising news story? like of course MSFT is going to hand over to authorities whatever they ask for if there's a warrant, imagine if they didn't (hint: not good for business. their customers are governments and large institutions, a reputation for "going rogue" would damage their brand quite a bit)
Controversial question here.
When someone is arrested, the police can get a subpoena to enter your house, right?
There they can collect evidence regarding the case.
Digital protections should exist, but should they exist beyond what is available in the physical world? If so, why?
I think the wording of this is far too lenient and I understand the controversy of "if asked" vs "valid legal order", neither of which strictly say "subpoena", and of course, the controversy of how laws are interpreted/ignored in one country in particularly (yes, I'm looking at you USA).
Should there be a middle ground? Or should we always consider anything that is digital off-limits?
> When someone is arrested, the police can get a subpoena to enter your house, right?
That's a warrant. A subpoena is an order to appear in court.
And by the way ICE officers can still enter your house even if they don't have a warrant. Apparently.
1 reply →
Completely agree.
Crazier question: what’s wrong with a well-intentioned surveillance state? Preventing crime is a noble goal, and sometimes I just don’t think some vague notion of privacy is more important than that.
I sometimes feel that the tech community would find the above opinion far more outlandish than the general population would.
> what’s wrong with a well-intentioned surveillance state?
https://en.wikipedia.org/wiki/Wings_of_Desire
tl;dw: A well-intentioned surveillance state may, in fact, love the beings they are surveilling. They may fall in love so deeply, that they want to become like us. I know it's a revolutionary concept.
There’s nothing inherently wrong with the panopticon. Your society is what makes it good or evil.
Any reason to believe Apple won't do the same with whatever we backup in iCloud?
If you have advanced data protection enabled, Apple claims: “No one else can access your end-to-end encrypted data — not even Apple — and this data remains secure even in the case of a data breach in the cloud.”
https://support.apple.com/en-us/102651
Please read this section of Apple's own document before you talk about their "advanced data protection".
The following information may be available from iCloud if a user has enabled Advanced Data Protection for iCloud:
https://www.apple.com/legal/privacy/law-enforcement-guidelin...
Do you think Tim Cook gave that gold bar to Trump for nothing?
3 replies →
Yeah, the problem is whether they already bent over for Trump admin or not yet.
8 replies →
Last time I onboarded a Mac (a few months ago), it would very explicitly ask if you want to enable support for remote FileVault unlocking.
That said, they could also roll out a small patch to a specific device to extract the keys. When you really want to be safe (and since you can be a called a 'left extremist' for moving your car out of the way, that now includes a lot of people), probably use Linux with LUKS.
Any American company will hand over data stored on their server (that they have access to) in response to a warrant.
Apple provides an optional encryption level (ADP) where they don't have a copy of your encryption key.
When Apple doesn't have the encryption key, they can't decrypt your data, so they can't provide a copy of the decrypted data in response to a warrant.
They explain the trade off during device setup: If Apple doesn't have a copy of the key, they can't help you if you should lose your copy of the key.
Any company in any country will hand over data in response to a warrant. There is no country with a higher standard of protection than a warrant.
1 reply →
iCloud login is still optional on macOS. Can't download stuff from the App Store and I think some continuity things require iCloud, but otherwise pretty solid.
Except you’re not coerced (near enough forced?) to use an account password managed by MS on Apple. Until MS themselves publish, for home users, how to set up without an MS account, I’m considering it forced.
Title should read "Microsoft confirms it will give the FBI your Windows PC data encryption key if court-ordered to do so".
Just because the article is click bait doesn't mean the HN entry needs to be, too.
Sure, the fact that MS has your keys at all is no less problematic for it, but the article clearly explains that MS will do this if legally ordered to do so. Not "when the FBI asks for it".
Which is how things work: when the courts order you to do something, you either do that thing, or you are yourself violating the law.
Not surprising. The whole Win11 feels like a spy-tool for the government. Just that "recall" anti-feature nobody needs - except for those who want to sniff and spy after people.
> ... if asked
This is blurring of fact drives click bait.
The origin of this is a Forbes article[0] where the quote is: "Microsoft confirmed to Forbes that it does provide BitLocker recovery keys if it receives a valid legal order."
[0] https://www.forbes.com/sites/thomasbrewster/2026/01/22/micro...
It's already established that your disk encryption keys are in the Microsoft cloud whether you want them there or not. It's just a small step from there to your local government having the key too. Some governments claim to respect the privacy of their citizens, but there are always exceptions. Most governments likely have direct access to the keys, and don't even need to make the request.
The headline is slightly misleading. Microsoft can only provide the key if you are using a Microsoft Account which automatically escrows the BitLocker recovery key to OneDrive.
If you use a Local Account (which requires bypassing the OOBE internet check during setup) or explicitly disable key backup, the key never leaves the TPM. The issue isn't the encryption algorithm its the convenience selection.
My recommendation goes to CIPHERTRACES [DOT] COM
This team was able to execute and investigate the loss of over $85,000.00 Usdt of I and my friend we have started getting our refunds and we are grateful
[dupe] Discussion on source: https://news.ycombinator.com/item?id=46735545
At least they’re honest.
Apple will do this too. Your laptop encryption key is stored in your keychain (without telliing you!). All is needed is a warrant for your iCloud account and they also have access to your laptop.
sixcolors.com/post/2025/09/filevault-on-macos-tahoe-no-longer-uses-icloud-to-store-its-recovery-key/
> Your laptop encryption key is stored in your keychain
Probably not if one is not using Apple cloud on their laptops.
> stored in your keychain (without telliing you!)
How to verify that? Any commands/tools/guides?
Thanks, that's good to know. I suspect WhatsApp's "we're fully E2E encrypted" would be similar too.
It's most software. Cryptography is user-unfriendly. The mechanisms used to make it user friendly sacrifice security.
There's a saying that goes "not your keys not your crypto" but this really extends to everything. If you don't control the keys something else does behind the scenes. A six digit PIN you use to unlock your phone or messaging app doesn't have enough entropy to be secure, even to derive a key-encryption-key.
If you pass a KDF with a hardness of ~5 seconds a four digit PIN to derive a key, then you can brute force the whole 10,000 possible PINs in ~13 hours. After ~6.5 hours you would have a 50% chance of guessing correctly. Six digit PIN would take significantly longer, but most software uses a hardness nowhere near 5 seconds.
2 replies →
Wrong.
You can (and should) watch all of https://www.youtube.com/watch?v=BLGFriOKz6U&t=1993s for the details about how iCloud is protected by HSMs and rate limits to understand why you’re wrong, but especially the time-linked section… instead of spreading FUD about something you know nothing about.
You can say anything you want in a YouTube video or a whitepaper. It doesn't have to correspond to your security architecture.
Where's the source code? Who audits this system?
The major OS vendors (apple, google, ms) are complicit in data turnover and have been for over ten years now. It has been reported multiple times so I'm struggling to see the angle being projected here. This feels like click harvesting got the HN "Microsoft bad" crowd.
The segment of the population that is the target of political vindictiveness from the FBI seems to have changed somewhat with this administration so it makes sense to remind people of the vulnerabilities from time to time.
The San Bernardino iPhone case proves that Apple is very much so not complicit.
The Apple that offers gold statues to authoritarian regimes would certainly behave differently.
People also forget how they kind of always played ball in similar governments.
This was a decade ago, before the big tech went to brown nose Trump on live TV. We live in different reality nowadays. Apple doesn't even market their encryption and safety anymore, like they did on massive billboards all over the world.
5 replies →
The problem is not that they will give the key (government can force them - this is expected), but that they even have the key in the first place.. I bet this is done without proper consent, or with choice like "yes" vs "maybe later"..
This issue aside, if anyone has the keys what value are they in the end? Has Microsoft ever refused to unlock someone's pc stating that they could not technically do that? Isn't storing keys like this akin to storing passwords in clear text?
My wife is an insurance litigation attorney and regularly requests social media data from Microsoft, Meta, etc. for people. Generally they hand it over without issue; I think Apple is the only one to have pushed back at times.
Why Microsoft stores the encryption keys of the users in their servers? Key recovery is convenient, but in my opinion it should exist the "opt out" option, without MS being involved in the key storage in their datacenters.
This is no different to Apple placing the encryption key for Filevault as plaintext on disk when it is turned off (the default). Both companies make it easy for you to recover data in event of a catastrophe.
No surprises here. There are people out there warning this would happen soon or later, and urging people to stop using Microsoft products, but of course, nobody cared about it as usual.
If you potentially are a target for the us government you should avoid Microsoft.
Given that the us government is happy to execute us citizens and invade other countries that basically means everyone.
I do find it quite interesting how people support this idea (because they got a warrant), but are vehemently against the idea of backdooring encryption.
How is this any different?
Stallman was correct
What's that? Windows, due to its market position, should not be allowed to force users into online-only accounts? Agreed.
If I remember well from installing Windows you can store the keys yourself without a cloud backup. What am I missing?
Does Microsoft let you encrypt the key with your password / passphrase (with a backup you can write down)?
Technically it is possible to configure butlocker using passphrase instead of a TPM. It is not easy though. It is configured via GPO. However it is not a local account password. It is a separate passphrase which you need to provide early in boot process, similar to LUKS on linux systems. It works on windows computers without TPM, i’m not sure is it supported on systems that actually have TPM available.
it is perhaps mildly surprising that they have access to user encryption keys, but anyone surprised, over 20 years post-Patriot Act, that an American corporation is willing to cooperate with American federal law enforcement has maybe not been paying attention.
My recommendation goes to CIPHERTRACES [DOT] COM
Very different phrasing between the headline and the subtitle:
> Microsoft confirms it will give the FBI your Windows PC data encryption key if asked
> Microsoft says it will hand those over to the FBI if requested via legal order
Microsoft complying with legal orders is not news. But why hire actual journalists when you can just lie in your headlines and still get clicks?
But, the pile of reasons for not running windows is already through the roof…
whenever someone mentions the FBI I think of of a picture of the current highly incompetent and malevolent director.
Time to use Linux as the on the metal OS.
Damn I love my dear little tux.
shocking
Honestly I have no problem with this but I do remember a lot of gaslighting about how America is free and Europe a totalitarian state.
Obviously...?
Because yours Windows PC isn't yours
Which is really galling when you consider how many Windows 11 users have inadvertently been locked out of their own bought-and-paid-for computers thanks to BitLocker.
VeraCrypt.
He headline misleading - they will give it if there’s a court order, not just if asked.
Still crap but the headline is intentionally inaccurate for clickbaiting
Microsoft confirms it will obey the law.
“American company will comply with American law”. I’m shocked. Shocked I tell you!
"US firm confirms it will comply with US law if asked."
Unless that's a data privacy or monopoly related. Then they won't.
not your keys? not your crypto
Local company complies with the law. In other news, the sky is blue...
[dead]
[dead]
[dead]
MS confirms it has to comply with warrants to the consternation of many.
Duplicate story. Previous discussion here. https://news.ycombinator.com/item?id=46735545
Edit: Nevermind.
No it isn't. This is an evolution of that story.
Yes and this is a good thing. No organization, no matter how large or powerful, should be beyond the reach of the law.
Ideally they wouldnt even have this key / the private data in the first place
The user can opt out of this if they want.
1 reply →
That's a false dichotomy. You can hold an organization accountable to the law without requiring them to maintain a "master key" to your private data.
It isn't required.
I have no idea what you mean. If the user keys were protected, that would not put Microsoft beyond the reach of the law. To Microsoft it's just a few bytes they never do anything with.