Yes, "asked" versus "ordered" is meaningfully misleading, especially in this context.
There is reasonable suspicion, some might argue evidence, that Microsoft voluntarily cooperated with U.S. Intelligence Community without being compelled by a court order, the most famous instances being leaked in the Snowden disclosures.
To be fair to Microsoft, here's their updated statement (emphasis mine):
"Microsoft confirmed to Forbes that it does provide BitLocker recovery keys if it receives a valid legal order. “While key recovery offers convenience, it also carries a risk of unwanted access, so Microsoft believes customers are in the best position to decide... how to manage their keys,” said Microsoft spokesperson Charles Chamberlayne."
You’ve overly simplified the degree to which a company must accept a court order without pushback.
First they are capable of fulfilling the request in the first place which means their approach or encryption is inherently flawed. Second companies can very much push back on such requests with many examples of such working, but they need to make the attempt.
I don't think it's reasonable to expect businesses to spend money fighting court orders for customer data, especially if the orders are more or less reasonable.
They do seem to be reasonable in the case that brought about this reporting, with substantial evidence that the suspects committed fraud and that evidence is on the devices in question.
I would guess that the FBI never asks Microsoft for encryption keys without a valid legal order because it knows Microsoft will demand one, and because the FBI rarely has possession of suspect devices without a warrant to search for them and obtain their contents.
It could be a bigger obstacle for other agencies. CBP can hold a device carried by someone crossing the border without judicial oversight. ICE is in the midst of a hiring surge and from what I've read lately, has an abbreviated screening and training process likely not matching the rigor of the FBI. Local law enforcement agencies vary greatly.
It’s immensely misleading. At least with a valid legal order we are still living by rule of law. With the recent actions I can’t say ICE is acting by rule of law.
Broader context isWindows defaults to making their access to your data legally accessible. Their entire windows platform and one drive defaults to this insecurity
Inlight of fascism coming to Democratic cities and anyone documenting it being a registered domestic terrorist...well thats pretty f'n insecure by default.
Yes, "asked" versus "ordered" is meaningfully misleading, especially in this context.
There is reasonable suspicion, some might argue evidence, that Microsoft voluntarily cooperated with U.S. Intelligence Community without being compelled by a court order, the most famous instances being leaked in the Snowden disclosures.
To be fair to Microsoft, here's their updated statement (emphasis mine):
"Microsoft confirmed to Forbes that it does provide BitLocker recovery keys if it receives a valid legal order. “While key recovery offers convenience, it also carries a risk of unwanted access, so Microsoft believes customers are in the best position to decide... how to manage their keys,” said Microsoft spokesperson Charles Chamberlayne."
You’ve overly simplified the degree to which a company must accept a court order without pushback.
First they are capable of fulfilling the request in the first place which means their approach or encryption is inherently flawed. Second companies can very much push back on such requests with many examples of such working, but they need to make the attempt.
I don't think it's reasonable to expect businesses to spend money fighting court orders for customer data, especially if the orders are more or less reasonable.
They do seem to be reasonable in the case that brought about this reporting, with substantial evidence that the suspects committed fraud and that evidence is on the devices in question.
7 replies →
I think you missed my point. Microsoft isn’t that company you describe.
I would guess that the FBI never asks Microsoft for encryption keys without a valid legal order because it knows Microsoft will demand one, and because the FBI rarely has possession of suspect devices without a warrant to search for them and obtain their contents.
It could be a bigger obstacle for other agencies. CBP can hold a device carried by someone crossing the border without judicial oversight. ICE is in the midst of a hiring surge and from what I've read lately, has an abbreviated screening and training process likely not matching the rigor of the FBI. Local law enforcement agencies vary greatly.
>I would guess that the FBI never asks Microsoft for encryption keys without a valid legal order
I keep seeing mentions in the news of FBI agents resigning suddenly.
Great comment.
It’s immensely misleading. At least with a valid legal order we are still living by rule of law. With the recent actions I can’t say ICE is acting by rule of law.
Having said that I won’t go back to Windows.
Broader context isWindows defaults to making their access to your data legally accessible. Their entire windows platform and one drive defaults to this insecurity
Inlight of fascism coming to Democratic cities and anyone documenting it being a registered domestic terrorist...well thats pretty f'n insecure by default.