Home / Technology / Microsoft's Keys Unlock Your Private Data
Microsoft's Keys Unlock Your Private Data
5 Feb
Summary
- Microsoft provided BitLocker recovery keys to law enforcement.
- Encryption doesn't guarantee data inaccessibility.
- Users must control their encryption keys for true privacy.
A federal investigation in Guam has brought to light that Microsoft provided BitLocker recovery keys to law enforcement. This allowed investigators to access encrypted data on laptops allegedly linked to COVID-19 unemployment fraud. The incident underscores that encryption does not always ensure data inaccessibility. Microsoft stated it complies with such requests when users store keys in the cloud, receiving approximately 20 requests annually.
Experts argue that the issue lies not with encryption itself, but with key control. When a provider holds both encrypted data and decryption keys, user control is diminished. Companies like Apple and Google offer alternative approaches, limiting their own access to customer data. Microsoft acknowledges the convenience of cloud key storage but warns of potential unwanted access, asserting customers should decide on key management.
This case reignites the debate between lawful access and systemic risk. Centralized systems holding customer data are prone to failure and become targets. True personal data sovereignty, experts contend, requires systems where compelled access is technically impossible. Users must be intentional about where their encryption keys are stored, preferring offline methods or services offering client-side encryption for maximum privacy.
