Techcrunch
Reports indicate that Microsoft has supplied the FBI with BitLocker recovery keys, enabling law enforcement to access encrypted data on suspects' laptops as part of a federal investigation. This access is possible because BitLocker recovery keys are uploaded to Microsoft's cloud by default.
AI 生成摘要
據報導,微軟在一次聯邦調查中向FBI提供了BitLocker的恢復金鑰,使執法部門能夠存取嫌疑人筆記型電腦上的加密數據。這是因為BitLocker的恢復金鑰預設會上傳到微軟的雲端。
Latest
AI
Amazon
Apps
Biotech & Health
Climate
Cloud Computing
Commerce
Crypto
Enterprise
EVs
Fintech
Fundraising
Gadgets
Gaming
Government & Policy
Hardware
Layoffs
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
Security
Social
Space
Startups
TikTok
Transportation
Venture
Staff
Events
Startup Battlefield
StrictlyVC
Newsletters
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
Microsoft provided the FBI with the recovery keys to unlock encrypted data on the hard drives of three laptops as part of a federal investigation, Forbes reported on Friday.
Many modern Windows computers rely on full-disk encryption, called BitLocker, which is enabled by default. This type of technology should prevent anyone except the device owner from accessing the data if the computer is locked and powered off.
But, by default, BitLocker recovery keys are uploaded to Microsoft’s cloud, allowing the tech giant — and by extension law enforcement — to access them and use them to decrypt drives encrypted with BitLocker, as with the case reported by Forbes.
The case involved several people suspected of fraud related to the Pandemic Unemployment Assistance program in Guam, a U.S. island in the Pacific. Local news outlet Pacific Daily News covered the case last year, reporting that a warrant had been served to Microsoft in relation to the suspects’ hard drives. Kandit News, another local Guam news outlet, also reported in October that the FBI requested the warrant six months after seizing the three laptops encrypted with BitLocker.
A spokesperson for Microsoft did not immediately respond to a request for comment by TechCrunch. Microsoft told Forbes that the company sometimes provides BitLocker recovery keys to authorities, having received an average of 20 such requests per year.
Apart from the privacy risks of handing recovery keys to a company, Johns Hopkins professor and cryptography expert Matthew Green raised the potential scenario where malicious hackers compromise Microsoft’s cloud infrastructure — something that has happened several times in recent years — and get access to these recovery keys. The hackers would still need physical access to the hard drives to use the stolen recovery keys
“It’s 2026 and these concerns have been known for years,” Green wrote in a post on Bluesky. “Microsoft’s inability to secure critical customer keys is starting to make it an outlier from the rest of the industry.”
Topics
Senior Reporter, Cybersecurity
Lorenzo Franceschi-Bicchierai is a Senior Writer at TechCrunch, where he covers hacking, cybersecurity, surveillance, and privacy.
You can contact or verify outreach from Lorenzo by emailing [email protected], via encrypted message at +1 917 257 1382 on Signal, and @lorenzofb on Keybase/Telegram.
Tickets are live at the lowest rates of the year. Save up to $680 on your pass — and if you’re among the first 500 registrants, score a +1 pass at 50% off.Meet investors. Discover your next portfolio company. Hear from 250+ tech leaders, dive into 200+ sessions, and explore 300+ startups building what’s next. Don’t miss these one-time savings.
Capital One acquires Brex for a steep discount to its peak valuation, but early believers are laughing all the way to the bank
Anthropic’s CEO stuns Davos with Nvidia criticism
Humans&, a ‘human-centric’ AI startup founded by Anthropic, xAI, Google alums, raised $480M seed round
SpaceX didn’t properly inspect crane before collapse at Starbase, OSHA says
Well, there goes the metaverse!
Sequoia to invest in Anthropic, breaking VC taboo on backing rivals: FT
Why Silicon Valley is really talking about fleeing California (it’s not the 5%)
© 2025 TechCrunch Media LLC.