Microsoft provided the FBI with recovery keys to unlock encrypted data on the hard drives of three laptops as part of a federal investigation, Forbes reported Friday.
Many modern Windows computers rely on full disk encryption, called BitLocker, which is enabled by default. This type of technology should prevent anyone but the owner of the device from accessing the data if the computer is locked and turned off.
However, by default, BitLocker recovery keys are uploaded to Microsoft’s cloud, allowing the tech giant—and by extension law enforcement—to access them and use them to decrypt BitLocker-encrypted drives, as in the case reported by Forbes.
The case involved several people suspected of fraud related to the pandemic unemployment assistance program in Guam, a US island in the Pacific. Local news outlet Pacific Daily News covered the case last year, reporting that a warrant had been served on Microsoft in connection with the suspects’ hard drives. Kandit News, another local Guam news outlet, was also mentioned In October, the FBI sought the warrant six months after seizing the three BitLocker-encrypted laptops.
A Microsoft representative did not immediately respond to a request for comment from TechCrunch. Microsoft told Forbes that the company sometimes provides BitLocker recovery keys to authorities, having received an average of 20 such requests a year.
In addition to the privacy risks of handing over recovery keys to a company, Johns Hopkins professor and cryptography expert Matthew Green upload the possible scenario where malicious hackers breach Microsoft’s cloud infrastructure — something that has happened several times in recent years — and gain access to those recovery keys. Hackers would still need physical access to the hard drives to use the stolen recovery keys
“It’s 2026 and these concerns have been known for years,” Green wrote in a post on Bluesky. “Microsoft’s inability to secure critical customer keys is starting to set it apart from the rest of the industry.”
Techcrunch event
San Francisco
|
13-15 October 2026
