Redmond, January 25: Microsoft has confirmed that it provides BitLocker recovery keys to law enforcement agencies upon receiving valid legal orders, marking a significant development in the ongoing debate over digital privacy. The disclosure follows a federal investigation in Guam where the FBI served the tech giant with a search warrant to unlock three encrypted laptops.

Federal investigators believed the devices contained evidence related to a plot to steal funds from the island’s Covid unemployment assistance program. While Microsoft has historically resisted government pressure to install "backdoors" in its software, this case represents the first known instance of the company directly providing encryption keys to facilitate a law enforcement search. Gmail Users Advised to Disable 2 Features Over Google Privacy Concerns; Check Details.

Microsoft BitLocker Security Vulnerability

BitLocker is a built-in Windows feature designed to scramble data on a computer's hard drive, making it inaccessible without a specific recovery key. While Microsoft allows users to store these keys locally on external hardware, it frequently recommends cloud storage on its own servers for user convenience. This default approach ensures users can recover data if they forget their passwords, but it simultaneously makes the information accessible via judicial warrants.

A Microsoft spokesperson, Charles Chamberlayne, stated that the company receives approximately 20 such requests for BitLocker keys annually. He noted that in many instances, Microsoft is unable to assist because the user did not opt to store their key in the cloud. However, privacy advocates argue that the architectural choice to hold these keys on behalf of users creates an inherent security risk.

Encryption Key Privacy Concerns

The revelation has sparked criticism from lawmakers and cybersecurity experts who contrast Microsoft’s policies with those of its competitors. Senator Ron Wyden described the practice as "irresponsible," suggesting that allowing government agencies to obtain encryption keys secretly provides them with access to a person’s entire digital life. Experts from the ACLU also warned that such vulnerabilities could be exploited by foreign governments with poor human rights records.

Unlike Microsoft, companies such as Apple and Meta have implemented systems where cloud-stored backups are protected by keys that the companies themselves cannot access. For example, Apple’s FileVault and WhatsApp’s encrypted backups allow users to store keys in a manner that renders law enforcement requests ineffective. Cryptography experts from Johns Hopkins University noted that since other tech giants have successfully prioritised user-only access, Microsoft’s current model remains a notable outlier in the industry. ‘This Is Entirely False’: Google-Owned Gmail Denies Major Security Warning Claims, Says ‘Protections Are Strong and Effective’.

In the Guam case, court documents indicate that the warrant was successfully executed and the data was retrieved. The defendant, Charissa Tenorio, has pleaded not guilty, while the case remains ongoing. Experts warn that now that law enforcement agencies are aware of this capability, the number of demands for Microsoft-held encryption keys is likely to increase.

TruLY Score by LatestLY
Rating:3

TruLY Score 3 – Believable; Needs Further Research | On a Trust Scale of 0-5 this article has scored 3 on LatestLY, this article appears believable but may need additional verification. It is based on reporting from news websites or verified journalists (Forbes), but lacks supporting official confirmation. Readers are advised to treat the information as credible but continue to follow up for updates or confirmations

(The above story first appeared on LatestLY on Jan 25, 2026 07:13 AM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).