Microsoft has confirmed it provided the FBI with BitLocker recovery keys to decrypt the hard drives of three laptops linked to a federal fraud investigation. The disclosure, first reported by Forbes, highlights the privacy implications of Microsoft’s cloud-based key management system.
Understanding BitLocker and Cloud Risks
Modern Windows devices utilize BitLocker, a full-disk encryption tool that is enabled by default. While designed to protect data when a device is locked or powered off, the system automatically uploads recovery keys to Microsoft’s cloud infrastructure. This integration grants the tech giant—and consequently, law enforcement agencies armed with a warrant—the ability to bypass user encryption.
The Guam Fraud Investigation
The incident is tied to an investigation into the Pandemic Unemployment Assistance program in Guam. Local outlets, including the Pacific Daily News and Kandit News, revealed that the FBI secured a warrant for the keys six months after seizing the hardware from suspects. Microsoft disclosed that it processes an average of 20 such requests for BitLocker recovery keys annually.
Industry Concerns Over Security
Cryptography experts are sounding the alarm regarding this practice. Matthew Green, a professor at Johns Hopkins, highlighted the danger of Microsoft’s centralized storage. If malicious actors were to compromise the company’s cloud infrastructure—a recurring issue in recent years—they could potentially obtain these recovery keys.
“It’s 2026 and these concerns have been known for years,” Green noted in a recent post. “Microsoft’s inability to secure critical customer keys is starting to make it an outlier from the rest of the industry.”