--- title: "Surrender as a service: Microsoft unlocks BitLocker for feds" type: "News" locale: "en" url: "https://longbridge.com/en/news/273554367.md" description: "Microsoft has reportedly provided the FBI with BitLocker encryption keys to unlock laptops of users charged in a fraud case, marking the first known instance of such action. BitLocker, a Windows security system, allows users to encrypt data, but keys can be stored on Microsoft's servers, giving the company potential access. Unlike Apple, which retains limited keys for iCloud data, Microsoft may have access to customer keys if stored in the cloud. Microsoft receives around 20 requests for BitLocker keys annually, but cannot provide them if customers have not entrusted them to the company." datetime: "2026-01-23T20:49:26.000Z" locales: - [zh-CN](https://longbridge.com/zh-CN/news/273554367.md) - [en](https://longbridge.com/en/news/273554367.md) - [zh-HK](https://longbridge.com/zh-HK/news/273554367.md) --- > Supported Languages: [简体中文](https://longbridge.com/zh-CN/news/273554367.md) | [繁體中文](https://longbridge.com/zh-HK/news/273554367.md) # Surrender as a service: Microsoft unlocks BitLocker for feds If you think using Microsoft's BitLocker encryption will keep your data 100 percent safe, think again. Last year, Redmond reportedly provided the FBI with encryption keys to unlock the laptops of Windows users charged in a fraud indictment. The government case \[PDF\], which claims defendants in Guam fraudulently collected pandemic unemployment benefits, represents the first publicly known instance of Microsoft providing BitLocker keys, according to Forbes. BitLocker is a Windows security system that can encrypt data on storage devices. It supports two modes: Device Encryption, a mode designed to simplify security, and BitLocker Drive Encryption, an advanced mode. For either mode, Microsoft "typically" backs up BitLocker keys to its servers when the service gets set up from an active Microsoft account. "If you use a Microsoft account, the BitLocker recovery key is typically attached to it, and you can access the recovery key online," the company explains in its documentation. The situation is similar for managed devices. "If you're using a device that's managed by your work or school, the BitLocker recovery key is typically backed up and managed by your organization's IT department," the company says. Microsoft provides the option to store keys elsewhere. Instead of selecting "Save to your Microsoft Account," customers can "Save to a USB flash drive," "Save to a file," or "Print the recovery key." But customers are encouraged to entrust keys to Microsoft because as long as they have access to the account online, they can recover the keys, effectively making Redmond their digital doorman. However, in such circumstances, customers no longer have total control over access to their data. Apple offers a similar device encryption service called FileVault, complemented by its iCloud service. The iCloud service also offers an easy mode called "Standard data protection" and "Advanced Data Protection for iCloud." With Standard data protection, Apple holds the encryption keys for iCloud data, with some exceptions (e.g. Passwords and Keychain). With Advanced Data Protection, the company has the keys only to iCloud Mail, Contacts, and Calendar. - Microsoft 365 outage drags on for nearly 10 hours during bad night for North American infra - Microsoft shifting to cloud management software brings possibility of it peeking into your estate - AI conference's papers contaminated by AI hallucinations - Cursor used agents to write a browser, proving AI can write shoddy code at scale Both Apple and Microsoft, like other companies, comply with government information demands they determine to be lawful. But they can't provide keys they don't control. Apple says as much in its guidelines \[PDF\] for law enforcement: "All iCloud content data stored by Apple is additionally encrypted at the location of the server. For data Apple can decrypt, Apple retains the encryption keys in its US data centers. Apple does not receive or retain encryption keys for \[a\] customer's end-to-end encrypted data." That's not the case with BitLocker, where Microsoft may have access to encryption keys for a customer's end-to-end encrypted data if the customer allowed that during setup. Microsoft explains that it does not provide governments with its own encryption keys. But it does not make that commitment with regard to its customers. "We do not provide any government with our encryption keys or the ability to break our encryption," the company says in its law enforcement guidance. "In most cases, our default is for Microsoft to securely store our customers' encryption keys. Even our largest enterprise customers usually prefer we keep their keys to prevent accidental loss or theft. However, in many circumstances we also offer the option for consumers or enterprises to keep their own keys, in which case Microsoft does not maintain copies." > It's a clear message to activist organizations and law firms that Microsoft is not building their products for you. According to Microsoft's most recent Government Requests for Customer Data Report, covering July 2024 through December 2024, the company received a total of 128 requests from law enforcement organizations around the world, 77 of which came from US authorities. Only four of the requests during that period, three in Brazil and one in Canada, led to the disclosure of content. Microsoft did not immediately respond to a request for comment. The company told Forbes that it receives around 20 requests for BitLocker keys per year and that it cannot provide those keys if customers have not entrusted them to Microsoft for cloud storage. "Microsoft is making a tradeoff here between privacy and recoverability," said Erica Portnoy, senior staff technologist at the Electronic Frontier Foundation, in an email to _The Register_. "At a guess, I'd say that's because they're more focused on the business use case, where loss of data is much worse than Microsoft or governments getting access to that data. But by making that choice, they make their product less suitable for individuals and organizations with higher privacy needs. It's a clear message to activist organizations and law firms that Microsoft is not building their products for you." ® ### Related Stocks - [YieldMax MSFT Option Income Strategy ETF (MSFO.US)](https://longbridge.com/en/quote/MSFO.US.md) - [Direxion Daily MSFT Bear 1X ETF (MSFD.US)](https://longbridge.com/en/quote/MSFD.US.md) - [GraniteShares 2x Long MSFT Daily ETF (MSFL.US)](https://longbridge.com/en/quote/MSFL.US.md) - [Direxion Daily MSFT Bull 2X Shares (MSFU.US)](https://longbridge.com/en/quote/MSFU.US.md) - [iShares Expanded Tech-Software Sect ETF (IGV.US)](https://longbridge.com/en/quote/IGV.US.md) - [Global X Cloud Computing ETF (CLOU.US)](https://longbridge.com/en/quote/CLOU.US.md) - [T-Rex 2X Long Microsoft Daily Target ETF (MSFX.US)](https://longbridge.com/en/quote/MSFX.US.md) - [State StreetSPDRS&PSftwr&SvcsETF (XSW.US)](https://longbridge.com/en/quote/XSW.US.md) - [Microsoft Corporation (MSFT.US)](https://longbridge.com/en/quote/MSFT.US.md) ## Related News & Research - [New Microsoft and Rubrik Integration Delivers Complete Identity Attack Response | RBRK Stock News](https://longbridge.com/en/news/280157948.md) - [Microsoft-Backed OpenAI to Reportedly Start Showing Ads to Free, Go Users of ChatGPT in US](https://longbridge.com/en/news/280141022.md) - [Microsoft Sits At The Center Of The AI Supercycle, Analyst Says](https://longbridge.com/en/news/280359105.md) - [Microsoft rolls back some of its Copilot AI bloat on Windows](https://longbridge.com/en/news/279992243.md) - [Microsoft takes over abandoned Texas data center project](https://longbridge.com/en/news/280366280.md)