techcrunch.com
Microsoft provided the FBI with BitLocker recovery keys to unlock three laptops involved in a fraud investigation regarding Pandemic Unemployment Assistance in Guam. As Forbes reports, these keys are automatically uploaded to Microsoft’s cloud by default, allowing the company to share them with law enforcement upon receiving a valid warrant. Microsoft averages about 20 such requests annually.
Privacy experts, like cryptography professor Matthew Green, warn of the risks: beyond police access, if Microsoft’s cloud infrastructure is compromised by malicious hackers, they could gain access to these decryption keys. While hackers would still need physical access to the drives to use them, critics argue this centralized storage of critical decryption keys makes Microsoft an outlier in security vulnerability.
Read More
