Microsoft reveals that it has handed over recovery keys to decrypt customer data to the FBI



In 2025, it was revealed that Microsoft had handed over

recovery keys for BitLocker , a hard drive encryption software, to the Federal Bureau of Investigation (FBI) based on a search warrant related to a fraud investigation in Guam. This was the first time that Microsoft had provided BitLocker recovery keys to law enforcement agencies, and it attracted attention.

Microsoft handed the government encryption keys for customer data | The Verge
https://www.theverge.com/news/867244/microsoft-bitlocker-privacy-fbi

Microsoft Reportedly Turned Over BitLocker Encryption Keys to the FBI
https://gizmodo.com/microsoft-reportedly-turned-over-bitlocker-encryption-keys-to-the-fbi-2000713550

BitLocker is encryption software that is enabled by default on many Windows PCs, and its primary function is to encrypt data on your PC in case it is lost or stolen.

BitLocker encryption can be decrypted using a recovery key stored locally on the user's device, but Microsoft recommends backing up the recovery key to the cloud.

Backing up your recovery key allows you to recover your data if you forget your password, but it also exposes you to the risk that law enforcement, hackers, or others may gain access to your encrypted data.



On January 23, 2026, local time, it was first

reported that Microsoft had provided the FBI with BitLocker recovery keys, which allowed the FBI to successfully decrypt data stored on three seized laptops.

Microsoft says it receives about 20 requests for BitLocker recovery keys each year, but it can't fulfill these requests if users don't back up their recovery keys to the cloud.

The FBI has asked Microsoft to provide BitLocker recovery keys as part of its investigation into a fraud ring linked to unemployment assistance programs related to the COVID-19 pandemic in Guam.

The scammers sought BitLocker recovery keys to access data on three laptops seized during an investigation into a company owned by Charissa Tenorio, the sister of Guam Lt. Gov. Josh Tenorio.



Microsoft's decision to provide BitLocker recovery keys to law enforcement has raised alarm among the cybersecurity community.

Matthew Green, a security expert at Johns Hopkins University, said, 'BitLocker is a hard drive encryption feature built into Windows. It's designed to prevent unauthorized access to data on your machine. In many settings, Windows uploads recovery keys to your Microsoft cloud account. The problem is that these recovery keys aren't end-to-end encrypted so that Microsoft can't access them. If law enforcement wants to access an encrypted drive, they don't need to know the password; they just need to request a recovery key from Microsoft. Microsoft then hands over the recovery key. In the past, law enforcement could assume that this was largely within the law, but now we don't know what will happen. I don't want to be a journalist who relies on Bitlocker.'

The problem with this is that these recovery keys aren't encrypted end-to-end in a way that Microsoft can't access. So if law enforcement wants to access your encrypted drive (even without knowing your password) they can just ask Microsoft for the key. And Microsoft will hand it over.

— Matthew Green ( @matthewdgreen.bsky.social ) January 23, 2026, 11:14 PM



Related Posts:

in Software,   Security, Posted by logu_ii