Key Takeaways
1. Apple and Google cannot unlock encrypted devices for law enforcement requests, while Microsoft can provide BitLocker recovery keys if stored in the cloud.
2. BitLocker is a Windows encryption tool that protects data on hard drives and generates a recovery key for emergencies.
3. Users can back up the BitLocker recovery key by printing it, saving it on a USB drive, or storing it in the cloud via a Microsoft account.
4. Microsoft will release BitLocker keys to authorities with a legitimate court order, highlighting their access to this data.
5. Storing recovery keys in the cloud offers convenience but raises security concerns about unauthorized access and the potential for key exposure.
Apple and Google often emphasize that they cannot unlock their customers’ encrypted devices, like smartphones or tablets, even if law enforcement requests them to. The case with Microsoft and its Windows encryption tool, BitLocker, is a bit more complicated. If a user saves the recovery key in the cloud, Microsoft can provide that key to the authorities.
What is BitLocker?
BitLocker is a drive encryption tool built into Windows that safeguards data on hard drives from unauthorized access, especially in cases of device theft. During the setup process, a recovery key is created to help regain access to the system in emergencies. Windows offers several methods for backing up this key: it can be printed, saved on a USB drive, or directly stored in the cloud via a Microsoft account.
Storing Keys in the Cloud
If you opt to keep your data in your Microsoft account, it will be stored on the company’s servers located in Redmond. Microsoft has confirmed to Forbes that they release these BitLocker keys when a legitimate court order is presented. The FBI makes about 20 such requests each year. This indicates that Microsoft does have access to the key data, though it’s not clear if this information is stored on their servers in plain text or if it is encrypted.
Concerns About Security
Nonetheless, just because data is stored in the cloud doesn’t mean the provider can read it. The recovery keys might be kept in a way that encrypts them, possibly with a separate password or hash that belongs to the user. In this case, Microsoft could store the data but would be unable to see it in plaintext or share it with law enforcement. Since the company can release the keys when a court order is presented, this type of protection clearly does not apply here. This situation raises concerns about the security of recovery keys that are saved in the cloud.
Microsoft spokesman Charles Chamberlayne pointed out that while using cloud recovery is convenient, it also presents the risk of unauthorized access. Therefore, users need to consider if the convenience outweighs the risks, or if they should keep the key stored locally.
Source:
Link
Leave a Reply