Microsoft confirms it has provided the FBI with BitLocker keys, raising concerns over cloud backup security. Experts remind users to check or delete keys stored in the cloud.
(Background: Will Grok replace Wikipedia? Elon Musk reveals xAI is developing “Grokipedia”: a major improvement over Wikipedia)
(Additional context: V神’s first review of LLM: Grok essentially saves the X platform “helps spread the truth,” but still has many hallucinations)

Table of Contents

• Microsoft: BitLocker keys can be handed over to law enforcement upon legal request
  • FBI Guam case opens the door
• How does the key backup mechanism work?
• What can users do?
  • Different options from Microsoft

The recent shocking incident of “Zhang Wen randomly injuring people” has not only drawn attention to the case itself but also sparked heated discussion about the investigation details of his laptop. Initial reports indicated that Zhang Wen’s ASUS laptop was protected by Microsoft’s BitLocker encryption and could not be cracked, but later, with official help, police successfully “broke” it, raising concerns about cybersecurity defenses.

However, what was even more surprising was that ASUS issued a statement clarifying that the laptop actually “did not enable encryption,” making the question of whether BitLocker can securely protect privacy data a hot topic.

Microsoft: BitLocker keys can be handed over to law enforcement upon legal request

Not long after the incident, Microsoft (Microsoft) surprisingly admitted yesterday (24th) that, when legally required, it will provide the recovery keys for Windows 11’s BitLocker to law enforcement agencies.

This statement stems from early 2025, when the FBI, during an investigation in Guam, directly requested the keys from Microsoft via a court-issued search warrant and successfully unlocked the suspect’s laptop. The incident shows that simply logging into a new computer with a Microsoft account during setup could back up the encryption keys to the cloud, making it easier than ever for the government to access data.

FBI Guam case opens the door

In 2025, the FBI investigated a case involving fraudulently claiming unemployment benefits during the pandemic. Instead of cracking passwords, agents submitted a search warrant to Microsoft. The company handed over the BitLocker keys as ordered, unlocking the hard drive on the spot and obtaining evidence. Microsoft later confirmed that it receives about 20 similar requests annually.

Although the number is small, it indicates that legitimate backdoors do exist.

How does the key backup mechanism work?

According to Windows Central, if users log into their Microsoft account during initial setup, the system will automatically enable BitLocker and synchronize the 48-digit recovery key to Microsoft’s cloud. Microsoft spokesperson Charles Chamberlayne stated:

This is a security feature to prevent users from losing data due to forgotten passwords.

The issue is that the keys are stored in a form readable by Microsoft employees and courts, not end-to-end encrypted. Windows Central comments that this approach is a “nightmare” for privacy, as any legal request can allow third parties to directly access the keys.

What can users do?

For crypto users, privacy and security are paramount. If you do not want to leave your keys in the cloud, you can take the following actions:

2. Check backups: Log in to account.microsoft.com/devices, review, and delete any BitLocker keys backed up to the cloud.

3. Use a local account: Switch to a local account login on Windows 11 to avoid automatic key synchronization.

4. Group Policy settings: Use Windows Pro’s Group Policy to disable uploading keys to Microsoft servers.

Of course, the cost of doing so is that if you forget your password and do not properly save your keys, your data will be unrecoverable forever. Please assess the risks accordingly.

Different options from Microsoft

In contrast, Apple refused to assist the FBI in unlocking the San Bernardino shooting case in 2016; additionally, Meta stores encryption keys in the cloud but uses a zero-knowledge architecture, encrypting keys on the server side so that only users can access them.