In context: Tech companies promote device encryption to reassure customers that their data remains private. Some, such as Apple, have resisted requests from authorities to bypass encryption. However, a case in Guam last year revealed that Microsoft's default encryption settings make keys accessible to law enforcement.
Forbes reports that Microsoft complied with an FBI request for decryption keys to a suspect's personal laptops last year. While the company said it cannot fulfill every request, the case suggests that Windows devices are less private than those with stricter encryption policies, such as iPhones.
Windows PCs typically protect their data with PINs or other sign-in methods using BitLocker encryption. While the system is not foolproof, the FBI, ICE, and other authorities acknowledge that bypassing it is difficult.
Apple devices use similar protections, a policy that has led to high-profile cases in which the company refused to help authorities unlock suspects' iPhones. However, unlike Apple, which makes device encryption keys unrecoverable even for itself, Microsoft stores BitLocker keys on its servers by default.
Windows users can manually back up their BitLocker keys and remove them from Microsoft's servers, but most are likely unaware of this option. If Redmond receives a court order for encryption keys and finds them linked to a user's account, the company typically complies.
Apple handles iCloud encryption keys in a similar way. Chief executive Tim Cook explained that users often forget their iCloud passwords, in which case the company can remotely unlock their accounts. While Microsoft keeps BitLocker keys on file for the same reason – errors can sometimes lock PCs into recovery mode – Apple secures personal devices with separate, unrecoverable keys.
The Guam case involved three laptops belonging to Charissa Tenorio, who allegedly embezzled nearly $2 million from Covid relief funds, according to a federal grand jury indictment. Tenorio has pleaded not guilty, and the case remains ongoing.
Microsoft said it receives roughly 20 BitLocker requests per year, but users often choose to store their keys separately, keeping the company out of the process. Still, security and privacy experts worry that, now that Microsoft is known to comply at times, authorities may make such requests more frequently.
The debate over encryption and law enforcement access is part of a broader concern about digital privacy and security. A Microsoft engineer revealed that in 2013, the company refused a request to install a backdoor in BitLocker. Security experts have repeatedly shown that hackers and cybercriminals inevitably exploit such backdoors. Last year, Apple faced a legal battle with the UK government after it demanded the company create a backdoor for iCloud.