Microsoft may give BitLocker recovery keys to law enforcement if stored in cloud

Microsoft has confirmed to Forbes that it will provide BitLocker recovery keys to law enforcement when served with a valid legal order, but only if the recovery key was backed up to Microsoft’s cloud rather than stored locally, according to ZDNET. The reported case involved FBI agents in Guam who sought BitLocker-encrypted files as part of an investigation; Microsoft concluded the request was justified and turned over the necessary keys, ZDNET says.

The company receives about 20 requests for BitLocker keys a year but often cannot comply when users have not stored keys in the cloud. ZDNET notes Microsoft encourages users to back up recovery keys to the cloud for convenience in case of hardware changes or boot problems. A Microsoft spokesperson told ZDNET that customers can choose to store keys locally or in Microsoft’s cloud and that while cloud recovery offers convenience it also carries a risk of unwanted access, so customers should decide how to manage keys.

Security experts cited by ZDNET frame the issue as a lawful-process question rather than a cryptographic backdoor. Jason Soroko warned that when a company stores recovery keys it can be compelled to hand them over, and he called for stronger guardrails, narrow warrants and defaults that do not routinize third‑party key escrow.

ZDNET also recalls a 2013 report that the FBI’s request for a BitLocker backdoor was refused.

bitlocker recovery keys, bitlocker cloud backup, microsoft provides keys, fbi guam bitlocker, store keys locally, third-party key escrow, jason soroko warning, legal orders for keys, zdnet forbes reporting, windows bitlocker settings