Microsoft gave FBI a set of BitLocker encryption keys to unlock suspects’ laptops: Reports

Microsoft provided the Federal Bureau of Investigation with recovery keys that allowed investigators to unlock encrypted data on the hard drives of three laptops as part of a federal probe, according to a report published Friday by Forbes.

Many modern Windows computers use full-disk encryption, known as BitLocker, which is enabled by default on most devices. The technology is designed to prevent anyone other than the device owner from accessing stored data when a computer is locked or powered off.

However, by default, BitLocker recovery keys are backed up to Microsoft’s cloud. That setup means Microsoft — and, through legal requests, law enforcement — can access those keys and use them to decrypt BitLocker-protected drives, as occurred in the case detailed by Forbes.

The investigation centred on several individuals suspected of fraud involving the Pandemic Unemployment Assistance program in Guam. The local outlet Pacific Daily News reported last year that authorities had served Microsoft with a warrant related to the suspects’ hard drives. Another Guam-based publication, Kandit News, reported in October that the FBI sought the warrant roughly six months after seizing the three laptops, all of which were encrypted with BitLocker.

A Microsoft spokesperson did not immediately respond to a request for comment. In a statement to Forbes, Microsoft said it occasionally provides BitLocker recovery keys to law enforcement and receives about 20 such requests each year.

Beyond the privacy implications of third-party storage of recovery keys, cryptography expert Matthew Green of Johns Hopkins University highlighted a broader security concern. Green warned that malicious hackers could breach Microsoft’s cloud systems — something that has happened multiple times in recent years — and gain access to stored recovery keys. While attackers would still need physical access to a device’s hard drive to use those keys, the risk remains.

“It’s 2026 and these concerns have been known for years,” Green wrote in a post on Bluesky. “Microsoft’s inability to secure critical customer keys is starting to make it an outlier from the rest of the industry.”