Microsoft has confirmed that it handed over encryption recovery keys to the US government after receiving a legal warrant, a move that has raised serious concerns about digital privacy.
The request came from the Federal Bureau of Investigation during an investigation into suspected fraud linked to COVID unemployment assistance in Guam. The keys were used to unlock encrypted data stored on three laptops.
In most past cases, major technology companies have pushed back strongly when authorities asked for access to encrypted user data. A well-known example dates back to 2016, when Apple refused to help the FBI unlock an iPhone connected to the San Bernardino shooting. At that time, many tech companies supported Apple’s stance, including Microsoft, which argued that creating access for governments could weaken security for everyone.
This case took a different turn. Microsoft told Forbes that it does provide BitLocker recovery keys if it receives a valid legal order. A company spokesperson explained that customers can choose where their encryption keys are stored. If users keep their keys locally, Microsoft cannot access them. But if they store those keys in Microsoft’s cloud, the company is legally required to hand them over when ordered by a court.
Microsoft acknowledged that cloud-based key storage is convenient, especially if users lose access to their devices. At the same time, the company admitted that this convenience comes with a real risk, as it allows third parties to gain access under legal pressure.
The decision has drawn criticism from privacy advocates and lawmakers. US Senator Ron Wyden described it as irresponsible for companies to quietly hand over users’ encryption keys. Civil rights groups such as the American Civil Liberties Union warned that this could set a troubling precedent for the future.
Privacy experts say the biggest concern is not just this single case, but what it could lead to next. If US authorities can obtain encryption keys, other governments may demand the same access, including those with poor human rights records. This could put journalists, activists, and ordinary users at risk, especially outside the United States.
The incident has reopened a long-running debate about encryption, privacy, and government surveillance. While companies say they must follow the law, critics argue that giving authorities access to encryption keys weakens trust and undermines the security protections users depend on every day.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
