The secret services will get your key. Microsoft explains itself

In a statement published in Forbes, Microsoft admitted that the company may release BitLocker encryption keys if a court order is issued. Thanks to such keys, it is possible to decrypt and obtain data on Windows computers, which means that services can get to our devices and download data from them.

Reports on this topic surfaced after Forbes described a case involving Microsoft transferring BitLocker keys from a device on the island of Guam. The FBI believed there was evidence of embezzlement of funds from the unemployment assistance program. The situation took place at the beginning of 2025.

The key transfer was possible because Windows 11 saves BitLocker keys in the cloud by default, as the system forces the use of a Microsoft account. This is intended to make it easier to regain access to your computer, but this setting must be manually disabled if you want the keys to be stored only locally. In practice, every new Windows user has key sending to the cloud automatically enabled.

Microsoft revealed to Forbes that it receives about 20 FBI requests for BitLocker keys a year, but in most cases it cannot comply because the key was never uploaded to the company’s servers.

It is worth noting that some large technology companies approach encryption in a completely different way. Apple consistently refuses to share encrypted data and opposes the creation of backdoors. Meta uses a zero-knowledge architecture in which the keys are additionally encrypted on the server side, so even the company itself does not have access to them.

Against this background, Microsoft’s approach is surprisingly weak. BitLocker keys stored in the cloud are not additionally encrypted, which means that the company can read them and pass them on to the services. This goes against the expectations of users, who assume that their data remains private even when the key is backed up to the cloud. As a result, we are dealing with a serious privacy problem.