Microsoft Confirms Providing BitLocker Keys to FBI in Guam Fraud Case
Microsoft has confirmed it provided BitLocker encryption keys to the Federal Bureau of Investigation (FBI) in early 2023. This compliance was in connection with a fraud investigation in Guam, marking the first known instance of the company complying with a warrant to turn over such keys.
Microsoft states it provides these keys when they are stored on its servers and a valid legal order is received, a policy that has prompted discussion and comparisons to other technology companies' approaches to data encryption and user privacy.
Microsoft's Compliance and Policy
In early 2023, the FBI served Microsoft with a search warrant. The warrant sought recovery keys to unlock encrypted data on three laptops involved in an investigation concerning alleged theft from the COVID-19 unemployment assistance fund in Guam. Microsoft complied, providing the requested BitLocker recovery keys.
BitLocker is an encryption feature often automatically enabled on modern Windows PCs. It is designed to encrypt data, requiring a key for decoding. Users have the option to store these encryption keys either locally on their own devices or on Microsoft's cloud servers.
According to a Microsoft spokesperson, the company is legally obligated to produce keys stored on its servers when presented with a valid legal order. While cloud storage offers convenience for users who may need to recover lost keys, it also makes those keys accessible to law enforcement with appropriate legal authorization.
Microsoft reportedly receives approximately 20 requests for BitLocker keys annually. In many cases, the company cannot assist because users have not stored their keys in the cloud. The Guam court docket indicates the warrant was successfully executed, and information from a defendant's computer, including references to Microsoft-provided BitLocker keys, has been included in prosecutors' disclosures. The case remains ongoing.
Industry Comparisons and Data Protection
This event has led to comparisons with the data encryption policies of other technology companies, particularly Apple. In December 2015, the FBI sought Apple's assistance to access a locked iPhone belonging to one of the San Bernardino shooters. Apple declined the request, citing concerns that complying would necessitate compromising the strong encryption of the Secure Enclave, which it stated would undermine the security of all iPhones. The FBI subsequently used alternative methods to access the data. A similar situation occurred in Pensacola, with Apple again refusing and the FBI finding alternative access methods.
Regarding its iCloud service, Apple has implemented evolving data encryption policies. Historically, some iCloud data categories were protected with weaker encryption, allowing Apple to hold copies of keys and provide them to law enforcement with a valid court order. Over time, Apple has increased its use of end-to-end encryption for a significant portion of iCloud data, making it technically impossible for the company to grant access for these categories.
Last year, Apple introduced Advanced Data Protection (ADP), an opt-in feature that allows users to enable strong encryption for all their iCloud data. This feature is not enabled by default, as it would prevent Apple from assisting users who lose their passcodes, potentially leading to permanent data loss. If ADP is not enabled, Apple retains access to some iCloud data and will comply with legal requests from law enforcement agencies.
Cryptography expert Matt Green from Johns Hopkins University stated that Microsoft's approach of maintaining access to user data makes it distinct among comparable tech giants in terms of user key protection.
He contrasted this with systems like Apple's FileVault and Meta's WhatsApp, where users can store keys in encrypted cloud files that are designed to be inaccessible to the service providers or law enforcement.
Concerns from Lawmakers and Privacy Advocates
The practice of technology companies providing encryption keys to law enforcement has prompted concerns among lawmakers and privacy advocacy groups. Senator Ron Wyden expressed concerns regarding tech companies designing products that allow them to provide users' encryption keys, citing potential risks to personal safety and security.
Jennifer Granick of the American Civil Liberties Union (ACLU) noted that remote storage of decryption keys can present risks, particularly given the possibility of demands from foreign governments with varying human rights records.
Granick also raised concerns regarding the broad scope of information potentially accessible to law enforcement via BitLocker keys, which could extend to an entire hard drive rather than being limited to the timeframe of specific crimes.
Experts have suggested that Microsoft could encourage users to install a key on a hardware device, such as a thumb drive, as a backup option, though this is not the default setting for BitLocker. An expert with ICE’s Homeland Security Investigations unit stated in 2025 that their agency lacked forensic tools to bypass BitLocker or similar encryption without the keys.
Both Microsoft and Apple offer users choices regarding data encryption and the storage of recovery keys, which influences whether the companies can assist with data recovery or comply with law enforcement requests. Following Microsoft's confirmed compliance, Green predicted a potential increase in law enforcement demands for encryption keys.