+- jsr -- 93d ----------------------------------------------------------------------------------------------------[...]+ | | | NEW: Microsoft turned over Bitlocker keys to FBI. | | | | https://blossom.primal.net/d53ad480f6b41bdac3078baa310c1c1f813fba8c981079b8afb23e0f250a06f4.png | | | | When you key escrow your disk encryption with someone, they can be targeted with a warrant. | | | | This case is a really good illustration that if you nudge users with a default to save their keys with you... they | | will do so & may not fully understand the implications. | | https://blossom.primal.net/6fd6c36cc07d44c8bd380439cb8fe0b3d2c23acc92f615ba804dcb1fdb0489cc.png | | | | Of course, once the requests start working... they are likely to accelerate. | | | | Story: | | https://www.forbes.com/sites/thomasbrewster/2026/01/22/microsoft-gave-fbi-keys-to-unlock-bitlocker-encrypted-data/ | | | +-- reply ---------------------------------------------------------------------------------------------- [2 replies] ---+NEW: Microsoft turned over Bitlocker keys to FBI. https://blossom.primal.net/d53ad480f6b41bdac3078baa310c1c1f813fba8c981079b8afb23e0f250a06f4.png When you key escrow your disk encryption with someone, they can be targeted with a warrant. This case is a really good illustration that if you nudge users with a default to save their keys with you... they will do so & may not fully understand the implications. https://blossom.primal.net/6fd6c36cc07d44c8bd380439cb8fe0b3d2c23acc92f615ba804dcb1fdb0489cc.png Of course, once the requests start working... they are likely to accelerate. Story: https://www.forbes.com/sites/thomasbrewster/2026/01/22/microsoft-gave-fbi-keys-to-unlock-bitlocker-encrypted-data/
thread · root ec5f47bc…69b9 · depth 1 · · selected ec5f47bc…69b9
thread
root ec5f47bc…69b9 · depth 1 · · selected ec5f47bc…69b9
NEW: Microsoft turned over Bitlocker keys to FBI.https://blossom.primal.net/d53ad480f6b41bdac3078baa310c1c1f813fba8c981079b8afb23e0f250a06f4.pngWhen you key escrow your disk encryption with someone, they can be targeted with a warrant.This case is a really good illustration that if you nudge users with a default to save their keys with you...they will do so & may not fully understand the implications.https://blossom.primal.net/6fd6c36cc07d44c8bd380439cb8fe0b3d2c23acc92f615ba804dcb1fdb0489cc.pngOf course, once the requests start working... they are likely to accelerate.Story:https://www.forbes.com/sites/thomasbrewster/2026/01/22/microsoft-gave-fbi-keys-to-unlock-bitlocker-encrypted-data/
I wonder if the same could happen to nostr:nprofile1qqs9mvjd9uym8ey4w5vevlrxqfesm666cm6su27svcwqfvj8ztvhlgspp4mhxue69uhkummn9ekx7mqprpmhxue69uhhyetvv9ujuumwdae8gtnnda3kjctvnewt57 users wouldn't it only need something similar against bitkey and apple/google where the other keys are stored on their servers? 🤔
There is also a way bigger flaw beyond this, and that is this Device Encryption feature (and by extension BitLocker) has **no PIN or password**. The device will just decrypt itself by powering on as it only uses the PC's TPM. The only threat this kind of protects against is the hard disk being removed from the PC. It doesn't prevent someone exploiting the OS to extract data like you commonly see in mobile device forensic tools...
This request for the recovery key is just to allow law enforcement to access the data while the hard disk is removed from the seized PC, because they insert hard disks into write blocked imaging kits to create a forensic clone of it's data to analyse with.
Back before TPMs were widely embedded into CPU firmware it wasn't common to see them get sniffed to get the keys. Anyone could do it too:
https://pulsesecurity.co.nz/articles/TPM-sniffing
BitLocker has a TPM+PIN, TPM+Key and TPM+PIN+Key pre-boot authentication setting but you need to tinker on Group Policy to do that. You'd also need to enable other policies to make the PIN an alphanumeric password...