reSee.it - Tweets Saved By @matthew_d_green

matthew_d_green
Posted - January 23, 2026 at 1:58 PM
Saved - January 23, 2026 at 11:32 PM
reSee.it AI Summary
I note that Microsoft hands BitLocker recovery keys to law enforcement. BitLocker protects drives, but recovery keys aren’t end-to-end encrypted, so Microsoft can hand them over on request. That weakens security for journalists and highlights a broader flaw: if MS can leak data, anyone who compromises cloud or forges LE requests could access it. By 2026, these concerns have lingered, making MS an industry outlier.

@matthew_d_green - Matthew Green

Microsoft is handing over Bitlocker keys to law enforcement. https://www.forbes.com/sites/thomasbrewster/2026/01/22/microsoft-gave-fbi-keys-to-unlock-bitlocker-encrypted-data/

Microsoft Gave FBI BitLocker Encryption Keys, Exposing Privacy Flaw The tech giant said providing encryption keys was a standard response to a court order. But companies like Apple and Meta set up their systems so such a privacy violation isn’t possible. forbes.com

@matthew_d_green - Matthew Green

For those who don’t have context, Bitlocker is the built-in drive encryption in Windows. This is supposed to protect the data on your machine from being accessed without authorization. In many configurations, Windows will upload a recovery key to your Microsoft cloud account.

@matthew_d_green - Matthew Green

The problem is that these recovery keys aren’t encrypted end-to-end in a way that Microsoft can’t access. So if law enforcement wants to access your encrypted drive (even without knowing your password) they can just ask Microsoft for the key. And Microsoft will hand it over.

@matthew_d_green - Matthew Green

Once upon a time you could assume (mostly) that any Federal law enforcement agency doing this would be operating within the bounds of the law. Nowadays, who knows. I sure wouldn’t want to be a journalist relying on Bitlocker. https://www.cnn.com/2026/01/21/media/washington-post-hannah-natanson-fbi-doj-devices

The Washington Post demands government return devices seized in raid of reporter’s home | CNN Business The Post is demanding in court that the federal government return electronic devices it seized during last week’s FBI search of reporter Hannah Natanson’s home. cnn.com

@matthew_d_green - Matthew Green

But more broadly, this highlights a fundamental weakness. If MS can easily produce this data to law enforcement, then anyone who compromises their cloud infrastructure (or customer service infrastructure; or can forge a plausible LE request) can potentially access that data.

@matthew_d_green - Matthew Green

It’s 2026 and these concerns have been known for years. Microsoft’s inability to secure critical customer keys is starting to make it an outlier from the rest of the industry.

View Full Interactive Feed