How to encrypt your PC's disk without giving the keys to Microsoft
In early 2025, Forbes reports, investigators at the FBI served Microsoft with a warrant seeking the BitLocker encryption recovery keys for several laptops it believed held evidence of fraud in Guam's COVID-19 unemployment assistance program. And Microsoft complied with the FBI's request.
BitLocker is the name of the full-disk encryption technology that has been part of Windows for nearly two decades. Though initially only available to owners of the Pro editions of Windows who turned it on manually, during the Windows 8 era Microsoft began using BitLocker to encrypt local disks automatically for all Windows 11 Home and Pro PCs that signed in with a Microsoft account. Using BitLocker in this way also uploads a recovery key for your device to Microsoft's servers-this makes it possible to unlock your disk so you don't lose data if something goes wrong with your system, or if you install a CPU upgrade or some other hardware change that breaks BitLocker. But it also (apparently) makes it possible for Microsoft to unlock your disk, too.
A Microsoft rep said that the company handled "around 20" similar BitLocker recovery key requests from government authorities per year, and that these requests often fail because users haven't stored their recovery keys on Microsoft's servers. Microsoft and other tech companies have generally refused requests to install universal encryption backdoors for law enforcement purposes, and some companies (like Apple) claim to store device encryption keys using another layer of encryption that renders the keys inaccessible to the company.