Confirmation that Microsoft handed over BitLocker keys to the FBI for three Windows laptops is being contrasted with Apple standing up to the same agency back in 2015.
However, the comparison isn’t actually fair, and there is a simple way for Windows users to ensure their encrypted data remains secure …
A quick recap on Apple standing up to the FBI
The mass killing of 14 people in San Bernardino in December 2015 saw the FBI trying to access what it described as “relevant and critical data” on the locked iPhone of one of the shooters. The agency asked Apple to help it break into the phone.
The only way Apple could have complied in this particular case was to have broken the strong encryption used by the Secure Enclave to protect access to iPhones. Since doing so would have compromised all iPhones, not just this individual one, the company refused.
The case led to an extremely high-profile battle between the iPhone maker and the federal law enforcement agency. We stood firmly on Apple’s side, and the company was eventually vindicated when it was shown that there were other steps the FBI could take without compromising the security of all iPhone users.
There was a shorter rerun of the battle in a subsequent shooting in Pensacola. Again, Apple stood firm, and again the FBI was able to use other means to access the data.
Microsoft handed over BitLocker keys to the FBI
Both Macs and Windows laptops use strong encryption to protect the data stored on them. In the case of Windows, the encryption system is known as BitLocker.
Microsoft has recently confirmed reports that it handed over to the FBI the BitLocker keys for three laptops the agency had seized as part of a fraud investigation. Some are contrasting this with Apple’s stance, claiming that Microsoft has capitulated.
The FBI went to Microsoft last year with a warrant, asking them to hand over keys to unlock encrypted data stored on three laptops as part of an investigation into potential fraud involving the COVID unemployment assistance program in Guam — and Microsoft complied.
Typically, companies resist handing over encryption keys to authorities. Most famously, Apple refused to grant the FBI access to a phone used by the San Bernardino shooters in 2016. The FBI eventually found a third-party to hack their way into the phone, but ultimately withdrew its case.
However, this isn’t fair. Microsoft was able to hand over the keys because the users concerned had chosen to store a copy on Microsoft’s cloud service. This uses weak rather than strong encryption so that the company can gain access to the keys. This is a deliberate move so that it can help customers regain access to their laptops if they lose their passcode.
Anyone who does not want Microsoft to have this access can choose not to store a copy of the keys online.
This is similar to iCloud
For a long time, iCloud data was similarly protected with only weak encryption, meaning that Apple had a copy of the keys. It could and did hand over these to law enforcement agencies when presented with a valid court order, exactly as Microsoft has done here.
Over the years, Apple has gradually applied end-to-end encryption to a growing number of iCloud data categories. This means that, for these categories, the company has no means of granting access.
Apple last year gave users the option of enabling strong encryption for all of their iCloud data using a feature called Advanced Data Protection (ADP). This is not switched on by default precisely because it would leave the company unable to assist users who have lost their passcodes, potentially losing access to years of photographs and other precious data.
Indeed, very few users even knew about ADP until the British government unwittingly provided global publicity for it. Apple took full advantage of this.
However, if you haven’t opted to enable ADP, then Apple does still have access to some of your iCloud data and will continue to hand it over to law enforcement agencies when required by law to do so. Both Apple and Microsoft ultimately leave the choice to users.
- Official Apple Store on Amazon
- Wireless CarPlay adapter
- NordVPN – privacy-first VPN with no logs and independent audits to verify
- Official Apple iPhone Air cases and bumpers
- iPhone Air MagSafe Battery
- Official iPhone cases: iPhone 17 | iPhone 17 Pro and Pro Max | iPhone Air
Photo by Philipp Katzenberger on Unsplash
FTC: We use income earning auto affiliate links. More.
Comments