Microsoft gave FBI set of BitLocker encryption keys to unlock suspects' laptops

Posted by bookofjoe 1/23/2026

Microsoft gave FBI set of BitLocker encryption keys to unlock suspects' laptops(techcrunch.com)

1040 points | 662 commentspage 7

gdevenyi 1/23/2026|

What was the point of mandatory TPM then? I thought they were storing the keys securely there!

layer8 1/23/2026|

Keys are stored securely in a TPM in the sense that a random program has no access to it. They are not stored safely there in the sense that they couldn’t possibly get destroyed. TPM hardware, or the motherboard that hosts it, occasionally fails. Or you might want to migrate your physical hard drive to a different PC. That’s the purpose of backing up the keys to the cloud. Alternatively, you can write down a recovery key and put it in your safe. Personally, I put it in my password vault that also happens to be backed up to the cloud (though not Microsoft’s).

direwolf20 1/23/2026||

There's also no security in the communication between the CPU and the TPM, so you can plug in a chip that intercepts it and copies all the keys, or plug the TPM into a chip that pretends to be the CPU and derives identical keys.

vel0city 1/24/2026|||

The TPM on most computers these days is a sectioned off part of the CPU that only talks through channels on the package/die (fTPM). Good luck plugging something in on that.

gethly 1/23/2026||

it's like microsoft has nothing better to do other than keep digging the hole to burry windows as mainstay operating system deeper and deeper with every new day.

heavyset_go 1/23/2026||

Your firmware and UEFI likely accept MS keys even if you supplied your own for Secure Boot. Sometimes the keys are unable to be removed, or they'll appear "removed" but still present because losing the keys could break firmware updates/option ROMs/etc.

Similarly, your TPM is protected by keys Intel or AMD can give anyone.

If you want to extrapolate, your Yubikey was supplied by an American company with big contracts to supply government with their products. Since it's closed source and you can't verify what it runs, a similar thing could possibly happen with your smartcard/GPG/pass keys.

londons_explore 1/23/2026|

> The case involved several people suspected of fraud related to the Pandemic Unemployment Assistance program

If it were preventing a mass murder I might feel differently...

But this is protecting the money supply (and indirectly the governments control).

Not a reason to violate privacy IMO, especially when at the time this was done these people were only suspected of fraud, not convicted.

Aurornis 1/23/2026||

> Not a reason to violate privacy IMO, especially when at the time this was done these people were only suspected of fraud, not convicted.

Well you can't really wait until the conviction to collect evidence in a criminal trial.

There are several stages that law enforcement must go through to get a warrant like this. The police didn't literally phone up Microsoft and ask for the keys to someone's laptop on a hunch. They had to have already confiscated the laptop, which means they had to have collected enough early evidence to prove suspicion and get a judge to sign off and so on.

SoftTalker 1/23/2026||

They had a warrant. That's enough. Nobody at Microsoft is going to be willing to go to jail for contempt to protect fraudsters grifting off of the public taxpayer. Would you?

beeflet 1/23/2026||

Yes. Businesses have a moral responsibility to honor their agreements with their stakeholders above the government.