These have different meanings. Microsoft is legally entitled to refuse a request from law enforcement, and subject to criminal penalties if it refuses a valid legal order.

It does illustrate a significant vulnerability in that Microsoft has access to user keys by default. The public cannot be sure that Microsoft employees or criminals are unable to access those keys.

Do we really, really, fully understand the implications of allowing for private contracts that can trump criminal law?

The second, very clear, argument is that the state can't be trusted in the long run. Period. Maybe you love your elected officials today but tomorrow they could be actively out to harm you. Every tool we allow the state to use needs to be viewed with this level of extreme skepticism and even very clear benefits need to be debated vigorously.

Encryption, and technologies like it, may allow hiding criminal activity but they also provide people a sense of security to think freely and stave off political power grabs. We recognize the fundamental right to free speech and give great latitude to it even when it is harmful and hateful, we need to recognize the fundamental right to free thought and recognize that encryption and similar tools are critical to it.

With Intel Panther Lake (I'm not sure about AMD), Bitlocker will be entirely hardware-accelerated using dedicated SoC engines – which is a huge improvement and addresses many commonly known Full Disk Encryption vulnerabilities. However, in my opinion some changes still need to be made, particularly for machines without hardware acceleration support:

- Let users opt out of storing recovery keys online during setup.

- Let users choose between TPM or password based FDE during setup and let them switch between those options without forcing them to deal with group policies and the CLI.

- Change the KDF to a memory-hard KDF - this is important for both password and PIN protected FDE. It's 2026 - we shouldn't be spamming SHA256 anymore.

- Remove the 20 char limit from PIN protectors and make them alphanumerical by default. Windows 11 requires TPM 2.0 anyway so there's no point in enforcing a 20 char limit.

- Enable TPM parameter encryption for the same reasons outlined above.

Is how bitlocker works not well known perhaps? I don't think it's a secret. The whole schtick is that you get to manage windows computers in a corporate fleet remotely, that includes being able to lock-out or unlock volumes. The only other way to do that would be for the person using the device to store the keys somewhere locally, but the whole point is you don't trust the people using the computers, they're employees. If they get fired, or if they lose the laptop, them being the only people who can unlock the bitlocker volume is a very bad situation. Even that aside, the logistics of people switching laptops, help desk getting a laptop and needing to access the volume and similar scenarios have to be addressed. Nothing about this and how bitlocker works is new.

Even in the safer political climates of pre-2025, you're still looking at prosecution if you resist a lawful order. You can fight gag-orders, or the legality of a request, but without a court order to countermand the feds request, you have to comply.

Microsoft would do the same in China, Europe, middle east,etc.. the FBI isn't special.

These sorts of things should be very unsurprising to the people who depend on them...

Based on the sheer number of third parties we're required to use for our day to day lives, that is ridiculous and Third Party Doctrine should be eliminated.

Ref: https://en.wikipedia.org/wiki/Third-party_doctrine

Article and facts are “…if served with a valid legal order compelling it”

∴ Headline is clickbait.

When someone is arrested, the police can get a subpoena to enter your house, right?

There they can collect evidence regarding the case.

Digital protections should exist, but should they exist beyond what is available in the physical world? If so, why?

I think the wording of this is far too lenient and I understand the controversy of "if asked" vs "valid legal order", neither of which strictly say "subpoena", and of course, the controversy of how laws are interpreted/ignored in one country in particularly (yes, I'm looking at you USA).

Should there be a middle ground? Or should we always consider anything that is digital off-limits?

I'm all for criticizing tech companies but it's pointless to demand the impossible.

This is blurring of fact drives click bait.

The origin of this is a Forbes article[0] where the quote is: "Microsoft confirmed to Forbes that it does provide BitLocker recovery keys if it receives a valid legal order."

[0] https://www.forbes.com/sites/thomasbrewster/2026/01/22/micro...

If you use a Local Account (which requires bypassing the OOBE internet check during setup) or explicitly disable key backup, the key never leaves the TPM. The issue isn't the encryption algorithm its the convenience selection.

Given that the us government is happy to execute us citizens and invade other countries that basically means everyone.

How is this any different?

If you encrypt your drive and upload the key to Microsoft, you are engaging in anti-competitive behavior since you give them access to your data, but not also to the local thief.

Just don't encrypt your drive if you cant be bothered to secure your key. Encryption-neutrality.

And earlier: https://news.ycombinator.com/item?id=46735545

Just because the article is click bait doesn't mean the HN entry needs to be, too.

Sure, the fact that MS has your keys at all is no less problematic for it, but the article clearly explains that MS will do this if legally ordered to do so. Not "when the FBI asks for it".

Which is how things work: when the courts order you to do something, you either do that thing, or you are yourself violating the law.

sixcolors.com/post/2025/09/filevault-on-macos-tahoe-no-longer-uses-icloud-to-store-its-recovery-key/

Still crap but the headline is intentionally inaccurate for clickbaiting

> Microsoft confirms it will give the FBI your Windows PC data encryption key if asked

> Microsoft says it will hand those over to the FBI if requested via legal order

Microsoft complying with legal orders is not news. But why hire actual journalists when you can just lie in your headlines and still get clicks?

Edit: Nevermind.