• Microsoft provided the FBI with BitLocker recovery keys for three laptops seized in a fraud investigation related to Guam's Pandemic Unemployment Assistance program.
• BitLocker, Windows' full-disk encryption enabled by default, uploads recovery keys to Microsoft's cloud by default, allowing access by Microsoft and law enforcement with a warrant.
• Microsoft receives about 20 such requests per year and complies; a spokesperson did not comment for TechCrunch.
• Cryptography expert Matthew Green criticized Microsoft for not securing keys better, noting repeated cloud breaches and industry lag.
• Risks include hackers compromising Microsoft's cloud to steal keys (requiring physical drive access) and privacy concerns from key escrow.

Hacker News Discussion

• Users debate defaults: reasonable for average users to protect against theft while allowing recovery, but power users should avoid cloud upload using local accounts.
• Complaints about Microsoft pushing Microsoft accounts, auto-uploading data (e.g., via Teams, Edge), and difficulty opting out without re-encrypting.
• Comparisons to Apple FileVault/iCloud: Apple prompts choice and uses E2EE keychain; Microsoft criticized for sneaky behavior and lacking clear warnings.
• Suggestions to switch to Linux for privacy; distrust in Microsoft due to ads, updates overriding settings, and potential key upload even when opted out.
• Broader concerns: warrants compel compliance, but better design (no key collection) prevents issues; cosmic ray bit-flips or bugs could accidentally upload keys.

Bitlocker gives users the option of storing their keys on MS servers. US law enforcement approaches MS for these keys, and MS provides them. Why would anyone store keys on a remote server not under your control?