Beyond the crypto architecture debate, I don't really understand how could anyone imagine a world where MS could just refuse such a request. How exactly would we draft laws to this effect, "the authorities can subpoena for any piece of evidence, except when complying to such a request might break the contractual obligations of a third party towards the suspect"?
Do we really, really, fully understand the implications of allowing for private contracts that can trump criminal law?
They could just ask before uploading your encryption key to the cloud. Instead they force people to use a Microsoft Account to set up their windows and store the key without explicit consent
That's a crypto architecture design choice, MS opted for the user-friendly key escrow option instead of the more secure strong local key - that requires a competent user setting a strong password and saving recovery codes, understanding the disastrous implication of a key loss etc.
Given the abilities of the median MS client, the better choice is not obvious at all, while "protecting from a nation-state adversary" was definitely not one of the goals.
Protecting from a nation state adversary should probably be a goal for the kind of enterprise software MS sells.
Protecting from specifically the nation state that hosts and regulates Microsoft and its biggest clients, probably not.
While you're right, they also went out of their way to prevent competent users from using local accounts and/or not upload their BitLocker keys.
I could understand if the default is an online account + automatic key upload, but only if you add an opt-out option to it. It might not even be visible by default, like, idk, hide it somewhere so that you can be sure that the median MS user won't see it and won't think about it. But just fully refusing to allow your users to decide against uploading the encryption key to your servers is evil, straight up.
You can just ... not select the option to upload your keys to MS? During the setup you get to choose where to store your bitlocker recovery key.
The alternative is just not having FDE on by default, it really isn't "require utterly clueless non-technical users to go through complicated opt-in procedure for backups to avoid losing all their data when they forget their password".
And AFAICT, they do ask, even if the flow is clearly designed to get the user to back up their keys online.
Forcing implies there are zero ways to begin with a local only account (or other non-Microsoft Account). That's simply not true.
Disagree. If the path is shrouded behind key presses and commands which are unpublished by MS (and in some instances routes that have been closed), it may as well be.
> it may as well be.
That defies the definition of "forced". Forced means no option. You can disagree all you want -- but at a technical level, you're incorrect.
Try doing this as a normies without technical guidance. Technically correct, this time, is not the benchmark.
> How exactly would we draft laws to this effect, "the authorities can subpoena for any piece of evidence, except when complying to such a request might break the contractual obligations of a third party towards the suspect"?
Perhaps in this case they should be required to get a warrant rather than a subpoena?
Encrypt the BL key with the user's password? I mean there are a lot of technical solutions besides "we're gonna keep the BL keys in the clear and readily available for anyone".
For something as widely adopted as Windows, the only sensible alternative is to not encrypt the disk by default.
The default behavior will never ever be to "encrypt the disk by a key and encrypt the key with the user's password." It just doesn't work in real life. You'll have thousands of users who lost access to their disks every week.
I thought this was what happened. Clearly not :( That’s the idea with services like 1Password (which I suppose is ultimately doing the same thing) - you need both the key held on the device and the password.
I suppose this all falls apart when the PC unlock password is your MS account password, the MS account can reset the local password. In Mac OS / Linux, you reset the login password, you loose the keychain.
In case of 1password, I would think it would be challenging to do what you are saying, at least for shared password vaults.
At this point, end-to-end encryption is a solved problems when password managers exist. Not doing it means either Microsoft doesn't care enough, or is actually interested on keeping it this way
I don't think that many people here are naive enough to believe that any business would fight the government for the sake of its customers. I think most of us are simply appalled by this blatantly malicious behavior. I'm not buying all these "but what if the user is an illiterate, senile 90-year-old with ADHD, huh?" attempts to rationalize it away. it's the equivalent of the guy who installed your door keeping a copy of your keys by unspoken default - "what if your toddler locks himself out, huh?"
I know the police can just break down my door, but that doesn't mean I should be ok with some random asshole having my keys.
Assume good intent. If Microsoft didn't escrow the keys, the next HN post would be "mIcR0SofT Ate mY chILDhooD pHOTos!!"
> Do we really, really, fully understand the implication of allowing private contracts that trump criminal law?
...it's not that at all. We don't want private contracts to enshrine the same imbalances of power; we want those imbalances rendered irrelevant.
We hope against hope that people who have strength, money, reputation, legal teams, etc., will be as steadfast in asserting basic rights as people who have none of those things.
We don't regard the FBI as a legitimate institution of the rule of law, but a criminal enterprise and decades-long experiment in concentration of power. The constitution does not suppose an FBI, but it does suppose that 'no warrant shall issue but upon probable cause... particularly describing the place to be searched, and the persons or things to be seized' (emphasis mine). Obviously a search of the complete digital footprint and history of a person is not 'particular' in any plain meaning of that word.
...and we just don't regard the state as having an important function in the internet age. So all of its whining and tantrums and pepper spray and prison cells are just childish clinging to a power structure that is no longer desirable.
I think legally the issue was adjudicated by analogy to a closed safe: while the exact contents of the safe is unknown beforehand, it is reasonable it will contain evidence, documents, money, weapons etc. that are relevant, so if a warrant can be issued in that case compelling a locksmith to open it, then by analogy it can be issued against an encrypted device.
Without doubt, this analogy surely breaks down as society changes to become more digital - what about a Google Glass type of device that records my entire life, or the glasses of all people detected around me? what about the device where I uploaded my conscience, can law enforcement simply probe around my mind and find direct evidence of my guilt? Any written constitution is just a snapshot of a social contract at a particular historical time and technological development point, so it cannot serve as the ultimate source of truth regarding individual rights - the contract is renegotiated constantly through political means.
My question was more general: how could we draft that new social contract to the current age, how could we maintain the balance where the encrypted device of a suspected child predator and murderer is left encrypted, despite the fact that some 3rd party has the key, because we agreed that is the correct way to balance freedoms and law enforcement? It just doesn't sound stable in a democracy, where the rules of that social contract can change, it would contradict the moral intuitions of the vast majority.
Headline says “…if asked”
Article and facts are “…if served with a valid legal order compelling it”
∴ Headline is clickbait.
You are arguing semantics, whereas the point is that A) they have your keys, and B) they will give them away if they will have to
No, that’s binary thinking. The degree to which they will resist giving them away matters.
I’d much rather they require a warrant than just give it to any enforcement agency that sends them an email asking. The former is what I expect.
It’s really just A. Point B is pretty much just derived from there.
asked, not ordered. Seems fine.
Due to Third Party Doctrine, Microsoft doesn't even NEED a "legal order." It's merely a courtesy which they could change at any time.
Based on the sheer number of third parties we're required to use for our day to day lives, that is ridiculous and Third Party Doctrine should be eliminated.
>people who voluntarily give information to third parties
Is it the case with BitLocker? The voluntary part.
Related discussion from yesterday: https://news.ycombinator.com/item?id=46735545
Pretty sure the same applies to all the passwords/passkeys/2FA codes stored in the Authenticator app with cloud backup on.
Use 1Password or similar instead. They’re keyed against a key they don’t have access to.
Only if that authenticator/password manager app is not end-to-end encrypted.
No, not "only". E2EE is now used as a dog whistle.
Who holds/controls the keys on both ends?
End-to-end usually means only the data's owner (aka the customer) holds the keys needed. The term most used across password managers and similar tools is "zero knowledge encryption", where only you know the password to a vault, needed to decrypt it.
There's a "data encryption key", encrypted with a hash derived of your username+master password, and that data encryption key is used locally to decrypt the items of your vault. Even if everything is stored remotely, unless the provider got your raw master password (usually, a hash of that is used as the "password" for authentication), your information is totally safe.
A whole other topic is communications, but we're talking decryption keys here
If tech companies implemented real, e2e encryption for all user data, there would be a huge outcry, as the most notable effect would be lots of people losing access to their data irrevocably.
I'm all for criticizing tech companies but it's pointless to demand the impossible.
Just say "we are storing your keys on our servers so you won't lose them" and follow that with either "do you trust us" or even "we will share this key with law enforcement if compelled". Would be fine. Let people make these decisions.
Besides, bit ocker keys are really quite hard to lose.
is it just me or would "Microsoft refuses to comply with a legal search warrant" be an actual, surprising news story? like of course MSFT is going to hand over to authorities whatever they ask for if there's a warrant, imagine if they didn't (hint: not good for business. their customers are governments and large institutions, a reputation for "going rogue" would damage their brand quite a bit)
Veracrypt https://veracrypt.io/en/Home.html
https://ubuntu.com/download/desktop
https://www.kali.org/get-kali/#kali-platforms
Every bad day for microsoft is yet another glorious day for linux.
> Every bad day for microsoft is yet another glorious day for linux.
Nah. If that were the case, Linux would dominate personal computer statistics. The reality is that most mainstream users just don't care. But, of course, that won't stop us.
I would also argue that _what_ personal computing means to most people has also evolved, even with younger generations. My gen Z nephew the other day was faberglasted when he learned I use my Documents, Videos, Desktop folders, ect. He literally asked "What is the Documents folder even for?". To most people, stuff is just magically somewhere (the cloud) and when they get a new machine tbey just expect it all to be there and work. I feel like these cryptography and legality discussions here on HackerNews always miss the mark because we overestimate hiw much most people care. Speaking of younger generations, I also get the feeling that there isn't such a thing as "digital sovereignty" or "ownership", at least not by the same definitions we gen x and older millennials internalize those definitions.
Across the generations, there are always a few groups to where cryptographic ownership really matter, such as journalists, protesters, and so on. Here on HN I feel like we tend to over-geeneralize these use cases to everybody, and then we are surprised when most people don't actually care.
I bet most mainstream users thinks it good that FBI can access suspects data.
It's just a matter of time. It's obvious the tides are turning.
And MacOS, which I suspect may be the more obvious choice for many users.
MacOS has basically the exactly same problem, ADP isn't enabled by default and your data gets backed up to iCloud unencrypted.
One could almost say "Embrace the penguin"
You forgot to list Slackware :)
http://slackware.osuosl.org/slackware64-current/ChangeLog.tx...
MS confirms it has to comply with warrants to the consternation of many.
Any reason to believe Apple won't do the same with whatever we backup in iCloud?
Last time I onboarded a Mac (a few months ago), it would very explicitly ask if you want to enable support for remote FileVault unlocking.
That said, they could also roll out a small patch to a specific device to extract the keys. When you really want to be safe (and since you can be a called a 'left extremist' for moving your car out of the way, that now includes a lot of people), probably use Linux with LUKS.
If you have advanced data protection enabled, Apple claims: “No one else can access your end-to-end encrypted data — not even Apple — and this data remains secure even in the case of a data breach in the cloud.”
Please read this section of Apple's own document before you talk about their "advanced data protection".
The following information may be available from iCloud if a user has enabled Advanced Data Protection for iCloud:
https://www.apple.com/legal/privacy/law-enforcement-guidelin...
Do you think Tim Cook gave that gold bar to Trump for nothing?
>Please read this section of Apple's own document
Don't know if the problem is on my end but your link goes to a 20 page document. If this is not a mistake you should quote the actual section and text you are referrimg to.
>>Do you think Tim Cook gave that gold bar to Trump for nothing?
Not in US - THANKS for this hint: I googled it! Wow!!! The both do bribery (offering&accepting) in front of the recording camera in a government building!!
Relly "impressive" :-X
Yeah, the problem is whether they already bent over for Trump admin or not yet.
Yes, I know this sounds conspiratorial, but I think the whole Liquid Ass thing was a rush to put some other software in Apple products to appease the Trump admin.
For example, it is new in Tahoe that they store your filevault encryption key in your icloud keychain without telling you.
https://sixcolors.com/post/2025/09/filevault-on-macos-tahoe-...
But iCloud Keychain is end-to-end encrypted using device-specific keys, so Apple cannot read items in your iCloud Keychain (modulo adding their own key as a device key, rolling out a backdoor, etc. but that applies to all proprietary software).
Which is a very good thing.
iCloud is much more secure than most people realize because most people don’t take the 30 minutes to learn how it is architected.
You can (and should) watch https://www.youtube.com/watch?v=BLGFriOKz6U&t=1993s for all the details about how iCloud is protected, but especially the time-linked section. :)
I dont need to know anything about icloud to know this repy doesnt answer the "they didnt tell anyone" part which naturally makes me suspicious.
My conspiration theory about Liquid Ass is their hardware for past 5 years was so good that they needed to make people finally upgrade it. My Air M1 16GB worked absolutely fine until it slowed down immensely on macOS 26.
Any American company will hand over data stored on their server (that they have access to) in response to a warrant.
Apple provides an optional encryption level (ADP) where they don't have a copy of your encryption key.
When Apple doesn't have the encryption key, they can't decrypt your data, so they can't provide a copy of the decrypted data in response to a warrant.
They explain the trade off during device setup: If Apple doesn't have a copy of the key, they can't help you if you should lose your copy of the key.
Except you’re not coerced (near enough forced?) to use an account password managed by MS on Apple. Until MS themselves publish, for home users, how to set up without an MS account, I’m considering it forced.
iCloud login is still optional on macOS. Can't download stuff from the App Store and I think some continuity things require iCloud, but otherwise pretty solid.
VeraCrypt.
At least they’re honest.
The major OS vendors (apple, google, ms) are complicit in data turnover and have been for over ten years now. It has been reported multiple times so I'm struggling to see the angle being projected here. This feels like click harvesting got the HN "Microsoft bad" crowd.
The segment of the population that is the target of political vindictiveness from the FBI seems to have changed somewhat with this administration so it makes sense to remind people of the vulnerabilities from time to time.
The San Bernardino iPhone case proves that Apple is very much so not complicit.
The Apple that offers gold statues to authoritarian regimes would certainly behave differently.
People also forget how they kind of always played ball in similar governments.
This was a decade ago, before the big tech went to brown nose Trump on live TV. We live in different reality nowadays. Apple doesn't even market their encryption and safety anymore, like they did on massive billboards all over the world.
They've only done more since 2016.
Lockdown mode: https://support.apple.com/en-us/105120
Advanced Data Protection for iCloud: https://support.apple.com/en-us/108756
Sure, but these are all mere statements. You don't know if they fully back that until there's a public standoff with law enforcement/administration and there weren't any in recent years. Yet at the same time it's hard to believe there were no attempts from that government to decrypt some devices they needed. So the fact we hear nothing about it is also an information to me. Sure, this is all speculation, but all things considered...
Besides, they fully comply with Chinese requirements, so...
PS. Others report Filevault keys are also being backed to iCloud since September and they didn't tell anyone: https://sixcolors.com/post/2025/09/filevault-on-macos-tahoe-...
Lol it's been 20 years now that the whole world should stop to be all surprised pikachu about that.
For a long time, if you used full disk encryption, the encryption key never left your machine. If you forgot your password, the data was gone - tough luck, should have made a backup. That's still how it works on Linux.
Pretty surprising they'd back up the disk encryption secrets to the cloud at all, IMHO, let alone that they'd back it up in plaintext.
That's why full disk encryption was always a no-go for approximately all computer users, and recommending it to someone not highly versed in technology was borderline malicious.
"Tough luck, should have made a backup" is higher responsibility than securing anything in meatspace, including your passport or government ID. In the real world, there is always a recovery path. Security aficionados pushing non-recoverable traps on people are plain disconnected from reality.
Microsoft has the right approach here with Bitlocker defaults. It's not merely about UX - it's about not setting up traps and footguns that could easily cause harm to people.
> Security aficionados pushing non-recoverable traps on people are plain disconnected from reality.
To be fair, if you inadvertently get locked out of your Google account "tough luck, should have used a different provider" and Gmail is a household name so ...
Less snarky, I think that there's absolutely nothing wrong with key escrow (either as a recovery avenue or otherwise) so long as it's opt in and the tradeoffs are made abundantly clear up front. Unfortunately that doesn't seem to be the route MS went.
"Disconnected from reality" ... tell that to the people who have had a lost or stolen device without encryotion. You'd need a backup and then some!
Apple manages a recovery path for users without storing the key in plain text. Must have something to do with those "security aficionados."
Well, for a consumer notebook or mobile device, the threat model typically envisions a thief grabbing it from a coffeehouse or hotel room. So your key needs to be safeguarded from the opportunist who possesses your hardware illegally.
Linux can be fairly well-secured against state-level threat actors, but honestly, if your adversary is your own nation-state, then no amount of security is going to protect you!
For Microsoft and the other consumer-OS vendors, it is typically a bad user-experience for any user, particularly a paying subscriber, to lose access to their account and their cloud apps. There are many ways to try and cajole the naïve user into storing their recovery key somewhere safe, but the best way is to just do it for them.
A recovery key stored in the user's own cloud account is going to be secure from the typical threats that consumers will face. I, for one, am thankful that there is peace of mind both from the on-device encryption, as well as the straightforward disaster recovery methods.
The problem is mass-surveillance and dragnets. Obviously if the state wants to go after you no laws will protect you. As we've seen they can even illegally collect evidence and then do a parallel construction to "launder" the evidence.
But One-drive is essentially a mass-surveillance tool. It's a way to load the contents of every single person's computer into Palentir or similar tools and, say, for instance, "give me a list of everyone who harbors anti-ICE sentiments."
By the way my windows computer nags me incessantly about "setting up backups" with no obvious way to turn off the nags, only a "remind me later" button. I assume at some point the option to not have backups will go away.
I agree that "cloud storage" paradigms are a sea change from the status quo of the old days. My father has a file cabinet at home and keys on his keychain, wherein he stores all his important paperwork. There is no way anyone's getting in there except by entering his home and physically intruding on those drawers. Dad would at least notice the search and seizure, right?
What is just as crazy as cloud storage, is how you "go paperless" with all your service providers. Such as health care, utility bills, banks, etc. They don't print a paper statement and send it to your snail mail box anymore. They produce a PDF and store it in their cloud storage and then you need to go get it when you want/need it.
The typical consumer may never go get their paperwork from the provider's cloud. It is as if they said "Hey this document's in our warehouse! You need to drive across town, prove your identity, and look at it while you're here! ...You may not be permitted to take it with you, either!"
So I've been rather diligent and proactive about going to get my "paperless documents" from the various providers, and storing them in my own cloud storage, because, well, at least it's somewhere I can access it. I care a lot more about paying my medical bills, and accounting for my annual taxes, than someone noticing that I harbor anti-jew sentiment. I mean, I think they already figured that part out.
> Well, for a consumer notebook or mobile device, the threat model typically envisions a thief grabbing it from a coffeehouse or hotel room.
...in which case having a cloud backup of the full disk encryption key is pointless, because you don't have access to the disk any more.
> pointless
Full-disk encryption is the opposite of pointless, my dude! The notebook-thief cannot access my data! That is the entire point!
No, I cannot recover the data from an HDD or SSD that I don't possess. But neither can the thief. The thief cannot access the keys in my cloud. Isn't that the point?
If a thief steals a notebook that isn't encrypted at all, then they can go into the storage, even forensically, and extract all my data! Nobody needs a "key" or credentials to do that! That was the status quo for decades in personal computing--and even enterprise computing. I've had "friends" give me "decommissioned" computers that still had data on their HDD from some corporation. And it would've been readable if I had tried.
The thief may have stolen a valuable piece of kit, but now all she has is hardware. Not my data. Not to mention, if your key was in a cloud backup, isn't most of your important data in the cloud, as well? Hopefully the only thing you lost with your device are the OS system files, and your documents are safely synced??
Exactly. Being again and again surprised that corporations will defend you for literally no reason is kinda delusional.
That's a reductionist view. Apple, at least, based a big portion of their image on privacy and encryption. If a company does that and is then proven otherwise, it does a tremendous damage to the brand and stock value and is something shareholders would absolutely sue the board and CEO for. Things like these happened many times in the past.
This isn't that simple.
A Proton model makes this very simple: full cooperation and handover and virtually nothing to be extracted from the data. Size is somewhat of a metadata, ip connection points and maybe date of first use and when data changes occurred... I'm all for law enforcement, but that job has to be old-school Proof of Work bound and not using blanket data collection and automated speeding ticket mailer.
But I guess it's not done more because the free data can't be analyzed and sold.
Stallman was correct
He headline misleading - they will give it if there’s a court order, not just if asked.
Still crap but the headline is intentionally inaccurate for clickbaiting
Microsoft confirms it will obey the law.
Everybody should have access to your hard drive, not just the FBI, so please do not encrypt your hard-drive.
If you encrypt your drive and upload the key to Microsoft, you are engaging in anti-competitive behavior since you give them access to your data, but not also to the local thief.
Just don't encrypt your drive if you cant be bothered to secure your key. Encryption-neutrality.
The problem is not that they will give the key (government can force them - this is expected), but that they even have the key in the first place.. I bet this is done without proper consent, or with choice like "yes" vs "maybe later"..
"US firm confirms it will comply with US law if asked."
Unless that's a data privacy or monopoly related. Then they won't.
Apple will do this too. Your laptop encryption key is stored in your keychain (without telliing you!). All is needed is a warrant for your iCloud account and they also have access to your laptop.
sixcolors.com/post/2025/09/filevault-on-macos-tahoe-no-longer-uses-icloud-to-store-its-recovery-key/
> Your laptop encryption key is stored in your keychain
Probably not if one is not using Apple cloud on their laptops.
> stored in your keychain (without telliing you!)
How to verify that? Any commands/tools/guides?
Thanks, that's good to know. I suspect WhatsApp's "we're fully E2E encrypted" would be similar too.
It's most software. Cryptography is user-unfriendly. The mechanisms used to make it user friendly sacrifice security.
There's a saying that goes "not your keys not your crypto" but this really extends to everything. If you don't control the keys something else does behind the scenes. A six digit PIN you use to unlock your phone or messaging app doesn't have enough entropy to be secure, even to derive a key-encryption-key.
If you pass a KDF with a hardness of ~5 seconds a four digit PIN to derive a key, then you can brute force the whole 10,000 possible PINs in ~13 hours. After ~6.5 hours you would have a 50% chance of guessing correctly. Six digit PIN would take significantly longer, but most software uses a hardness nowhere near 5 seconds.
Wrong.
You can (and should) watch all of https://www.youtube.com/watch?v=BLGFriOKz6U&t=1993s for the details about how iCloud is protected by HSMs and rate limits to understand why you’re wrong, but especially the time-linked section… instead of spreading FUD about something you know nothing about.
Very different phrasing between the headline and the subtitle:
> Microsoft confirms it will give the FBI your Windows PC data encryption key if asked
> Microsoft says it will hand those over to the FBI if requested via legal order
Microsoft complying with legal orders is not news. But why hire actual journalists when you can just lie in your headlines and still get clicks?
not your keys? not your crypto
Honestly I have no problem with this but I do remember a lot of gaslighting about how America is free and Europe a totalitarian state.
Yes and this is a good thing. No organization, no matter how large or powerful, should be beyond the reach of the law.
That's a false dichotomy. You can hold an organization accountable to the law without requiring them to maintain a "master key" to your private data.
It isn't required.
Ideally they wouldnt even have this key / the private data in the first place
The user can opt out of this if they want.
Duplicate story. Previous discussion here. https://news.ycombinator.com/item?id=46735545
Edit: Nevermind.
No it isn't. This is an evolution of that story.