Microsoft Gave FBI Keys To Unlock Encrypted Data
- Thread starter nicolaasjan
- Start date
- Featured
No one should be surprised. After all, it's Microsoft we're talking about.
Should MS withhold BL keys of suspected criminals drives!
Love my Chromebook.
Unlike Windows BitLocker (which often automatically uploads a recovery key to Microsoft servers), ChromeOS device encryption ("Cryptohome") is strictly derived from the user's password and the local Titan-C security chip (Google Support, 2025). Google explicitly states that if a user forgets their password, the local data is irretrievable. The only option is a "Powerwash" (factory reset), which wipes all local data (Google Chrome Enterprise Help, 2025).
Google does not possess a "Master Key" or "Recovery Key" for individual Chromebook hard drives. The decryption key exists only in the device's volatile memory after the user successfully authenticates (Chromium Projects, 2025).
Google can provide data stored in Google Drive, Gmail, or Photos if served with a warrant, as they manage those servers. However, they cannot remotely unlock the physical Chromebook to reveal unsynced local files (e.g., PDFs, offline work, Downloads folder, Android/Linux partitions).
Unlike Windows BitLocker (which often automatically uploads a recovery key to Microsoft servers), ChromeOS device encryption ("Cryptohome") is strictly derived from the user's password and the local Titan-C security chip (Google Support, 2025). Google explicitly states that if a user forgets their password, the local data is irretrievable. The only option is a "Powerwash" (factory reset), which wipes all local data (Google Chrome Enterprise Help, 2025).
Google does not possess a "Master Key" or "Recovery Key" for individual Chromebook hard drives. The decryption key exists only in the device's volatile memory after the user successfully authenticates (Chromium Projects, 2025).
Google can provide data stored in Google Drive, Gmail, or Photos if served with a warrant, as they manage those servers. However, they cannot remotely unlock the physical Chromebook to reveal unsynced local files (e.g., PDFs, offline work, Downloads folder, Android/Linux partitions).
A very low number. I'm not to worried about it, but it's good information to know. I wonder if some VPN providers are coughing up more users data annually when cornered?
Last edited:
But I believe there is an option for recovery, but it is not enabled by default
Okay, now this will sound apsurd, but yes.
Don't get me wrong, I'm all for fighting crime, but when company holds your encryption keys, this is where the point and benefits of encrypting data stop. Then it's no different from storing your files publicly without password.
When company has your encryption keys it can access all your data and without your knowledge; all it takes is a rouge employee and/or hacker to expose the data. Of course, this doesn't happen often, but there were cases from various other companies being victims of hacking attacks and rogue employees exposing user data. And remember: the point of encryption is that no one has access to your data except you.
We could easily ban the encryption, but at what cost? Decreased level of security and privacy. I mean, even if Microsoft swears "we will never take a peek at your data", nothing is preventing them from casually looking at user data. There's a reason why encryption exists and why is encouraged to be used.
Microsoft doesn't need to be part of this; they could easily say "we don't have anything" like anonymous VPN services and the authorities will leave them alone. It's nice to help authorities bust the crime, but this also breaks trust people had in you.
Google will do the same if the authorities have warrant.
Here, even banks expose all personal data for such a warrant.
And I guess it's one of those things most people don't realize, that since the keys are backed up to your account, Microsoft could have access if they thought it was "absolutely" needed for an investigation.
So if everyone knew this worldwide, we would print our keys off, or at least copy them as an encrypted .doc for a backup?
So if everyone knew this worldwide, we would print our keys off, or at least copy them as an encrypted .doc for a backup?
They absolutely will. You as a user always have a choice to use more private services and products. This is what I do.
If wanted, the authorities will collect the body, regardless of any missing data
You are correct.
The feature called "Local Data Recovery" was introduced (approx. ChromeOS v118) that allows users to regain access to local files after a password reset.
This feature is OFF by default. Users (or Enterprise Admins) must manually navigate to Settings > Security & Privacy > Local data recovery to enable it.
If enabled, ChromeOS backs up the cryptographic keys (wrapped with your Google Account credentials) to the cloud. This allows you to unlock your local storage by signing in online, even if you forgot the original device password.
Enabling this feature essentially mimics the "BitLocker" scenario mentioned. It creates a recovery path via Google, meaning if law enforcement compels Google to provide access to your account/keys, the device's local storage could potentially be decrypted.
If this setting remains OFF (the standard state), the original rule applies. Forgetting the password results in a "Powerwash" (total data wipe) because the keys are not escrowed with Google.
RoboMan
Level 38
Verified
Honorary Member
Top Poster
Content Creator
Well-known
High Reputation
Forum Veteran
So basically, the premise is: "BitLocker is meant for privacy. Unless we want your data."
People just need to assume that everything they do online is being harvested by someone and that any data they have in the cloud can be accessed by someone. The idea that you can stay private while being online is a fallacy.
I believe you can have privacy online, but in order to achieve that you need to use completely open source products and services.
Google is playing the role of Big Brother, and now Microsoft is trying to be the savior of justice.
Not surprising as others have said because it's MS off course they are going to assist the feds. But mark my words this is just the tip of the iceberg, if people knew how much data the government has access to and how much surveillance is currently going on there would be riots of the streets.
Yes this is what you do print off keys or save encrypted archive file, 7zip or PeaZip even encrypted/password protected .zip fiile is a good way to keep encryption keys safe.
This method is good for anything that you need to keep complex keys/passwords etc..
The thing is no VPN provider is going to prison to protect a user for $5 a month, it's just stupid to think otherwise. VPN servers are great honeypots for surveillance!
And I know for a fact some (most actually) governments do full take packet capture of VPN traffic inside their countries and store for decryption later on or even years into the future when it can be broken. TOR is even worse, I would assume all traffic is collected and stored.
Yes this is what you do print off keys or save encrypted archive file, 7zip or PeaZip even encrypted/password protected .zip fiile is a good way to keep encryption keys safe.
This method is good for anything that you need to keep complex keys/passwords etc..
The thing is no VPN provider is going to prison to protect a user for $5 a month, it's just stupid to think otherwise. VPN servers are great honeypots for surveillance!
And I know for a fact some (most actually) governments do full take packet capture of VPN traffic inside their countries and store for decryption later on or even years into the future when it can be broken. TOR is even worse, I would assume all traffic is collected and stored.
Just go by the rule of: "If more than one person knows the information then the information is never private" that's it.
Unbreakable crypto of today might be a cake walk X amount of years form now; just look at Enigma.
The AI that broke Enigma wasn't even written to brute force Enigma it was written to know the semantic structure of the German language based off the Grimm's Children Book stories. A Children book story broke enigma.
Unbreakable crypto of today might be a cake walk X amount of years form now; just look at Enigma.
The AI that broke Enigma wasn't even written to brute force Enigma it was written to know the semantic structure of the German language based off the Grimm's Children Book stories. A Children book story broke enigma.
You may also like...
-
-
Microsoft Edge may have changed your saved passwords to serial key-like strings- Started by vtqhtr413
- Replies: 4
-
ProtonMail Complied with 5,957 Data Requests in 2022 – Still Secure and Private?- Started by Gandalf_The_Grey
- Replies: 2
-
APreviewing More Copilot+ Experiences with Windows Insiders in the Dev Channel
- Started by Amanda Langowski
- Replies: 0
