Microsoft handed the government encryption keys for customer data | The VergeSkip to main contentThe homepageThe VergeThe Verge logo.The VergeThe Verge logo.TechReviewsScienceEntertainmentAIPolicyHamburger Navigation ButtonThe homepageThe VergeThe Verge logo.Hamburger Navigation ButtonNavigation DrawerThe VergeThe Verge logo.Login / Sign UpcloseCloseSearchTechExpandAmazonAppleFacebookGoogleMicrosoftSamsungBusinessSee all techGadgetsExpandLaptopsPhonesTVsHeadphonesSpeakersWearablesSee all gadgetsReviewsExpandSmart Home ReviewsPhone ReviewsTablet ReviewsHeadphone ReviewsSee all reviewsAIExpandOpenAIAnthropicSee all AIVerge ShoppingExpandBuying GuidesDealsGift GuidesSee all shoppingPolicyExpandAntitrustPoliticsLawSecuritySee all policyScienceExpandSpaceEnergyEnvironmentHealthSee all scienceEntertainmentExpandTV ShowsMoviesAudioSee all entertainmentGamingExpandXboxPlayStationNintendoSee all gamingStreamingExpandDisneyHBONetflixYouTubeCreatorsSee all streamingTransportationExpandElectric CarsAutonomous CarsRide-sharingScootersSee all transportationFeaturesVerge VideoExpandTikTokYouTubeInstagramPodcastsExpandDecoderThe VergecastVersion HistoryNewslettersExpandThe Verge DailyInstallerVerge DealsNotepadOptimizerRegulatorThe StepbackArchivesStoreSubscribeFacebookThreadsInstagramYoutubeRSSThe VergeThe Verge logo.Microsoft handed the government encryption keys for customer dataComments DrawerCommentsLoading commentsGetting the conversation ready...NewsCloseNewsPosts from this topic will be added to your daily email digest and your homepage feed.FollowFollowSee All NewsTechCloseTechPosts from this topic will be added to your daily email digest and your homepage feed.FollowFollowSee All TechMicrosoftCloseMicrosoftPosts from this topic will be added to your daily email digest and your homepage feed.FollowFollowSee All MicrosoftMicrosoft handed the government encryption keys for customer dataPrivacy advocates are worried about the precedent this sets and the potential for abuse.Privacy advocates are worried about the precedent this sets and the potential for abuse.by Terrence O'BrienCloseTerrence O'BrienWeekend EditorPosts from this author will be added to your daily email digest and your homepage feed.FollowFollowSee All by Terrence O'BrienJan 24, 2026, 10:39 PM UTCLinkShareGiftImage: The VergeTerrence O'BrienCloseTerrence O'BrienPosts from this author will be added to your daily email digest and your homepage feed.FollowFollowSee All by Terrence O'Brien is the Verge’s weekend editor. He has over 18 years of experience, including 10 years as managing editor at Engadget.The FBI went to Microsoft last year with a warrant, asking them to hand over keys to unlock encrypted data stored on three laptops as part of an investigation into potential fraud involving the COVID unemployment assistance program in Guam — and Microsoft complied.Typically, companies resist handing over encryption keys to authorities. Most famously, Apple refused to grant the FBI access to a phone used by the San Bernardino shooters in 2016. The FBI eventually found a third-party to hack their way into the phone, but ultimately withdrew its case. Most of the major tech companies, including Google and Facebook backed Apple in its battle with the FBI. Even Microsoft supported Tim Cook’s position, if a bit less forcefully than some others.In this instance, however, it seems that Microsoft has decided to bow to government demands and confirmed to Forbes that it “does provide BitLocker recovery keys if it receives a valid legal order.” Microsoft spokesperson Charles Chamberlayne told The Verge that Microsoft is legally required to produce the keys stored on its servers.Chamberlayne ellaborated saying, “customers can choose to store their encryption keys locally, in a location inaccessible to Microsoft, or in Microsoft’s cloud. We recognize that some customers prefer Microsoft’s cloud storage so we can help recover their encryption key if needed. While key recovery offers convenience, it also carries a risk of unwanted access.”Senator Ron Wyden of Oregon countered, telling Forbes that it was “irresponsible” for companies to “secretly turn over users’ encryption keys.”What alarms privacy advocates like the ACLU is the precedent this sets and the potential for abuse. The current administration and ICE have shown little respect for data security or the rule of law. And beyond American borders, Jennifer Granick, surveillance and cybersecurity counsel at the ACLU, told Forbes that “foreign governments with questionable human rights records” may also expect Microsoft to hand over keys to customer data.Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.Terrence O'BrienCloseTerrence O'BrienWeekend EditorPosts from this author will be added to your daily email digest and your homepage feed.FollowFollowSee All by Terrence O'BrienMicrosoftCloseMicrosoftPosts from this topic will be added to your daily email digest and your homepage feed.FollowFollowSee All MicrosoftNewsCloseNewsPosts from this topic will be added to your daily email digest and your homepage feed.FollowFollowSee All NewsPrivacyClosePrivacyPosts from this topic will be added to your daily email digest and your homepage feed.FollowFollowSee All PrivacyTechCloseTechPosts from this topic will be added to your daily email digest and your homepage feed.FollowFollowSee All TechMost PopularMost PopularICE has killed another person in MinneapolisGemini with Personal Intelligence is awfully familiarTesla finally kills Autopilot in a bid to boost FSD subscriptionsThe Loch Capsule dishwasher is small, fast, and efficient — it even sanitizes gadgetsClaude Code is suddenly everywhere inside MicrosoftThe Verge DailyA free daily digest of the news that matters most.Email (required)Sign UpBy submitting your email, you agree to our Terms and Privacy Notice. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.Advertiser Content FromThis is the title for the native adMore in NewsChromebooks train schoolkids to be loyal customers, internal Google document suggestsCongress doesn’t seem to know if the TikTok deal complies with its lawMeta is stopping teens from chatting with its AI charactersCasio teased a retro gaming-inspired samplerHang on, there’s a Trump Phone Ultra coming too?Why this winter storm will likely be a wild oneChromebooks train schoolkids to be loyal customers, internal Google document suggestsEmma Roth1:21 AM UTCCongress doesn’t seem to know if the TikTok deal complies with its lawLauren FeinerJan 23Meta is stopping teens from chatting with its AI charactersJay PetersJan 23Casio teased a retro gaming-inspired samplerTerrence O'BrienJan 23Hang on, there’s a Trump Phone Ultra coming too?Dominic PrestonJan 23Why this winter storm will likely be a wild oneJustine CalmaJan 23Advertiser Content FromThis is the title for the native adTop Stories4:54 PM UTCICE has killed another person in MinneapolisJan 23Why this winter storm will likely be a wild one5:54 PM UTCGmail’s spam filter and automatic sorting are broken3:00 PM UTCGet ready for the AI ad-pocalypse1:00 PM UTCGet stuff done by yelling at your phone1:00 PM UTCGemini with Personal Intelligence is awfully familiarThe VergeThe Verge logo.FacebookThreadsInstagramYoutubeRSSContactTip UsCommunity GuidelinesArchivesAboutEthics StatementHow We Rate and Review ProductsCookie SettingsTerms of UsePrivacy NoticeCookie PolicyLicensing FAQAccessibilityPlatform Status© 2026 Vox Media, LLC. All Rights Reserved

Microsoft has yielded to governmental demands by providing encryption keys for customer data, a move that has ignited considerable concern among privacy advocates and reflects a significant departure from industry norms. This occurred following a warrant issued by the FBI, requesting access to BitLocker recovery keys associated with three laptops as part of an investigation into alleged fraud within the Guam COVID unemployment assistance program. Notably, Microsoft’s compliance contrasts sharply with the typical resistance exhibited by major tech firms, such as Apple, which famously contested the FBI’s access to data from a San Bernardino shooter’s phone in 2016. The precedent established by this action raises serious questions regarding data security and the potential for governmental overreach.

Microsoft’s justification, communicated to Forbes and subsequently to The Verge, hinges on a legal obligation. Spokesperson Charles Chamberlayne stated that the company is required to furnish these keys if a valid legal order is presented. He further acknowledged the inherent risk associated with offering key recovery services—that is, storing keys within Microsoft’s cloud—explaining that while convenient, this approach exposes customers to potential unauthorized access. This framing underscores a compliance-driven decision motivated by legal requirements, rather than a proactive commitment to user data protection.

The anxieties expressed by privacy organizations, including the ACLU, stem from the broader implications of this action. Senator Ron Wyden criticized the decision as “irresponsible,” highlighting the risk of allowing “questionable” foreign governments, possessing questionable human rights records, to demand access to sensitive customer data. The potential for such demands, coupled with the demonstrated lack of respect for data security displayed by the current administration and ICE, represents a fundamental challenge to digital privacy. This action sets a worrying precedent, suggesting a willingness to prioritize governmental requests over the safeguarding of user information, a position previously vehemently opposed by influential tech companies. The underlying issue is not merely about a specific legal investigation, but about the broader implications for data security in an era of increasing governmental surveillance capabilities.