The tech giant said providing encryption keys was a standard response to a court order. But companies like Apple and Meta set up their systems so such a privacy violation isn’t possible.
That’s a great question, and it is because it enables a chain of cryptographic controls that enable verification, tamper resistance, and secrecy while selling Bitlocker as computer security. It is technically secure, except that MS has your recovery keys and can just give them to whoever they want, like the FBI!
This way, they can mathematically verify:
Who you are and the exact unique machine you use (verification from a unique machine ID associated with your encryption keys and Windows account data)
Know that the data has not been altered in transit (tamper resistant hashing of your data)
No one else knows except them (secret encryption keys stored in hardware that only Microsoft controls, not you, Microsoft)
This architecture also keeps their data on your machine secure. If someone maintains an encrypted archive on your hard drive that only they control the keys to, say like a movie or a video game, who owns that data really? If it’s decrypted only for authorized use, you’re really only renting that content from the owner. This is called Digital Rights Management, and it’s much easier when this security chain is in place.
Technically they could do this remotely if they really wanted to and your machine were powered. Imagine what you could do with this power for every Windows machine on the planet.
That’s a great question, and it is because it enables a chain of cryptographic controls that enable verification, tamper resistance, and secrecy while selling Bitlocker as computer security. It is technically secure, except that MS has your recovery keys and can just give them to whoever they want, like the FBI!
This way, they can mathematically verify:
Who you are and the exact unique machine you use (verification from a unique machine ID associated with your encryption keys and Windows account data)
Know that the data has not been altered in transit (tamper resistant hashing of your data)
No one else knows except them (secret encryption keys stored in hardware that only Microsoft controls, not you, Microsoft)
This architecture also keeps their data on your machine secure. If someone maintains an encrypted archive on your hard drive that only they control the keys to, say like a movie or a video game, who owns that data really? If it’s decrypted only for authorized use, you’re really only renting that content from the owner. This is called Digital Rights Management, and it’s much easier when this security chain is in place.
Technically they could do this remotely if they really wanted to and your machine were powered. Imagine what you could do with this power for every Windows machine on the planet.