63 comments

[ 2.7 ms ] story [ 63.3 ms ] thread
Lol it's been 20 years now that the whole world should stop to be all surprised pikachu about that.
The major OS vendors (apple, google, ms) are complicit in data turnover and have been for over ten years now. It has been reported multiple times so I'm struggling to see the angle being projected here. This feels like click harvesting got the HN "Microsoft bad" crowd.
Any reason to believe Apple won't do the same with whatever we backup in iCloud?
Yes and this is a good thing. No organization, no matter how large or powerful, should be beyond the reach of the law.
Apple will do this too. Your laptop encryption key is stored in your keychain (without telliing you!). All is needed is a warrant for your iCloud account and they also have access to your laptop.

sixcolors.com/post/2025/09/filevault-on-macos-tahoe-no-longer-uses-icloud-to-store-its-recovery-key/

Pretty sure the same applies to all the passwords/passkeys/2FA codes stored in the Authenticator app with cloud backup on.
Everybody should have access to your hard drive, not just the FBI, so please do not encrypt your hard-drive.

If you encrypt your drive and upload the key to Microsoft, you are engaging in anti-competitive behavior since you give them access to your data, but not also to the local thief.

Just don't encrypt your drive if you cant be bothered to secure your key. Encryption-neutrality.

Honestly I have no problem with this but I do remember a lot of gaslighting about how America is free and Europe a totalitarian state.
The problem is not that they will give the key (government can force them - this is expected), but that they even have the key in the first place.. I bet this is done without proper consent, or with choice like "yes" vs "maybe later"..
Beyond the crypto architecture debate, I don't really understand how could anyone imagine a world where MS could just refuse such a request. How exactly would we draft laws to this effect, "the authorities can subpoena for any piece of evidence, except when complying to such a request might break the contractual obligations of a third party towards the suspect"?

Do we really, really, fully understand the implications of allowing for private contracts that can trump criminal law?

Very different phrasing between the headline and the subtitle:

> Microsoft confirms it will give the FBI your Windows PC data encryption key if asked

> Microsoft says it will hand those over to the FBI if requested via legal order

Microsoft complying with legal orders is not news. But why hire actual journalists when you can just lie in your headlines and still get clicks?

Headline says “…if asked”

Article and facts are “…if served with a valid legal order compelling it”

∴ Headline is clickbait.

If tech companies implemented real, e2e encryption for all user data, there would be a huge outcry, as the most notable effect would be lots of people losing access to their data irrevocably.

I'm all for criticizing tech companies but it's pointless to demand the impossible.

He headline misleading - they will give it if there’s a court order, not just if asked.

Still crap but the headline is intentionally inaccurate for clickbaiting

not your keys? not your crypto
"US firm confirms it will comply with US law if asked."
Due to Third Party Doctrine, Microsoft doesn't even NEED a "legal order." It's merely a courtesy which they could change at any time.

Based on the sheer number of third parties we're required to use for our day to day lives, that is ridiculous and Third Party Doctrine should be eliminated.

Ref: https://en.wikipedia.org/wiki/Third-party_doctrine

MS confirms it has to comply with warrants to the consternation of many.
(comment deleted)