Microsoft has indicated they will hand over BitLocker encryption keys if asked by the US government. Could this mean an EU or Canadian company essentially has no device level encryption on a Windows PC with respect to the US government, or a future DOGE like contractor? Maybe, but first let’s scope the risk. For this to be useful, the US agency or contractor would need to posses the device. That would mean either covert access, theft, or grabbing the device at the border. Mostly, it would apply to devices brought to the US. It doesn’t help with remotely accessing or hacking a computer. As long as the device does not come into the US, it is largely safe from having its contents read by decrypting the disk.

But this is one more event highlighting that US infrastructure is a weakness for the EU. If you encrypt your device using BitLocker, to prevent leaking data in the event of a theft or loss, it could be accessed in the hands of a US company or contractor. As Microsoft is disabling the ability to use PCs with only local accounts, this means every newly activated Windows computer’s disk could be decrypted Combine this with the ability Microsoft or Google has to access e-mail and office documents, and suddenly EU companies are naked. Much like Germany is looking at repatriating its gold from Fort Knox, EU and Canadian companies may need to look for non-US controlled solutions. For desktops and laptops this might mean moving from Microsoft to Linux. And from Office 365 and Google Drive to an EU based alternative.

For US citizens, this means that journalists cannot rely on Microsoft’s BitLocker encryption and recovery. Under the fifth amendment, individuals do not have to provide potentially incriminating information. This includes passwords. But this means that Windows PCs are not safe, should the DoD want to decrypt a journalist’s device. As as the recent search of a Washington Post’s reporter recently highlighted, this administration is not overly encumbered by the constitution.

I’ve had to use BitLocker recovery before because I had upgraded hardware or plugged in an external GPU. It is much easier to go to the Microsoft site and look up the recovery key. I don’t have anything that Microsoft doesn’t already have access to, through services like OneDrive. The fact Microsoft had my key did not materially change my security, although how easily it hands over the keys may raise a concern. But I’m not ATML negotiating to sell lithography machines to a potential Intel competitor. Would the government’s stake in Intel be enough to encourage Intel executives to ask the administration to grab the ATML executives business data? Let’s face the fact Pam Bondi and Kash Patel have destroyed the independence of the DoJ and FBI. While the ATML executive is out to dinner, a quick clone of their drive to be unlocked and handed to Intel isn’t out of the realm of possibility.