ONE OF THE EXCELLENT FEATURES of new Windows devices is that disk encryption is built-in and turned on by default, protecting your data in case your device is lost or stolen. But what is less well-known is that, if you are like most users and login to Windows 10 using your Microsoft account, your computer automatically uploaded a copy of your recovery key — which can be used to unlock your encrypted disk — to Microsoft’s servers, probably without your knowledge and without an option to opt out.
During the “crypto wars” of the ’90s, the National Security Agency developed an encryption backdoor technology — endorsed and promoted by the Clinton administration — called the Clipper chip, which it hoped telecom companies would use to sell backdoored crypto phones. Essentially, every phone with a Clipper chip would come with an encryption key, but the government would also get a copy of that key — this is known as key escrow — with the promise to only use it in response to a valid warrant. But due to public outcry and the availability of encryption tools like PGP, which the government didn’t control, the Clipper chip program ceased to be relevant by 1996. (Today, most phone calls still aren’t encrypted. You can use the free, open source, backdoorless Signal app to make encrypted calls.)
The fact that new Windows devices require users to backup their recovery key on Microsoft’s servers is remarkably similar to a key escrow system, but with an important difference. Users can choose to delete recovery keys from their Microsoft accounts (you can skip to the bottom of this article to learn how) — something that people never had the option to do with the Clipper chip system. But they can only delete it after they’ve already uploaded it to the cloud.
“The gold standard in disk encryption is end-to-end encryption, where only you can unlock your disk. This is what most companies use, and it seems to work well,” says Matthew Green, professor of cryptography at Johns Hopkins University. “There are certainly cases where it’s helpful to have a backup of your key or password. In those cases you might opt in to have a company store that information. But handing your keys to a company like Microsoft fundamentally changes the security properties of a disk encryption system.”