Intercept’s Micah Lee has reported this little-known fact, where he pointed out that if an user has logged into Windows 8.1 or Windows 10 using the Microsoft account, the encryption keys which are generated by default are automatically uploaded to the Microsoft’s servers without the user’s knowledge. Also there is a no option the user to stop this process, hence the Windows user can’t prevent device encryption from sending your recovery key. This is unlike BitLocker which offers three options to the user including an option on whether or not they want to backup their Recovery keys on Windows server. Though the logic behind this is that if you Windows PC/Laptop gets hacked, the encryption keys should not fall in the hands of the hacker while you can always log into your Microsoft account and access the keys. However by the same logic, sharing your encryption keys with anybody, much less, Microsoft is not recommended. In case if the Microsoft servers are hacked, your encryption keys will be the lowest hanging fruits for the hackers. Also, if any Microsoft employee goes rogue, these encryption keys could fall into his/her hands. Perhaps the most important reason for not storing the encryption keys in the Microsoft server is that such data would be easily handed over to the authorities on presenting a valid warrant. As Matthew Green, professor of cryptography at Johns Hopkins University puts it, “Your computer is now only as secure as that database of keys held by Microsoft, which means it may be vulnerable to hackers, foreign governments, and people who can extort Microsoft employees.” While there is no way from preventing your Windows PC/Laptop from uploading the encryption keys to the clouds, there is a option given by Microsoft to delete such keys from the server if you wish.
