Microsoft’s storage of Windows encryption keys could expose users to hackers

© Shannon Stapleto / Reuters When it comes to computer security, encryption is key. That’s because encrypted devices or data require a key only accessible to the owner, but many Microsoft users aren’t as protected as they think, and could be exposed to hackers and law enforcement. Since Windows 8.1, “disk encryption” has been a built-in feature for smartphones and other devices. Though it is helpful against common thieves, its compulsory nature sends a backup copy of the recovery key to Microsoft when a user logs in through a Microsoft account. As soon as one double is created, it can lead to a slippery slope of vulnerability, inviting backdoor access to hackers or government agencies such as the Federal Bureau of Investigation. Not your ‘back door man’: Apple CEO rankles authorities who target encryption There is no warning or opt-out option for Microsoft users, something eerily akin to the Clipper chip program pushed by the National Security Agency and the Clinton White House in the 1990’s, according to The Intercept, which first reported on the Windows vulnerability. The Clipper chip was an encryption technology developed by the NSA for telecom companies, allowing for “key escrow,” or shared access between the government and the corporations to personal encrypted gadgets. The NSA’s Clipper chip was defunct by 1996 thanks to advances in encryption technology. Today, options like PGP encryption exist for messaging, and there are free open-source tools like Signal which block out surveillance of phone calls. After a Microsoft user logs in for the first time, which automatically sends a copy of their encryption key to the company, the key can be deleted. However, this tactic may only be useful if nefarious forces haven’t already accessed the machine or its accessories after a login, which is possible to accomplish in […]