back to article Upset Microsoft stashes hard drive encryption keys in OneDrive cloud?

El Reg, some friends of mine have been showing me blog posts about Microsoft keeping secret copies of all our encryption keys. What's going on? Since Windows 8, Microsoft has built drive encryption into its operating system, so none of this should really be a shock. And this encryption feature shouldn't be confused with …


  1. Huw D
    Thumb Up

    How dare you...

    ... post a sensible argument!

    What are people going to fly off the handle about now?

    1. Franco Silver badge

      Re: How dare you...

      Maybe there's a seasonal moratorium on opprobrium, but I'm pretty sure the lack of transparency from MS will be the answer to your question.

      On one hand, you don't have to log in to a machine with a Microsoft Account. On the other Windows 8 didn't exactly make it easy not to though........

    2. P. Lee Silver badge

      Re: How dare you...

      Quite sensible, but not that useful.

      Hard-drive encryption is only useful when transitioning from unmounted->mounted/logged in.

      Is "switching your computer on" still a thing?

      If you want to improve security, chroot/jail those browser tabs to stub directories. Otherwise, that flash flaw Is going to provide malware with access to to your onedrive and its game over.

      It is a modest improvement. It may defeat the casual disk-swiper and help when you ebay the thing and forget to wipe it properly.

      1. Amorous Cowherder

        Re: How dare you...

        'Is "switching your computer on" still a thing? '

        I assume kicking it awake from the sleep state is included in that statement.

        1. Thought About IT

          Re: How dare you...

          ... not credit The Intercept for this article.

          1. Crazy Operations Guy

            Re: How dare you...

            Because why should they? Would I have to credit CNN if I read a story about a terrorist attack then right my own digest of the situation using a different point of view?

            This article deals with the actual ramifications of uploading the recovery key in a rational matter. The Intercept article said that the encryption key (Which is technically false) was being uploaded to Microsoft and was attempting to play on the reader's fears to infer the ramifications.

            Really, I'd have a stronger complaint as this article more closely resembles my digest of The Intercept's article rather than the article itself. ( )

        2. Duffaboy

          Re: How dare you...

          I will tell you why. They didn't ask that's why.

          1. Anonymous Coward
            Anonymous Coward

            Re: How dare you...

            "I will tell you why. They didn't ask that's why."


            So we have a corporate apologist commentator giving a 'high five' to a corporate apologist writer's article. Surprise!

            Let's repeat this truth for all that missed it (like the first commentator):

            Microsoft failed to ask for permission to share a private, secure datagram via the Internet, before doing so.

            Period. Dot at end of sentence. No arguments, either from Microsoft nor from the writer.

            Yet ANOTHER completely inexcusable violation of personal privacy by a corporation, with yet another pandering reply by the pro-corporate apologists to try to smooth over the violation. If you want to offer a service, fine. But this modern stance of "voluntary" 'opt out', where a user must first discover what is happening behind their backs and THEN find out how to turn it off, rather than 'opt in' where full disclosure is a given in order to entice the opt-in process, is BULLSHIT. UTTER, COMPLETE, BULLSHIT.

            End of discussion.

    3. Anonymous Coward
      Anonymous Coward

      Re: How dare you...

      Agreed by itself this is hardly earth shattering but added on to the mountain of ways Microsoft is now trying to undermine your privacy and make money doing so (ala the Google biz model, embrace etc) its just another front to watch for what goes into their cloud (be careful for example of the Microsoft Outlook app on iOS and Android as it sucks your enterprise credentials (passwords, etc) into their cloud last I looked). Be sure today to check for more automatic updates (now you don't get much of a choice in win 10) that added yet more "telemetry" code that for some reason uses your Microsoft login information.

  2. kryptylomese

    Consumers do not get to decide how secure their product is when they purchase Microsoft software.

    Worse they still keep buying this crap when they have a choice!

    Only Microsoft employees down vote this comment!

    1. Dave 126 Silver badge

      >Consumers do not get to decide how secure their product is when they purchase Microsoft software.

      Eh? There is nothing stopping educated users from using encryption of their choice.

      For uneducated users, they now have encryption on by default (a step forward) AND have a means of recovering their data should they forget / lose their key (which let's face it, is going to happen to some people).

      The real paranoid are going top use some specialist Linux dstro anyway. People with jobs that require they safeguard their clients data (doctors, lawyers etc) will find this MS system good enough (since they are complying with the data protection laws to avoid a fine in case they lose a laptop.... they aren't in fear of the NSA. )

      I think this article is spot on, and its main criticism of MS is in their communication.

      1. Justicesays
        Big Brother


        I wouldn't rely on this if you were a lawyer and want your case preparation to remain confidential if you deal with any notable clients or cases.

    2. kryptylomese

      Sorry, when I said Microsoft employees, I meant morons....

      1. Stoneshop Silver badge

        It takes one to know one

    3. Blitterbug

      Re: Only Microsoft employees down vote this comment!

      Wow. And I didn't even know I worked for Microsoft.

  3. Duncan Macdonald Silver badge
    Thumb Down

    Making data recovery difficult

    If Windows 10 automatically encrypts the internal storage then data recovery tools such as PhotoRec are likely to be useless. Windows 10 SHOULD ask if encryption is wanted and show the pro's and con's before enabling encryption. (Encryption will also slow down lower performance systems and ones with SandForce based SSDs.)

    Also if someone manages to hack into your Microsoft account and change the password then you could be locked out of your files.

    Not a good idea.

    1. Dave 126 Silver badge

      Re: Making data recovery difficult

      >Also if someone manages to hack into your Microsoft account and change the password then you could be locked out of your files.

      Could you provide more detail? I'd assume that the encrypted data on your local machine would keep the same key - the data would still be accessible if the machine owner had the encryption key, which is not the same as the MS Account login details.

      For the user to be locked out of their data, the data would have to re-encrypted.

    2. Jack of Shadows Silver badge

      Re: Making data recovery difficult

      @Duncan: I'm wondering what the Hell lame processor running Windows 8 or higher that person is running. Even a slow Core2 Duo here sees only a few percentage points of a hit probably due to the fact that it's spending time twiddling bits waiting on the hard drive. [Probably time to redo that benchmark for SSDs.] True, that initial drive format is bit (okay, looonnnggg) wait....

      1. Tom 38 Silver badge

        Re: Making data recovery difficult

        Twiddling bits in the CPU is not the issue, it is that some flash memory controllers in older SSDs (notably older SandForce SF-2281) are dependent upon it being able to compress the content that is being sent to it to achieve high read/write speeds. Encrypted data should be largely indistinguishable from noise and thus be very poor to compress, resulting in a lower disk performance than if the content was being loaded in the clear.

        CPU speed doesn't come into it.

    3. Crazy Operations Guy

      "data recovery tools such as PhotoRec are likely to be useless."

      And that would be the point of cloud services. On Windows 8 and beyond, if you log in with a Microsoft Account, the default location to open and save files is reset to OneDrive rather than the Documents folder. While users should be doing regular backups for their data, OneDrive is a workable substitute for the average user.

      That seems to be what Microsoft is going for: build things to be sufficient for the vast majority of home users but allow people with other needs to add things in to supplement or replace the built-in stuff.

      1. James 51 Silver badge

        Re: "data recovery tools such as PhotoRec are likely to be useless."

        You can't replace one drive, it's baked in at an OS level. Best you can do is disable it till the next update turns it on again (much like Facebook's tweaks to privacy settings reset my privacy settings to flasher). In five or ten years hopefully the EU will smack them around again but till then we have to put up with this.

        I'm going to buy an SSD, stick ubuntu in it and see how long I can go before booting into the other (Win 7) drive.

  4. ckdizz

    Pretty amazing how they appear to believe that the user who actually knows what encryption is and has a need for it wouldn't be using encryption anyway.

    Most people don't keep data on their devices that needs to be encrypted. People who do keep data on their devices that needs an encryption solution don't need Microsoft's lite version because they've already sorted out better solutions.

    So Microsoft have gone to the trouble and expense of providing a feature that isn't needed by the majority of users, and isn't wanted by the minority who would need it. Which is my biggest issue with this: a company whose software runs on the majority of the world's computers who doesn't have a clue about their market or how it's segmented, and throws money and time into features most people don't need and then enables them by default.

    1. The Real SteveP

      "Most people don't keep data on their devices that needs to be encrypted."

      WOW! That's a pretty sweeping statement; and one that I believe is totally the reverse of reality!

      Most people don't realise that all the personal data that they DO keep on their devises SHOULD be encrypted but isn't, or that they should always protect their data from the bad guys!

    2. TeeCee Gold badge

      Nice obfuscation of the neat bullet points in the article there!

      ....throws money and time into features most people don't need and then enables them by default.

      MS, Oracle, Adobe, IBM, Google, Mozilla........etc ad bloody nauseum are guilty of that one. I suspect that the idea here is twofold.

      First is that they think that if they add everything including the kitchen sink, they can please all the people all the time.

      Second it gives the development team something to do in the absence of any better ideas....

      1. Dave 126 Silver badge

        Okay, most people might have data that is potentially socially embarrassing - pictures from Bob's party that got out of hand, or a catty email about Aunt Clara. You don't want it made public, but no-one is going to any great lengths to get at it.

        A significant chunk of users are required by law to ensure the data on their machines is safe from 3rd parties, or else face fines. Y'know, professionals like doctors, researchers or lawyers - anyone who has information about other people, basically. Laptops do get left on trains and in pubs, or stolen from cars, so encryption that is safe from thieves and blackmailers is a must. To comply with the law they do not need to think about the resources of Nation State security agencies.

        Then you get people who have commercially sensitive information, trade secrets and the like, and are a real target for industrial espionage. In a larger organisation, these users will have their machines administered by professionals.

        Then you have journalists, civil rights activists and the like. Not only do they need the right hardware and software, but they need be educated and apply what they have learnt consistently. That's the hard bit.

        1. Tabor

          @Dave 126

          " You don't want it made public, but no-one is going to any great lengths to get at it."

          Have ever bought a hard drive from eBay ? Plug in, browse contents, ocassionally grin when naughty pics are found. No great lengths needed. At least in those cases Joe User will be better off with what MS is doing.

    3. David T-Rex

      My take on this is its better than nothing and if someone steals your hard disk they would not get access to the files - whereas if the hard disk was not encrypted in any way they would just need to plug it into another computer and everything would be available.

      So in a sense some encryption is better than none as they would need both your account details (or the key) plus physical access to the disk - without both they cant get at the data. I am happy to be corrected on this if I am not correct.

    4. Monkey Face

      RE: Most people don't keep data on their devices that needs to be encrypted

      I'm sorry but I'm calling out the statement "Most people don't keep data on their devices that needs to be encrypted" as utter horseshit.

      Most people keep all sorts of things on their computers that should be encrypted, bank statements, utility bills along with all sorts of other personal information in documents and things that have been emailed. Also things like family photos are something that I would not want someone getting hold of, simply because they could contain a lot of incidental information such as where expensive items in your house are. Your internet history can cause you problems ranging from someone discovering who you do online banking with to a range of other details that can be gleaned from what is now commonly referred to under the catch all term of "metadata" that our governments seem so keen to get hold of, but is of no real importance...

      I have always encrypted my machines, previously with TrueCrypt and more recently with Bitlocker, the storage of the recovery keys in OneDrive is not too much of an issue to me as if someone has my windows password and physical access to my machine then I have bigger problems. But as is pointed out in the article, you have the option to move it somewhere else or keep a hardcopy. Would I want my non-IT parents or family members doing that, no, simply then I would get a phone call asking me to fix their PC so it makes sense. Those who are more IT-savvy then yes, fill your boots.

      1. inmypjs Silver badge

        Re: RE: Most people don't keep data on their devices that needs to be encrypted

        "Most people keep all sorts of things on their computers that should be encrypted, bank statements, utility bills"

        You mean the sort of things they have been keeping on paper for decades and how many of them feel the need to keep bank statements or utility bills in a locked safe?

        For me the utility of being able to take a drive out of one computer and read it in another outweighs the benefit of drive encryption which doesn't really make a shit of difference until the computer or drive is stolen.

      2. tom dial Silver badge

        A case in point is the Clipper Chip of Infamy. After considerable push back about possible government abuse or loss of the escrowed key information (and finding of implementation flaws) it was discarded along with the very real privacy and security benefits that it would have offered in well over 99% of all cases. Even if the entire escrow database had been published the result would not be inferior to what we have, which is that most telephony is done in the clear. The same is true of the related Capstone, intended for use with communications other than telephony, although much of the benefit was recovered through use of SSL and TLS.

    5. ckdizz

      The responses to this are typical of a segment of IT professionals whose idea of what ordinary users want and do with their technology is way out of line with those ordinary users. And who, I strongly suspect, don't actually have much of an idea where data gets stolen from and how it gets stolen.

      Just to be clear, we're excluding businesses here and people who are required by law to maintain a level of security: doctors who use specialist patient management software, businesses who have secured databases of customer information, governments who use bespoke file management and email systems. These are obviously not the target of Microsoft's encryption, just in case you didn't understand the meaning of the phrase "People who do keep data on their devices that needs an encryption solution don't need Microsoft's lite version because they've already sorted out better solutions" and just in case you didn't realise how much of a blunt tool this is.

      Encryption != good by default. You would be hard pushed to find even 2% of ordinary, personal Windows users who understand what local drive encryption is, who would actually need it in their personal lives, and who could utilise it and maintain that level of encryption and security at the actual points of intrusion: iCloud, Facebook, OneDrive, Gmail. These are the users it's targeted at. All the local encryption in the world wouldn't help someone with a weak password or who falls victim to a vulnerability in someone else's service. And most leaks that involve personal information don't come from local devices.

  5. Timmy B Silver badge

    Some simple improvements,,,,

    I like the idea of MS adding a far more in depth wizard on installation of Windows. A whole page on data sharing with pros and cons for each thing shared. In fact this is a must and I would suggest that they retro-fit it to Windows 10 a bit like the browser choice they had to before.

    As for drive encryption a section of a screen saying "Do you want to encrypt your drive? It'll make it more secure but a tiny bit slower and if you forget your password you could lose access to your files". And if they say yes then a bit that says "You will need a recovery file in case you forget your password - do you want to a: print it, b: save it to usb or c: store it on a Microsoft server".

    How easy would that be? In fact I don't see why they didn't do it. If you phrase something well then 99% of users can understand it. MS even have the resources to do a little explanatory video on all these things.

    Now I think about it - why not add in options for accepting updates or not - just give people the option and explain the consequences of not accepting them.

    I like Windows 10 - I really do - but a little spit and polish is needed.

    1. Trigonoceps occipitalis

      Re: Some simple improvements,,,,

      Clippy will help:

      "It looks like you are trying to lose your data - do you want help with that?"

  6. Anonymous Coward
    Anonymous Coward

    All your keys belong to China

    "If the Feds are in your threat model, shouldn't you try something a little stiffer than the default encryption tool?"

    Actually by taking the keys, Microsofts holds the keys, and others can get the keys. You mention Feds, but this also means that China can demand the keys from Microsoft.

    If Microsoft hadn't grabbed the key, then China would have nothing to require MS to hand over.

    Either way, since when has Microsoft unlocked your PC remotely for you when you forget the password??? I searched their Windows 10 help and it offers no such service!

    1. Anonymous Coward
      Anonymous Coward

      Re: All your keys belong to China

      "China can demand the keys"

      Well if you have the previous default installation then your drive is not encrypted so China does not need anything from Microsoft to access your data. The new arrangement means they need your machine and they need the recovery key from Microsoft. So it is not perfect security but it is an improvement.

      "I searched their Windows 10 help and it offers no such service!"

      It's not essential with an unencrypted drive, as forgetting your password does not stop you from recovering your data. An admin account can be used to modify permissions or you can boot the machine from another drive to recover the data.

      What this encryption does do is make it much more difficult for someone who recovers your hard drive from the garbage or finds your lost computer from accessing your data.

  7. Novex

    As kind of said in the article...

    ...the issues this highlights are of transparency and choice. Transparency is about letting us know that something is going to happen before it happens, and the choice is letting us choose from reasonable options what to do about the 'thing' being done, one of those options being to not allow the 'thing' to be done. It seems that Microsoft** thinks that it doesn't need to ask us what we want to do any more, and is going all Auntie* on us...

    *which basically means making decisions for us like we're children rather than treating us as independent adults who can make our own minds up, even if that means we might screw things up.

    **I have to declare a conflict of interest here - I now mostly use Linux Mint for regular stuff, so it's something of a non-issue for me. However, I do occasionally drop back to Win7 for less regular programs that don't have Linux equivalents.

  8. Alan Sharkey

    Are you sure it's the default?

    Are you sure this is on by default? I have had Windows 10 machines, removed the boot drive, stuck it in another PC and was able to read the data. So, where did the encryption come in?


    1. Novex

      Re: Are you sure it's the default?

      I think the suggestion is it's only on by default if there is a TPM on the motherboard. It may be that many mobos don't have TPMs, so the encryption isn't enabled.

    2. Alan Sharkey

      Re: Are you sure it's the default?

      How does one check for a TPM?

      1. Norphy

        Re: Are you sure it's the default?

        Look in your device manager. If a TPM is present, there will be a device listed in there for it.

      2. Anonymous Coward
        Anonymous Coward

        Re: How does one check for a TPM?

        In some better class PCs I think there used to be a BIOS option to enable/disable the TPM. I haven't been close to a new PC for several years so don't know about current stuff.

      3. Adam 1 Silver badge

        Re: Are you sure it's the default?

        > How does one check for a TPM?

        Remove the HD, then set fire to the rest of the PC. Once extinguished, you can try to recover the files on another PC. If not, the melted mess of metals and silicon had a TPM module.

  9. Robert Helpmann?? Silver badge

    An Alternative Answer

    What if I'm using Windows 10 Pro or Enterprise?

    Either you are an admin and should be able to track this answer down yourself or you have no business making any changes in which case you should go back to looking at cat videos on company time.

  10. Mark 65 Silver badge

    Ignorance is bliss

    Fine. If you're a Windows Home user, click here, save a copy of the recovery key just in case, and then delete it from OneDrive. Microsoft promises to eventually scrub it from its cloud servers and backups.

    ...and naivety is costly. You dismiss the NSA question as tinfoil hat wearing buffoonery but, in the post Snowden revelation era where reality was worse than conspiracy, it is plain to see that this is MS yet again leaving the keys to your front door on their mantelpiece so the authorities can sweep them up. You think it matters whether they promise to eventually scrub them (time-frame anyone?)? Once they left your system and crossed the wire the game is over. It's true ignorance like this that makes the World a much less safer place and allows the idiocracy of modern politics to gain traction. Stop excusing this bullshit and call it for what it is.

    I eagerly await the first dismissal using the "nothing to hide" straw man.

    1. Roo

      Re: Ignorance is bliss

      "I eagerly await the first dismissal using the "nothing to hide" straw man."

      In addition to the nothing to hide bollocks, there is a problem with the spooks & cops having back doors for everything and their usage without any kind of transparency is accepted (and lawful) practice. Essentially the press, a Judge, or a Jury are expected to trust such "covertly" obtained "evidence" without question, and the defendant is unable to challenge the evidence lawfully either so anyone can be locked up or libelled by some faceless apparatchik with zero opportunity for redress. It makes it far too easy to eliminate any challenges to a corrupt or unjust system. Systems that don't have any kind of negative feedback are almost always unstable and self-destructive, so It will end badly, it's just a matter of when not if.

      1. Dan 55 Silver badge

        Re: Ignorance is bliss

        Multiply that by four - the US, UK, China, and possibly France too appear to have claimed ownership to MS' servers wherever they are in the world.

        There'll be more countries to add to that list, I'm sure.

        So Windows 10's default of "upload everything" is the height of folly.

    2. tom dial Silver badge

      Re: Ignorance is bliss

      The real problem with "nothing to hide, nothing to fear" relative to their domestic, and even foreign, TLAs is that for the overwhelming majority, nearly all the time, it is a factually correct statement. While this statement varies in accuracy depending on the government under which one lives, even the most oppressive regimes have resource limitations that require them to manage surveillance and focus on those who appear likely to cause trouble, and rely on much more pervasive means of surveillance than mere access to storage encryption keys will provide. At bottom, though, most people go about their lives following governmentally and socially approved paths and do not have to be particularly concerned, on a personal basis, about vulnerability to law enforcement activity.

      That is not an argument against encrypting data to provide a degree of privacy and security, but surely it is unreasonable and simply incorrect to argue that Microsoft's storage of recovery keys reduces privacy security below what plain text storage provides.

      1. Anonymous Coward
        Anonymous Coward

        Re: resource limitations (vs proper supervision)

        "even the most oppressive regimes have resource limitations that require them to manage surveillance and focus on those who appear likely to cause trouble"

        Do you actually believe that farcical claim?

        You might want to read about Mark Kennedy, aka Mark Stone, an undercover cop who for multiple years was infiltrating a legitimate peaceful protest organisation.

        He's far from the only example, just the best known.

        The idea that the security services "focus on those who appear likely to cause trouble" is farcical.

        Unless by "cause trouble" you don't mean "trouble for the public" you mean "trouble for the powers that be and their friends". In which case you might have a point.

        The establishment's solution to avoiding a repeat of cases like Kennedy/Stone is to put the Metropolitan Police in charge of supervising the whole country's undercover operations. Well that should work shouldn't it.

  11. chivo243 Silver badge

    Loaded guns

    I am starting to wonder if we need a Computer Operating License? A lot of things we do need a license/permit/permission. Driving a motor vehicle, getting married, owning a dog, putting a string in the water to catch a fish etc or building a garage in your backyard. The software today is sufficiently advanced, that only a small percentage of professionals know enough to operate it all properly.

    I read an earlier post talking about a configuration page defining what encryption is and why it's good. If implemented, I hope there is a "yes, I'm a n00b" button for skipping it. The amount of IT Knowledge in the universe is constant, but there are more and more users everyday.

    1. Destroy All Monsters Silver badge

      Re: Loaded guns

      Please explain how a "license" is supposed to fix anything.

      Maybe one needs a license to read books, because there is lots of dangerous and sexual stuff in there that could lead to emotional instability? Plus, it would bring in the monies and provide bureaucratic jobs.


POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019