Before heading off to battle, King Arthur gives Lancelot the key to Guinevere’s chastity belt with solemn instructions: If Arthur is killed or fails to return within seven years, Lancelot is to relieve Guinevere of her vow. Ten minutes later, Lancelot rides back and says, “My king, you gave me the wrong key.”

When you encrypt your laptop’s hard drive, you likely believe you have taken a decisive step to secure your data. If the laptop is lost, stolen, or seized, the contents should remain unreadable without your cooperation. That belief, however, is only conditionally true. If you follow Microsoft’s recommendation and back up your BitLocker recovery key to your Microsoft account for convenience, you have not retained exclusive control of that key. You have placed it in the custody of a third party—and like King Arthur, your trust in that third party (here, Microsoft) is misplaced.

Microsoft has publicly confirmed that it regularly provides BitLocker recovery keys to law enforcement when those keys are stored in the cloud. Forbes reported a specific instance in which Microsoft complied with an FBI request for BitLocker keys associated with a computer in Guam during a fraud investigation. See Thomas Brewster. Microsoft further confirmed that it receives roughly twenty such requests per year and “often complies.” Id. At the same time, Microsoft has made a critical admission: If the recovery key is stored only locally by the user and never uploaded, Microsoft cannot comply because it does not possess the key. As Benjamin Franklin observed, “two may keep a secret, provided one of them is dead.”

BitLocker itself is not broken. The encryption is strong. The failure lies in the assumption that being encrypted automatically means secure. Encryption protects data in transit and at rest, but it does not determine who can decrypt it. That determination turns entirely on who holds the key.

This dynamic is not unique to Microsoft. Google provides a parallel—and even more widely misunderstood—example. Gmail and Google Docs are encrypted, both in transit and at rest. Users often take comfort in that fact, believing it means Google cannot read their communications or documents. Yet Google routinely complies with subpoenas, warrants, and court orders requiring it to produce the contents of Gmail accounts and Google Docs.
Google can do so because Google, not the user, holds the encryption keys.

Courts have never treated Google’s encryption of user data as a barrier to lawful access. To the contrary, production of decrypted email and documents is commonplace in criminal and civil litigation. This creates the illusion of security. Sure, the documents are encrypted. But Google holds — and can be compelled to use — the key. In effect, the proponents of the “clipper chip” – the three-party encryption key where a master key is in the hands of the government — have effectively won.

In many ways, the illusion of security is worse than no security at all. Because people believe that their documents or emails in the cloud are “secure” and “encrypted,” they don’t take additional steps to protect them. If the government sought the contents of all of your business papers, they typically would have to subpoena you for them or get a search warrant to seize them. Nowadays, they just get some legal process to Microsoft, Google or some other providers, and voila! They have all of your records. And even better for them, you don’t know they have your records, and cannot assert things like doctor-patient or attorney-client privilege. In fact, in most cases, they don’t ever have to tell you that they have your records.

In 1979, the U.S. Supreme Court established the so-called “third-party” doctrine, that the government can obtain certain records from a “third party” without notice and without a warrant. In Smith v. Maryland,  the Court allowed the government to get telephone toll records (the same kind of records Special Counsel Jack Smith got about members of Congress) with a simple subpoena to the phone company. For “content” records (documents, emails, etc.) or certain location data, a warrant rather than a subpoena might be required. But in either case, the person whose records are taken does not know that the records are taken. They have the illusion of privacy and the illusion of security.

What matters, therefore, is not whether data is encrypted. What matters is who can unlock it.

As long as the key is held by a third party who can be compelled—or sometimes merely asked—to decrypt the data, the data may be encrypted, but it is not secured in the way most users assume. Encryption in that model protects against casual theft and opportunistic attacks, but it does not protect against legal process, insider access, or account compromise. It is security against burglars, not against custodians.

This distinction is critical for journalists, lawyers, activists, and anyone handling sensitive or privileged information. Disk encryption and cloud-based document storage are often relied upon as safeguards of last resort. But those safeguards evaporate if the user does not control the keys. None of this implies wrongdoing by Microsoft or Google. Both companies are complying with lawful process and, when pressed, have been relatively transparent about their practices. The real problem lies in the mismatch between user expectations and system design. When users are encouraged to back up recovery keys or store sensitive data in encrypted cloud services without a clear explanation of who controls access, “encrypted” becomes a dangerously misleading label.

The lesson is straightforward but uncomfortable. Encryption does not equal security. Control of the key does. If you want true control over your data, you must accept the burden that comes with it: Local key storage, offline backups, and the risk that forgetting a password may mean losing access forever. Convenience is not free. It is paid for with shared control.

King Arthur’s mistake was not trusting a key. It was in assuming he controlled it. In modern computing, that same mistake is easier to make, harder to detect, and far more consequential.

Recent Articles By Author