Windows 10 has heralded the arrival of a leaner, meaner Microsoft. With nagging prompts and one exec’s warning that if you stay on Windows 7, you do so “at your own risk, at your own peril,” the company’s aggressive and vaguely coercive push to upgrade existing Windows machines to Windows 10 has the distinctly ’90s flavor of Microsoft’s glory days, when it was practically the only game in town. Microsoft is no longer a computing powerhouse, but it also isn’t the dinosaur it was just a few years ago. Now it appears to be seeking a beachhead onto its users data.
After the release of Windows 10 this summer, I detailed Microsoft’s decision to push minimally protective and maximally profitable settings on to users as a default, including making it very hard for them not to allow Microsoft to use their machine as a peer-to-peer node for distributing Windows updates. (Disclosure: I used to work as a software engineer at Microsoft and Google.) I also noted that Windows 10’s privacy policy and end user licensing agreement blurred the line between user’s machines and the cloud beyond what any desktop operating system had done to this point. And because clouds (operated by companies) are subject to different legal and privacy protections than one’s local machine (operated by you), I worried that users’ local data was in danger of being surveilled, analyzed, or possibly distributed, concerns that Microsoft’s tortuous yet vague policies did not allay. So with the Intercept reporting last week that Microsoft probably holds a copy of the encryption keys for Windows 10 users’ hard drives, it might be natural to fret that Microsoft is building a digital panopticon to know everything about its customers. In truth, this encryption-key issue is a sideshow compared to these more pedestrian privacy issues. But it illuminates Microsoft’s state of mind in designing Windows 10. Windows device encryption isn’t designed for privacy, but for security—and that’s an important difference.
As Peter Bright explains at Ars Technica, Windows disk encryption isn’t new. It’s based on the BitLocker drive encryption that has been with the company’s operating systems as a supplemental app since Vista in the mid-2000s, and has come with professional versions of Windows as “device encryption” since Windows 8.1. Windows 10 is the first, however, to offer it as a default feature to noncorporate users who are using a Microsoft account (which, incidentally, I don’t recommend). In all cases, the encryption key is stored on a Trusted Platform Module chip in the motherboard of the computer. However, a secondary backup key, termed a recovery key, is needed in case the computer malfunctions, or else it would be impossible to recover data if your computer broke in such a way that getting the key from the TPM was impossible. Previously, the recovery key was stored either by the user in a secondary location like a flash drive, or else through the Windows corporate network’s Active Directory service. Consumers don’t have the second option, while the first requires enough manual intervention that some users inevitably wouldn’t bother backing up their key. And Microsoft cares far more about users who are angry over losing data on a damaged laptop than civil libertarians crowing over privacy features.
So for Windows 10, Microsoft took the path of least resistance and chose to store the recovery key on the user’s OneDrive cloud account. (This is why using device encryption requires having a Microsoft account.) This is what the Intercept article bemoans: that Microsoft has the ability to decrypt your whole drive and get at all your data. But Microsoft didn’t take this step for the purpose of violating users’ privacy; it clearly did it for usability concerns. After all, for many Windows 10 users, Microsoft wouldn’t need the recovery key anyway to see your data. Even if you are using device encryption with a Microsoft account, much of your data is being backed up to OneDrive in the cloud anyway. The point of device encryption was never to protect your data from Microsoft—just from thieves.
The Intercept fails to ask the most crucial question, which is what the intended use of the device encryption feature is. By assuming that the purpose is privacy, it expects things that Microsoft never intended Windows to provide and that most users weren’t expecting. With Windows 10, the purpose of device encryption is not to lock your machine away from all eyes except your own. Rather, it’s a feature intended primarily for cases of theft, so that sensitive corporate data can’t be grabbed from stolen laptops. It wasn’t designed with hiding your data from Microsoft in mind. Now, corporate users will be logging on with corporate domain accounts rather than Microsoft accounts, which means their keys won’t be on OneDrive. So corporations using Windows networks can effectively use device encryption to keep Microsoft out of their data as well as anyone else. Microsoft will never see corporate users’ recovery keys, which will only be stored on the corporate intranet. Windows-using corporations wouldn’t have it any other way. But in the consumer case, there’s no particular inclination on Microsoft’s or users’ behalf to lock down data to this extent. Microsoft provides security from malefactors, not privacy from corporate and governmental monitoring.
And yet. Windows 10 is not a privacy-friendly operating system, and Microsoft has not taken steps to clarify the overreach present in its policies. The company is clearly trying to catch up to Google, Apple, and Facebook in the user-data race, and so its policies emit a whiff of eminent domain: Even when we aren’t looking at your files which we mirror to OneDrive, Microsoft seems to be saying, we are the ones taking care of your data. Once the company’s got it, will Microsoft be tempted to ask for a bigger peek, just as Facebook has gradually gotten nosier with its user data? The tenets of capitalism says yes. Microsoft may be playing catch-up with Apple as far as desktop-cloud synchronization goes, but its privacy policies are a lot more lax than its competitor’s—which themselves aren’t perfect. But nothing in the Intercept article should make Windows 10 any less appealing than it already was to a given user—if it does, then you haven’t been paying enough attention. The biggest privacy issues with Windows 10 are the ones I described five months ago; encryption-key sharing is merely a natural consequence of them. In his Ars Technica piece, Bright details steps to remove your key from OneDrive and back it up locally, but users who are both technically savvy and who care enough to do so should be using Linux rather than plugging hole after hole in the wall Microsoft is attempting to dissolve between your machine and the cloud. (And let’s face it, these users probably aren’t using Microsoft accounts and OneDrive anyway.)
If privacy matters enough that you want to protect your machine and your data from the eyes of the government and the tech industry, you shouldn’t be using Windows 10—or Apple, or Android—in the first place.
This article is part of Future Tense, a collaboration among Arizona State University, New America, and Slate. Future Tense explores the ways emerging technologies affect society, policy, and culture. To read more, visit the Future Tense blog and the Future Tense home page. You can also follow us on Twitter.
