For years, we’ve been told that encryption is the gold standard for digital privacy. If data is encrypted, it is supposed to be locked away from hackers, companies and governments alike. That assumption just took a hit. 

In a federal investigation tied to alleged COVID-19 unemployment fraud in Guam, a U.S. territory where federal law applies, Microsoft confirmed it provided law enforcement with BitLocker recovery keys. Those keys allowed investigators to unlock encrypted data on multiple laptops.

This is one of the clearest public examples to date of Microsoft providing BitLocker recovery keys to authorities as part of a criminal investigation. While the warrant itself may have been lawful, the implications stretch far beyond one investigation. For everyday Americans, this is a clear signal that “encrypted” does not always mean “inaccessible.”

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

HACKERS ABUSE GOOGLE CLOUD TO SEND TRUSTED PHISHING EMAILS

What happened in the Guam BitLocker case?

Federal investigators believed three Windows laptops held evidence tied to an alleged scheme involving pandemic unemployment funds. The devices were protected with BitLocker, Microsoft’s built-in disk encryption tool enabled by default on many modern Windows PCs. BitLocker works by scrambling all data on a hard drive so it cannot be read without a recovery key. 

Users can store that key themselves, but Microsoft also encourages backing it up to a Microsoft account for convenience. In this case, that convenience mattered. When served with a valid search warrant, Microsoft provided the recovery keys to investigators. That allowed full access to the data stored on the devices. Microsoft says it receives roughly 20 such requests per year and can only comply when users have chosen to store their keys in the cloud.

We reached out to Microsoft for comment, but did not hear back before our deadline.

How Microsoft was able to unlock encrypted data

According to John Ackerly, CEO and co-founder of Virtru and a former White House technology advisor, the problem is not encryption itself. The real issue is who controls the keys. He begins by explaining how convenience can quietly shift control. “Microsoft commonly recommends that users back up BitLocker recovery keys to a Microsoft account for convenience. That choice means Microsoft may retain the technical ability to unlock a customer’s device. When a third party holds both encrypted data and the keys required to decrypt it, control is no longer exclusive.”

Once a provider has the ability to unlock data, that power rarely stays theoretical. “When systems are built so that providers can be compelled to unlock customer data, lawful access becomes a standing feature. It is important to remember that encryption does not distinguish between authorized and unauthorized access. Any system designed to be unlocked on demand will eventually be unlocked by unintended parties.”

Ackerly then points out that this outcome is not inevitable. Other companies have made different architectural choices. “Other large technology companies have demonstrated that a different approach is possible. Apple has designed systems that limit its own ability to access customer data, even when doing so would ease compliance with government demands. Google offers client-side encryption models that allow users to retain exclusive control of encryption keys. These companies still comply with the law, but when they do not hold the keys, they cannot unlock the data. That is not obstruction. It is a design choice.”

Finally, he argues that Microsoft still has room to change course. “Microsoft has an opportunity to address this by making customer-controlled keys the default and by designing recovery mechanisms that do not place decryption authority in Microsoft’s hands. True personal data sovereignty requires systems that make compelled access technically impossible, not merely contractually discouraged.”

In short, Microsoft could comply because it had the technical ability to do so. That single design decision is what turned encrypted data into accessible data.

“With BitLocker, customers can choose to store their encryption keys locally, in a location inaccessible to Microsoft, or in Microsoft’s consumer cloud services,” a Microsoft spokesperson told CyberGuy in a statement. “We recognize that some customers prefer Microsoft’s cloud storage, so we can help recover their encryption key if needed. While key recovery offers convenience, it also carries a risk of unwanted access, so Microsoft believes customers are in the best position to decide whether to use key escrow and how to manage their keys.”

WHY CLICKING THE WRONG COPILOT LINK COULD PUT YOUR DATA AT RISK

Why this matters for data privacy

This case has reignited a long-running debate over lawful access versus systemic risk. Ackerly warns that centralized control has a long and troubling history. “We have seen the consequences of this design pattern for more than two decades. From the Equifax breach, which exposed the financial identities of nearly half the U.S. population, to repeated leaks of sensitive communications and health data during the COVID era, the pattern is consistent: centralized systems that retain control over customer data become systemic points of failure. These incidents are not anomalies. They reflect a persistent architectural flaw.”

When companies hold the keys, they become targets. That includes hackers, foreign governments and legal demands from agencies like the FBI. Once a capability exists, it rarely goes unused.

How other tech giants handle encryption differently

Apple has designed systems, such as Advanced Data Protection, where it cannot access certain encrypted user data even when served with government requests. Google offers client-side encryption for some services, primarily in enterprise environments, where encryption keys remain under the customer’s control. These companies still comply with the law, but in those cases, they do not possess the technical means to unlock the data. That distinction matters. As encryption experts often note, you cannot hand over what you do not have.

What we can do to protect our privacy

The good news is that personal privacy is not gone. The bad news is that it now requires intention. Small choices matter more than most people realize. Ackerly says the starting point is understanding control. “The main takeaway for everyday users is simple: if you don’t control your encryption keys, you don’t fully control your data.”

That control begins with knowing where your keys are stored. “The first step is understanding where your encryption keys live. If they’re stored in the cloud with your provider, your data can be accessed without your knowledge.”

Once keys live outside your control, access becomes possible without your consent. That is why the way data is encrypted matters just as much as whether it is encrypted. “Consumers should look for tools and services that encrypt data before it reaches the cloud — that way, it is impossible for your provider to hand over your data. They don’t have the keys.” Defaults are another hidden risk. Many people never change them. “Users should also look to avoid default settings designed for convenience. Default settings matter, and when convenience is the default, most individuals will unknowingly trade control for ease of use.”

When encryption is designed so that even the provider cannot access the data, the balance shifts back to the individual. “When data is encrypted in a way that even the provider can’t access, it stays private — even if a third party comes asking. By holding your own encryption keys, you’re eliminating the possibility of the provider sharing your data.” Ackerly says the lesson is simple but often ignored. “The lesson is straightforward: you cannot outsource responsibility for your sensitive data and assume that third parties will always act in your best interest. Encryption only fulfills its purpose when the data owner is the sole party capable of unlocking it.” Privacy still exists. It just no longer comes by default.

700CREDIT DATA BREACH EXPOSES SSNS OF 5.8M CONSUMERS

Practical steps you can take today

You do not need to be a security expert to protect your data. A few practical checks can go a long way.

1) Start by checking where your encryption keys live

Many people do not realize that their devices quietly back up recovery keys to the cloud. On a Windows PC, sign in to your Microsoft account and look under device security or recovery key settings. Seeing a BitLocker recovery key listed online means it is stored with Microsoft. 

For other encrypted services, such as Apple iCloud backups or Google Drive, open your account security dashboard and review encryption or recovery options. Focus on settings tied to recovery keys, backup encryption, or account-based access. When those keys are linked to an online account, your provider may be able to access them. The goal is simple. Know whether your keys live with you or with a company.

2) Avoid cloud-based key backups unless you truly need them

Cloud backups are designed for convenience, not privacy. If possible, store recovery keys offline. That can mean saving them to a USB drive, printing them and storing them in a safe place, or using encrypted hardware you control. The exact method matters less than who has access. If a company does not have your keys, it cannot be forced to turn them over.

3) Choose services that encrypt data before it reaches the cloud

Not all encryption works the same way, even if companies use similar language. Look for services that advertise end-to-end or client-side encryption, such as Signal for messages, or Apple’s Advanced Data Protection option for iCloud backups. These services encrypt your data on your device before it is uploaded, which means the provider cannot read it or unlock it later. Here is a simple rule of thumb. If a service can reset your password and restore all your data without your involvement, it likely holds the encryption keys. That also means it could be forced to hand over access. When encryption happens on your device first, providers cannot unlock your data because they never had the keys to begin with. That design choice blocks third-party access by default.

4) Review default security settings on every new device

Default settings usually favor convenience. That can mean easier recovery, faster syncing and weaker privacy. Take five minutes after setup and lock down the basics.

iPhone: tighten iCloud and account recovery

Turn on Advanced Data Protection for iCloud (strongest iCloud protection)

• Open Settings
• Tap your name
• Tap iCloud
• Scroll down and tap Advanced Data Protection
• Tap Turn On Advanced Data Protection
• Follow the prompts to set up Account Recovery options, like a Recovery Contact or Recovery Key

Review iCloud Backup

• Open Settings
• Tap your name
• Tap iCloud
• Tap iCloud Backup
• Decide if you want it on or off, based on your privacy comfort level

Strengthen your Apple ID security

• Open Settings
• Tap your name
• Tap Sign-In & Security
• Make sure Two-Factor Authentication (2FA) is turned on and review trusted phone numbers and devices
• Review trusted phone numbers and devices

Android: lock your Google account and backups

Review and control device backup

Settings may vary depending on your Android phone’s manufacturer.

• Open Settings
• Tap Google
• Tap Backup (or All services then Backup)
• Tap Manage backup
• Choose what backs up and confirm which Google account stores it

NEW ANDROID MALWARE CAN EMPTY YOUR BANK ACCOUNT IN SECONDS

Strengthen your screen lock, since it protects the device itself

Settings may vary depending on your Android phone’s manufacturer.

• Open Settings
• Tap Security or Security & privacy
• Set a strong PIN or password
• Turn on biometrics if you want, but keep the PIN strong either way

Secure your Google account

Settings may vary depending on your Android phone’s manufacturer.

• Open Settings
• Tap Google
• Tap Manage your Google Account
• Go to Security
• Turn on 2-Step Verification and review recent security activity

Mac: enable FileVault and review iCloud settings

Turn on FileVault disk encryption

• Click the Apple menu
• Select System Settings
• Click Privacy & Security
• Scroll down and click FileVault
• Click Turn On
• Save your recovery method securely

Review iCloud syncing

• Open System Settings
• Click your name
• Click iCloud
• Review what apps and data types sync
• Turn off anything you do not want stored in the cloud

Windows PC: check BitLocker and where the recovery key is stored

Confirm BitLocker status and settings

• Open Settings
• Go to Privacy & security
• Tap Device encryption or BitLocker (wording varies by device)

Check whether your BitLocker recovery key is stored in your Microsoft account

• Go to your Microsoft account page
• Open Devices
• Select your PC
• Look for Manage recovery keys or a BitLocker recovery key entry
• If you see a key listed online, it means the key is stored with Microsoft. That is why Microsoft was able to provide keys in the Guam case.

If your account can recover everything with a few clicks, a third party might be able to recover it too. Convenience can be helpful, but it can also widen access.

5) Treat convenience features as privacy tradeoffs

Every shortcut comes with a cost. Before enabling a feature that promises easy recovery or quick access, pause and ask one question. If I lose control of this account, who else gains access? If the answer includes a company or third party, decide whether the convenience is worth it. 

These steps are not extreme or technical. They are everyday habits. In a world where lawful access can quietly become routine access, small choices now can protect your privacy later.

Strengthen protection beyond encryption

Encryption controls who can access your data, but it does not stop every real-world threat. Once data is exposed, different protections matter.

Strong antivirus software adds device-level protection

Strong antivirus software helps block malware, spyware and credential-stealing attacks that can bypass privacy settings altogether. Even encrypted devices are vulnerable if malicious software gains control before encryption comes into play.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com

An identity theft protection service helps when exposure turns into fraud

If personal data is accessed, sold, or misused, identity protection services can monitor for suspicious activity, alert you early and help lock down accounts before damage spreads. Identity Theft companies can monitor personal information like your Social Security Number (SSN), phone number and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com.

Kurt’s key takeaways

Microsoft’s decision to comply with the BitLocker warrant may have been legal. That doesn’t make it harmless. This case exposes a hard truth about modern encryption. Privacy depends less on the math and more on how systems are built. When companies hold the keys, the risk falls on the rest of us.

Do you trust tech companies to protect your encrypted data, or do you think that responsibility should fall entirely on you? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

Copyright 2026 CyberGuy.com.  All rights reserved.

Substack is notifying some users that the email addresses and phone numbers linked to their accounts were exposed in a “security incident” last year. In an email to account holders, Substack CEO Chris Best said that a hacker had accessed internal data without authorization in October 2025, but that passwords, credit card numbers, and other financial information remain secure.

“On February 3rd, we identified evidence of a problem with our systems that allowed an unauthorized third party to access limited user data without permission, including email addresses, phone numbers, and other internal metadata,” Best said in the email. “We do not have evidence that this information is being misused, but we encourage you to take extra caution with any emails or text messages you receive that may be suspicious.”

Substack says that it has since fixed the security problem, and is now conducting a full investigation alongside bolstering its systems “to prevent this type of issue from happening in the future.” The platform didn’t provide any details regarding what the security issue was, or how many users have been impacted — myself and several Verge colleagues who also use Substack did not receive the email. We have reached out to Substack for clarification.

“I’m incredibly sorry this happened,” Best said in the email to users. “We take our responsibility to protect your data and your privacy seriously, and we came up short here.”

Nancy Guthrie, the 84-year-old mother of “Today” show co-anchor Savannah Guthrie, was reported missing from her home in the Catalina Foothills area near Tucson after she failed to appear for church and could not be reached by family. When deputies arrived, several things stood out. Her phone, wallet and car keys were inside the home. The daily medication she relies on was left behind. Given her age and mobility challenges, investigators said she would not have left voluntarily.

The Pima County Sheriff’s Department has since stated publicly that the case is being treated as a suspected abduction, and the home was processed as a crime scene. As the search continues, investigators are piecing together not only physical evidence and witness tips, but also the digital trail left behind by everyday technology.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

149 MILLION PASSWORDS EXPOSED IN MASSIVE CREDENTIAL LEAK

Why technology matters in missing person investigations

In cases like this, technology rarely delivers a single smoking gun. Instead, it helps investigators answer quieter but critical questions that shape a timeline. Investigators ask when everything still looked normal. They look for the moment when devices stopped communicating. They try to pinpoint when something changed. Phones, medical devices, cellular networks and cameras generate timestamps. Those records help narrow the window when events may have taken a dangerous turn.

YOUR PHONE SHARES DATA AT NIGHT: HERE’S HOW TO STOP IT

How investigators connect data across agencies

Behind the scenes, investigators rely on advanced analytical systems to connect information from multiple sources and jurisdictions. In Tucson and across Pima County, law enforcement agencies use artificial intelligence-assisted crime analysis platforms such as COPLINK, which allows data sharing with at least 19 other police departments across Arizona. These systems help investigators cross-reference tips, reports, vehicle data and digital evidence more quickly than manual searches.

The Pima County Sheriff’s Department, Tucson Police Department and the FBI also work through real-time analytical crime centers, including Tucson’s Real-Time Analytical Crime Center (TRACC). These centers allow analysts to review large volumes of data together, from phone records and license plate reads to surveillance timestamps.

This type of analysis does not replace traditional police work. It helps narrow timelines, rule out possibilities and prioritize leads as new information comes in.

Bluetooth data and Apple’s potential role

iOS may retain low-level Bluetooth artifacts outside the pacemaker app. Access to this data typically requires:

• Legal process
• Apple cooperation
• Device forensic extraction

Bluetooth artifacts cannot determine distance. They cannot show that two devices were a few feet apart. What they can sometimes provide is timestamp correlation, confirming that a Bluetooth interaction occurred. That correlation can help align pacemaker activity with phone movement or inactivity. It is not publicly known whether Apple has been formally contacted in this case. An inquiry has been made. Apple typically does not comment on specific investigations but may confirm what categories of data could be available.

What the iPhone itself may reveal

Even without medical data, the iPhone left behind may provide valuable corroboration. With proper legal access, investigators may examine:

• Motion sensor activity
• Cellular network connections
• Wi-Fi associations
• Camera metadata
• Power and usage patterns

This data can help establish whether the phone moved unexpectedly or stopped being used at a specific time. Again, the value lies in confirming timelines, not speculating motives.

Cell tower data and coverage around the home

Public mapping databases show dense cellular coverage in the area surrounding the Guthrie residence. There are 41 cell towers within a three-mile radius. The closest carrier towers are approximately:

• AT&T at 1.0 mile
• Verizon at 1.4 miles
• T-Mobile at 3.0 miles

Carrier records can be analyzed to identify device connections, sector handoffs and anomalous activity during the critical window between Saturday evening and Sunday morning. This analysis is complex, but it can help confirm whether a device moved or disconnected unexpectedly.

Cameras, license plate readers and neighborhood footage

Investigators are also reviewing surveillance systems. Tucson primarily uses Verkada cameras integrated with the Fusus platform. Flock Safety cameras are used in other parts of the region, including South Tucson.

More than 200 automatic license plate readers are deployed in the broader area, allowing investigators to review historical vehicle movements during the critical time window. These systems can capture license plates, vehicle make and color, vehicle type and alerts tied to suspect vehicles.

Private sources may matter just as much. Neighbor doorbell cameras and home systems can provide important timeline markers, even if the footage is grainy. Some modern vehicles also record motion near parked cars if settings are enabled.

SUPER BOWL SCAMS SURGE IN FEBRUARY AND TARGET YOUR DATA

Ways to keep your loved ones safe

Technology can help protect older or vulnerable relatives, but it works best when combined with everyday habits that reduce risk.

1) Use connected cameras

Install smart doorbell cameras and outdoor security cameras that notify family members when someone unfamiliar appears. Alerts can matter just as much as recorded footage. Many newer systems allow AI-based person detection, which can alert you when an unknown person is seen at certain times of day or night. These alerts can be customized, so family members know when activity breaks a normal pattern, not just when motion is detected.

2) Wear an emergency pendant or medical alert device

Emergency pendants and wearable SOS devices let someone call for help with a single press. Many newer models work outside the home and can alert caregivers if a fall is detected. Some devices also include GPS, which helps when someone becomes disoriented or leaves home unexpectedly. This remains one of the most overlooked safety tools for older adults.

3) Enable device sharing and safety features

If your loved one agrees, enable location sharing, emergency contacts and built-in safety features on their phone or wearable.

On smartphones, this can include:

• Emergency SOS
• Medical ID access from the lock screen
• Trusted location sharing through apps like Find My

These features work quietly in the background, allowing help to reach the right people quickly without requiring daily interaction.

4) Create simple check-in routines

Use apps, text reminders or calendar alerts that prompt regular check-ins. If a message goes unanswered, it creates a reason to follow up quickly instead of assuming everything is fine. Consistency matters more than complexity.

5) Use devices with passive safety monitoring

Some phones, wearables and home systems can detect changes in normal daily activity without requiring a button press. For example, smartphones and smartwatches can notice when movement patterns suddenly stop or change. If a device that usually moves every morning stays still for hours, that shift can trigger alerts or prompt a check-in from a caregiver. Smart home systems can also flag unusual inactivity. Motion sensors that normally register movement throughout the day may show a long gap, which can signal that something is wrong. Passive monitoring works in the background. It reduces the need for constant interaction while still creating early warning signs when routines break.

6) Know emergency contacts and escalation steps

Enable smart alerts from home security systems so that family members know when doors open late at night, remain open longer than normal or when systems are armed or disarmed. Fire and smoke listener alerts and bedside panic buttons add another layer of protection, especially overnight. Car apps can also share safety signals, such as when a vehicle is unlocked, a door or window is left open or when location sharing is enabled with trusted family members.

“No single device can protect someone on its own,” a law enforcement expert told CyberGuy. “What helps most is layering. A camera paired with a wearable. A phone paired with check-ins. Technology paired with human attention. Each layer adds context and reduces blind spots. Together, they create earlier warnings and faster responses when something goes wrong.”

Kurt’s key takeaways

The disappearance of Nancy Guthrie is heartbreaking. It also highlights how deeply modern technology is woven into everyday life. Digital data from phones, cellular networks, and cameras can offer valuable insights, but only when used responsibly and in compliance with privacy laws. As this investigation continues, technology may help law enforcement narrow timelines and test theories, even if it cannot answer every question. In cases like this, every detail matters.

As digital footprints grow more detailed, should tech companies give law enforcement broader access when someone goes missing? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter. 

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Copyright 2026 CyberGuy.com. All rights reserved.