Forbes has reported that Microsoft provided the FBI with encryption keys capable of unlocking user data stored in its cloud services. The revelation exposes a structural vulnerability in the cloud infrastructure that hundreds of millions of people and businesses rely on for privacy.

The implications are significant. If Microsoft holds keys that can decrypt user data and is willing — or compelled — to share them with law enforcement, then the encryption protecting that data is not end-to-end in any meaningful sense. It is encryption with a master key, and someone else holds the master key.

This is not a theoretical concern. It is a documented event. The FBI obtained decryption capability for data that users believed was protected.

Microsoft’s cloud services — Azure, OneDrive, Outlook, Teams — are used by individuals, businesses, hospitals, law firms, journalists, and governments worldwide. The assumption underlying that usage is that encrypted data is private. That assumption now requires reassessment.

No congressional hearing has been announced. No major tech outlet has run sustained follow-up coverage. The story appeared and disappeared within a single news cycle.

The pattern is consistent: revelations about surveillance capabilities generate brief attention, then fade. Meanwhile, the capabilities remain in place, the legal precedents accumulate, and the infrastructure of access grows quietly more comprehensive with each passing year.

Edward Snowden warned about exactly this dynamic over a decade ago. The mechanisms he described have not been dismantled. They have been refined.