Even after doing extensive research on the current status of encryption law, I am still somewhat confused. What's the current government strategy for overcoming the investigative barrier of encryption now that there's no backdoor requirement for even exported software? I'm pretty convinced that the FBI simply decided to rely on their ability to go in early, put in a key logger (or maybe send a trojan keylogger via email), and then grab the password that way. The introduction of thumbdrive-based keys makes that more difficult, because you could create your encryption key long before the FBI ever the probable cause necessary to get a warrant for your computer. You could also create the key on some other computer. You could even buy a $500 laptop that you keep in a safe-deposit box just for the purpose of creating keys. Also, who uses desktop computers anymore?
"We get questions from law enforcement organizations," he said. "They foresee that they will want to read BitLocker-encrypted data, and they want to be prepared. Like any security technology BitLocker has its avenues of attack and law enforcement should know about them. For example, if they search a house and find a computer, they should also take all USB thumb drives, as these might contain a BitLocker key."
One question that immediately occurs to me: what other means of attack were told to law enforcement agencies, because the availability of USB thumb drives seems particularly obvious to me.