close
close

Officials eyeing Microsoft’s new ‘Recall’ AI feature, privacy experts sound alarm

Posted on by darion

British officials have “queried” Microsoft’s latest artificial intelligence feature, which collects records of everything people do.

A new tool called Recall takes screenshots every few seconds. Microsoft said it would be like having a “photographic memory” of everything you’ve done on the device.

The company said this would be useful in conjunction with artificial intelligence so that the computer could better understand what its owner has done and what it might want to do next.

However, privacy experts warn that the collection of screenshots could easily be exploited by attackers who could piece together all the activity on the device.

Microsoft says users have privacy controls in the tool – which will only be available on new AI-powered Copilot+ computers – which may limit the screenshots collected but still raises privacy concerns.

The Information Commissioner’s Office (ICO) told the BBC that companies must “rigorously assess and mitigate risks to people’s rights and freedoms” before bringing new products to market.

The data protection regulator said it was “engaging with Microsoft to understand the safeguards in place to protect user privacy.”

“We expect organizations to be transparent with users about how their data is used and to process personal data only to the extent necessary to achieve a specific purpose,” the ICO said. “The industry must consider data protection from the outset and rigorously assess and mitigate risks to people’s rights and freedoms before bringing products to market.

When introducing the Recall service, Microsoft stated that Recall runs locally, with AI-based processing performed on-device for enhanced security, and will not capture screenshots of private web browsing sessions.

In a blog post published on Monday after announcing the feature, Microsoft said: “Recall uses your personal semantic index, built and stored entirely on your device.

“Your snapshots are yours; they remain locally on your computer. You can delete individual snapshots, adjust and remove time ranges in Settings, or pause at any time directly via the tray icon in the taskbar.

“You can also filter apps and websites so they are never saved. You are always in control and you can trust your privacy.”

However, Jake Moore, global cybersecurity advisor at software security firm Eset, said creating and storing more private data using the feature could be a tempting prospect for cybercriminals.

“Enabling a feature that allows screen data capture not only gives the software company even more data, but also opens up another avenue for criminals to attack,” he said.

“While this feature is not enabled by default, users should remember to enable AI algorithms to analyze any content to provide a better experience.

“While this may produce better results, there is a balance between functionality and privacy, so users must be aware of the potential risks if any sensitive data is compromised.

“Creating and storing more private data seems unnecessary when cybercriminals are constantly looking for a security hole to exploit.”

Additional agency reports