Microsoft Relaunches Controversial AI Snapshot Tool

Microsoft is to roll out a long-delayed AI-powered feature called Recall to CoPilot+ PCs in November after bringing in additional security measures, after the feature was called a potential “privacy nightmare”.

The company said it “listened to feedback” over the feature, which takes screenshots of users’ activity every few seconds and stores them to allow users to search through their past activity.

Microsoft announced Recall in May as a key selling point of its CoPilot+ PCs, and in June said it had made security improvements following scrutiny from the UK’s data protection regulator.

The Information Commissioner’s Office (ICO) said at the time it was “making enquiries” with Microsoft.

‘Series of changes’

It said it has now been informed of a “series of changes” and would be “continuing to assess Recall as Microsoft moves toward launch”.

But it chose not to launch Recall when CoPilot+ PCs went on sale in June, further delaying the feature to carry out more security testing.

Recall will now use Microsoft’s Purview software, an enterprise-level system designed to ensure Recall doesn’t save sensitive information such as passwords, national ID numbers or credit card numbers.

Purview contains a database that allows it to recognise such data and prevent the feature from capturing it.

Users will now be able to choose what kinds of screenshots Recal can take, such as telling it not to capture specific apps or web data or certain types of documents.

Opt-in

The software can recognise when users are using private or incognito browsing and stop capturing images of that activity.

Microsoft said it has conducted months of security reviews via its own Offensive Research and Security Engineering team and third-party experts.

As the company stated in June, users will now have to opt in to use Recall.

Originally the plan was to enable it by default for all CoPilot+ PCs, which use new chips from Qualcomm, AMD and Intel to carry out onboard AI tasks.

Users can also fully disable or uninstall the feature if they don’t want it on the system.

All snapshots will be encrypted and can only be accessed via Windows Hello, which requires biometric authentication such as a fingerprint reader or facial recognition.

Photographic memory

In May vice president Yusuf Mehdi compared Recall to photographic memory and said users could use AI “to make it possible to access virtually anything you have ever seen on your PC”.

Industry-watchers cautioned that this may take on another meaning where it comes not only to hackers, but also issues such as legal discovery, where corporate employees could be forced to give access to the data trove.