Total recall: Microsoft feature for computers sparks privacy debate

Recall on Copilot Plus computers will memorise and save everything that's on a PC user's screen

Artificial intelligence (AI) technologies that the world is excited about are “reliant on mass surveillance”, said Meredith Whittaker, the top executive of encrypted messaging platform Signal, recently.

At a startup conference in Europe, Whittaker cautioned against blind enthusiasm and said concerns about surveillance and AI were "two framings of the same thing".

Surveillance and AI made headlines when, at the Microsoft Build 2024 event, the global technology giant introduced a new range of AI-powered personal computers called the Copilot Plus PC with a feature called ‘Recall’.

Recall’s “photographic memory” will allow users to remember things that they viewed on their computers while navigating different apps, websites or documents, according to Microsoft Chief Executive Officer Satya Nadella. 

It will essentially take screenshots of everything that's on a user's screen and then with the power of Generative AI – the core of AI – will help navigate the items that she may be looking for. Recall can search Copilot Plus users' past activity, including files, photos, emails and internet browsing history. The feature is on by default in PCs and users may switch it off from ‘settings’.  Old screenshots will be replaced by new ones in a PC’s memory.

Microsoft dream

“One of the dreams we've always had is how do we introduce photographic memory into what you do on the PC and now we have it. So it's called Recall, not ‘keyword search’, right. It's a semantic search over all your history. And it's not just about any document, we can recreate moments from the past,” Nadella told the Wall Street Journal.

Recall saves all screenshots directly on a user’s laptop and no personal data is sent to the Cloud, according to Microsoft.

Technology experts want more reassurance and warn that a likely risk is developers outside the Microsoft system getting access to Windows Semantic Index, which holds user data for Recall.

“Recall is connected to a new Windows Semantic Index, which resides only on the PC and the data is not connected to the Cloud. However, Microsoft has indicated that there could be ways for software developers to have access to portions of the Windows Semantic Index, which could introduce privacy and security concerns,” said Jason Wong, distinguished vice-president, analyst, Gartner.

Business Standard has reached out to Microsoft for comments on Recall’s possible privacy risks, but did not receive a response till the time of going to press.

Elon Musk, the billionaire owner of X, compared Recall to an episode of Netflix series Black Mirror and said he is “definitely turning this “feature off”.

Microsoft said on its website that Recall “will not hide information such as passwords or financial account numbers. That data may be in snapshots that are stored on your device, especially when sites do not follow standard internet protocols like cloaking password entry.” Users may disable Recall entirely or block it from tracking specific apps or websites.

Privacy concerns 

The risk of data leakage, therefore, however unintentional, cannot be entirely dismissed, said experts. “While promising in terms of user experience, Recall raises valid privacy concerns due to its continuous capture of screen snapshots and subsequent analysis,” said Pavan Karthick, threat intelligence researcher at CloudSEK, a cybersecurity research firm.

With Recall “a chief executive officer’s laptop could become an even more enticing target for hackers equipped with infostealers,” said cybersecurity researcher David Ruiz in a blog post on Malwarebytes, a cybersecurity company.

“A journalist’s protected sources could be within closer grasp of an oppressive government that isn’t afraid to target dissidents with malware, and entire identities could be abused and impersonated,” said Ruiz.

The United Kingdom’s Information Commissioner's Office is investigating the feature and “making enquiries with Microsoft to understand the safeguards in place to protect user privacy”.

“Microsoft has indicated there will be ways to restrict certain actions from being recorded, but this is going to be an emerging area of debate within organisations and regulators. Unless there is a clear business benefit to Recall for certain employee roles, organisations and employees will likely turn it off or restrict tracking to only certain applications,” said Wong.

“As AI becomes more embedded into applications and the devices that we use, it’s clear that providers like Microsoft need to be clear and transparent on their policies in terms of data retention, access and sharing,” he said.