image source, Microsoft handouts provided by PA
- author, Imran Rahman Jones
- role, technology reporter
The UK data watchdog said it was “enquiring about” the new feature, which allows users to take screenshots of their laptops every few seconds.
Microsoft says Recall, which stores encrypted snapshots locally on your computer, is exclusive to the upcoming Copilot+ PC.
However, the Information Commissioner's Office (ICO) said it was contacting Microsoft for more information about the product's safety, in what privacy activists are calling a potential “privacy nightmare.”
Microsoft says Recall is an “optional experience” and is committed to privacy and security.
“Recall data is stored only locally and is not accessed by Microsoft or anyone without access to the device,” the company said in a statement.
It also states that hackers would need to have physical access to the device, unlock it, and sign in to access the saved screenshots.
But an ICO spokesperson said companies must “rigorously assess and mitigate the risks to people's rights and freedoms” before bringing new products to market.
“We are reaching out to Microsoft to understand the safeguards in place to protect user privacy,” they said.
“Horrifying”
Recall has the ability to search all users' past activity, including files, photos, emails, and browsing history.
Many devices can already do this, but Recall takes screenshots every few seconds and searches for them as well.
“This could be a privacy nightmare,” said AI and privacy advisor Dr Chris Shlishak.
“The mere fact that a screenshot is taken while using a device can be frightening to people.”
Microsoft says it “built privacy into Recall's design” from the beginning, giving users control over what is captured.
For example, users can opt out of capturing certain websites, and private browsing in Microsoft's own Edge browser will not be captured.
“If Microsoft is taking screenshots every few seconds, people may avoid visiting certain websites or accessing documents, especially sensitive documents,” Dr. Shrishak said.
Daniel Tozer, a data and privacy expert at Keystone Law Firm, also said the system reminded him of the dystopian Netflix show “Black Mirror.”
“There needs to be a legal basis for Microsoft to record and undisplay users' personal information,” he said.
“There may be proprietary or confidential information of the user's employer on the screen, but will the company be happy with Microsoft recording this?
He then asked how consent would work for people on screen in video calls and photos.
“Will they be given a choice whether or not to agree to that? User and access control will definitely be a key issue for Microsoft to focus on,” he said.
Password screen captured
Meanwhile, Jen Kaltrider, who leads the privacy team at Mozilla, suggested that the plan would give someone who knows your password access to even more details of your history.
”[This includes] “We need a court order from law enforcement, or even an order from Microsoft, if we change our mind about storing all this content locally and not using it for targeted advertising or AI training.” said.
According to Microsoft, Recall does not control or remove information from screenshots, including passwords or financial account information.
“Especially if the site does not follow standard internet protocols such as password cloaking, that data may be included in snapshots stored on the device,” Kaltrider said.
“I don't want to use a computer running Recall to do something I wouldn't do in front of a stranger on a bus.
“That means no more logging into financial accounts, digging up sensitive health information, asking embarrassing questions, or finding out information about domestic violence shelters, reproductive health clinics, or immigration attorneys. ”