Microsoft Adjusts Recall Feature: Opt-In and Enhanced with Double Encryption Following Privacy Concerns

Microsoft Adjusts Recall Feature: Opt-In and Enhanced with Double Encryption Following Privacy Concerns

Join our newsletters for the latest updates and exclusive content on leading AI industry news.

Microsoft has announced significant changes to its new AI-powered Recall feature for the Copilot+ PCs, following strong criticism from security experts over potential privacy risks. The company plans to make Recall an opt-in feature, require biometric authentication for accessing saved data, and introduce more encryption layers.

Recall, introduced last month, was promoted as a revolutionary tool that would automatically capture screenshots while users worked, allowing them to search their activity history using natural language. However, security experts quickly flagged the feature for potential privacy and security issues due to its extensive data collection and inadequate protections.

In response, Pavan Davuluri, Microsoft’s Corporate Vice President for Windows + Devices, admitted the need to enhance safeguards based on the feedback. The updates, slated for implementation before Recall’s public release on June 18, include:

– Making Recall an opt-in feature during PC setup, deactivated by default.
– Requiring Windows Hello biometric authentication and “proof of presence” to access and search Recall’s timeline.
– Adding “just in time” decryption for the Recall database, secured by Windows Hello Enhanced Sign-in Security (ESS).
– Encrypting the search index database.

The added encryption will make it significantly more difficult for unauthorized users to access sensitive data, as only users authenticated through their biometrics can decrypt the stored screenshots.

Critics, including cybersecurity firms and privacy advocates, argued that storing and processing screen captures could make Recall a target for malicious actors. A BBC report highlighted vulnerabilities that could allow access to sensitive information without proper user consent.

Microsoft responded with a blog post explaining their decision to make Recall an opt-in feature during its preview phase, emphasizing the importance of privacy and security. While some industry analysts praised Microsoft for their quick action in response to user feedback, others expressed disappointment, anticipating the convenience that Recall promised.

Microsoft is committed to reviewing and improving Recall’s security measures. The company plans to conduct extensive testing with select users who opt into the preview to gather more data and refine the feature’s security framework.

This situation highlights the balance tech companies must strike between innovation and user privacy and security. The role of public and expert scrutiny is becoming increasingly crucial in shaping the development and use of new technologies. As Microsoft addresses these challenges, the tech community will closely monitor the evolution of Recall and its implications for future AI integrations in consumer technology.