Officials looking to Microsoft’s new AI ‘Recall’ feature as privacy experts sound alarm

Tool takes screenshots every few seconds to build a ‘photographic memory’ – which experts warn could be exploited by attackers

Andrew Griffin
Wednesday 22 May 2024 18:31 BST
Microsoft said the tool will be exclusive to new AI-powered Copilot+ PCs (Handout/PA)
Microsoft said the tool will be exclusive to new AI-powered Copilot+ PCs (Handout/PA) (PA Media)

UK officials are “making inquiries” into Microsoft’s latest AI feature, which collects records of everything people do.

The new tool, named Recall, takes screenshots of the screen every few seconds. Microsoft has said that it will be like having a “photographic memory” of everything that has been done on the device.

The company said that would be useful when combined with artificial intelligence, so that the computer can better know what its owner has done – and what they might want to do next.

But privacy experts have warned that the collection of screenshots could easily be exploited by attackers, who would be able to piece together all of the activity on a device.

Microsoft has said users have privacy control options around the tool – which will be exclusive to its new AI-powered Copilot+ PCs – that can limit the screenshots collected, but it has still raised privacy concerns.

The Information Commissioner’s Office (ICO) told the BBC that firms must “rigorously assess and mitigate risks to peoples’ rights and freedoms” before bringing new products to market.

The data protection regulator said it was “making inquiries with Microsoft to understand the safeguards in place to protect user privacy”.

“We expect organisations to be transparent with users about how their data is being used and only process personal data to the extent that it is necessary to achieve a specific purpose,” the ICO said. “Industry must consider data protection from the outset and rigorously assess and mitigate risks to peoples’ rights and freedoms before bringing products to market.

In its launch for Recall, Microsoft said Recall worked locally, with the AI-powered processing taking place on-device to boost security, and will not capture screenshots of private web browsing sessions.

In a blog post published when the feature was announced on Monday, Microsoft said: “Recall leverages your personal semantic index, built and stored entirely on your device.

“Your snapshots are yours; they stay locally on your PC. You can delete individual snapshots, adjust and delete ranges of time in Settings, or pause at any point right from the icon in the System Tray on your Taskbar.

“You can also filter apps and websites from ever being saved. You are always in control with privacy you can trust.”

But Jake Moore, global cybersecurity adviser at software security firm Eset, said the creation and storage of more private data through the feature could be an enticing prospect for cyber criminals.

“Enabling a feature which has the ability to capture screen data not only offers even more data to the company behind the software but also opens up another avenue for criminals to attack,” he said.

“Whilst this feature is not on by default, users should be mindful of allowing any content to be analysed by AI algorithms for a better experience.

“Although it may produce better results, there is a balance that must be kept regarding functionality versus privacy and so users must remain aware of the potential risks should any sensitive data ever become compromised.

“Creating and storing more private data seems unnecessary when cyber criminals continually look for any given vulnerability to exploit.”

Additional reporting by agencies

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in