The UK’s Information Commissioner’s Office (ICO) is investigating a novel feature from Microsoft that captures screenshots of users’ laptops every two seconds. This tool, named Recall, will be a standard part of new Microsoft laptops and is integrated into its advanced artificial intelligence (AI) program, Copilot+.
The functionality of Recall permits it to record a user’s digital activity comprehensively by taking quick-succession screenshots. This allows users to later review their actions and perform searches within them.
Conversely, concerns regarding security have prompted the ICO to remark: “We are making enquiries with Microsoft to understand the safeguards in place to protect user privacy.”
Microsoft portrays Recall as a mechanism designed to “help you easily find and remember things you’ve seen, using natural language,” capitalizing on AI and ‘photographic memory’ capabilities.
For instance, users who remember seeing an appealing brown leather bag during online shopping could later instruct Recall to show “brown leather bag,” directing them to their visual history including websites visited, as well as relevant pictures, documents, and files on their laptop.
The feature might even recommend specific actions based on the user’s search history. Nevertheless, a cyber security professional has identified the feature as a potential “grab and go” target for cybercriminals.
Muhammad Yahya Patel, lead security engineer at cyber security firm Check Point, argues that “with this feature, endpoints will become a more lucrative target, like a grab and go, but with Recall, they will have everything in a single location.”
More Sky News Stories:
GCHQ Chief Comments on China Impacting Internet Security
Cyber Theft: Compromised NHS Data Surface on Dark Web
Microsoft assures that Recall stores data locally on user devices, implying that Microsoft, or anyone without device access, cannot reach the stored files. This is in contrast to the risks of cloud storage where hackers could gain access remotely.
Still, the local storage of screenshots does not include censoring, hence sensitive data like passwords or medical records might be stored if visible during a screenshot. Consequently, if a user’s laptop is hacked, this could quickly lead to the exposure of sensitive data.
“Imagine the goldmine of information that will be stored on a machine, and what threat actors can do with it,” expressed Mr Patel.
Charlie Milton, vice president at cyber security firm Censornet, has indicated that this feature could facilitate personalised scams, enabling hackers to leverage insights into victims’ recent activities for deceitful purposes.
Microsoft claims that for hackers to exploit the saved screenshots, physical device access, and subsequent signing in would be required. The company has also outlined in a blog post that users retain control, able to delete snapshots, adjust settings, pause the function, and exclude certain apps or websites from recording.
FAQs About Microsoft’s AI-Powered Screenshot Feature
-
What is Microsoft’s new feature Recall?
Recall is a Microsoft feature that takes screenshots of a user’s laptop screen every two seconds to help them review and search through their visual and digital activity history. -
Why is the ICO investigating the Recall feature?
The ICO is investigating the Recall feature due to potential privacy concerns and the need to understand the safeguards Microsoft has in place to protect users’ personal information. -
How does Recall impact personal privacy?
Recall could potentially store sensitive personal data visible on the screen during a screenshot. If a laptop is compromised, this data could become accessible to unauthorized individuals. -
Where is the data from Recall stored?
According to Microsoft, the data collected by Recall is stored locally on the user’s laptop and not on cloud servers, nor is it accessible by Microsoft without device access. -
Can users control the Recall feature?
Users can control the Recall feature by deleting snapshots, adjusting settings, pausing the function, or excluding certain apps and websites from being recorded.
Conclusion
Careful scrutiny from the ICO indicates the significance of privacy concerns related to Microsoft’s innovative Recall feature. While Microsoft assures the data is saved locally, the lack of automatic censoring could still pose risks should a device fall victim to cybercriminals. User control over the feature adds a layer of security, but the extent to which privacy is preserved remains under examination. The tech community awaits further insights from the ICO’s findings as they explore the balance between innovative functionality and user privacy protections.