New Microsoft AI PC feature faces a privacy conundrum
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Annelise Capossela/Axios
A new memory-searching function in Microsoft's highly anticipated AI PCs is spurring concern among privacy-conscious executives and consumers.
Why it matters: Microsoft will have to address a growing list of questions about the functions of its new Recall feature in some Copilot+ PCs if it hopes to make the PCs a ubiquitous household and workplace device.
Driving the news: The U.K. Information Commissioner's Office has already contacted Microsoft about Recall's potential privacy issues, a spokesperson told the BBC this week.
Catch up quick: New Copilot+ PCs will come with a feature called Recall that lets users search through their past computer activity to help bring up any old files, photos, emails or browsing history.
- The information is stored locally on a user's PC, so intruders would need access to the physical device, as well as a stolen password, to successfully break in.
- AI PC owners can choose whether they want to participate in Recall, and participants can limit what screenshots Recall takes.
Cybersecurity experts warn that if a hacker can break into a PC, they could trick Recall into looking up users' sensitive information.
- A hacker could still use trojan malware to trick a device into giving them remote access to Recall, security expert Kevin Beaumont alleges on X.
- "Stuff may stay on your device, but that doesn't mean people can't get to it," Jen Golbeck, a professor focused on AI and data privacy at the University of Maryland, told CNN.
Between the lines: Recall poses unique challenges for enterprises that are looking to switch their workforce over to Microsoft's AI PCs.
- Recall can't detect when sensitive information is included in a screenshot, like a user's password or medical information.
- And it could pose a risk for employees who mix personal and corporate work on one computer. Confidential corporate data could end up in an employee's personal devices' Recall feature, for instance.
What they're saying: "The Recall stuff is not a good idea," Phil Libin, co-founder and former CEO of Evernote, told Axios. "And I think it's not a good idea across many dimensions, not just security. I think it's a very bad idea for security and privacy."
Yes, but: Yusuf Mehdi, who leads consumer marketing for Microsoft, told Axios that when he showed Recall to Microsoft's CISO, he was excited by the feature — noting it could help security teams figure out when and how malware may have infected someone's device.
What we're watching: Microsoft is rolling out the feature as it overhauls its internal cybersecurity strategy, which prioritizes security features over speedy product development.
- Microsoft president Brad Smith will testify before Congress about this plan and last summer's China breach next month.
