Microsoft Copilot+ Recall feature ‘privacy nightmare’

A UK data watchdog says it is “inquiring with Microsoft” about a new feature that can take screenshots of your laptop every few seconds.

Microsoft says that Recall, which will store encrypted images locally on your computer, is exclusive to its upcoming Copilot+ computers.

However, the Information Commissioner’s Office (ICO) says it is contacting Microsoft for more information about the security of the product, which privacy campaigners have described as a potential “privacy nightmare”.

Microsoft says Recall is an “optional experience” and is committed to privacy and security.

“Download data is only stored locally and cannot be accessed by Microsoft or anyone who does not have access to the device,” the company said in a statement.

And he said a would-be hacker would need to gain physical access to your device, unlock it and log in before they could access the saved screenshots.

But an ICO spokesman said firms must “rigorously assess and mitigate risks to people’s rights and freedoms” before bringing any new products to market.

“We are inquiring with Microsoft to understand security measures to protect user privacy,” they said.

Recall has the ability to search all past user activity including files, photos, emails and browsing history.

Many devices can already do this – but Recall also takes screenshots every few seconds and scans them too.

“This could be a privacy nightmare,” said Dr Kris Shrishak, an AI and privacy consultant.

“The mere fact that screenshots will be taken while using the device can have a chilling effect on people.”

Microsoft says it “built privacy into the design of Recall” from the start, and users will have control over what is captured.

For example, users can opt out of certain web pages being captured and private browsing in Microsoft’s own Edge browser will not be captured.

“People can avoid visiting certain websites and accessing documents, especially confidential documents, when Microsoft takes screenshots every few seconds,” said Dr. Shrishak.

And Daniel Tozer, a data and privacy expert at Keystone Law, said the system reminded him of the dystopian Netflix program Black Mirror.

“Microsoft will need a legal basis for recording and re-displaying a user’s personal data,” he said.

“The screen may contain information that is proprietary or confidential to the user’s employer; will the company be happy if Microsoft notes this?

And he asked how consent would work for people who appear on the screen in a video call or photo.

“Will they be given a choice as to whether they agree to it? User and access controls will be a key issue that Microsoft will undoubtedly focus on,” he said.

Meanwhile, Jen Caltrider, who leads Mozilla’s privacy team, suggested the plans mean someone who knows your password can now gain more detailed access to your history.

“[This includes] law enforcement orders or even from Microsoft if they change their minds about keeping all this content local and not using it for targeted advertising or training their AIs,” she said.

According to Microsoft, Recall will not moderate or remove information from screenshots that contain passwords or financial account information.

“This data can be in images that are stored on your device, especially when sites do not follow standard internet protocols such as entering a masking password,” Ms Caltrider said.

“I wouldn’t want to use a computer running Recall for anything I wouldn’t do in front of a bus full of strangers.

“This means no more logging into financial accounts, looking up sensitive health information, asking embarrassing questions, or even searching for information about a domestic violence shelter, reproductive health clinic, or immigration attorney.”