Microsoft's Recall Technology Already Under Scrutiny by UK Security Watchdog

Microsoft's new Recall AI feature has drawn much attention because of its privacy implications. Now, at least one official agency, in the UK, has said it's already looking more closely into potential dangers this new technology poses to Windows users.

In theory, the Recall feature, currently available only for testing in the latest Copilot+ PCs ARM-powered laptops announced by Microsoft, is nothing if not helpful. Users can find anything on their PCs or usage history by querying a locally stored large-language model.

Recall takes periodic screenshots and stores them in an encrypted form. The LLM can look at the screenshots and determine their contents. Maybe you're looking for a particular email but can't remember who sent it, or you saw something online a couple of months ago but don't know where. Recall will give you the answer.

According to Microsoft, everything is stored locally, and nothing is sent to the cloud. Users can even choose to stop Recall from recording specific apps, and it should also ignore Incognito tabs from browsers.

The problem is that the technology might also capture stuff it shouldn't, like passwords, financial information, proprietary data or even the likeness of someone who didn't consent. It's even difficult to take into account all possible privacy issues, and criminals will likely find new ways of abusing the technology, including developing malware designed to exfiltrate Recall's stored data.

The UK Information Commissioner's Office (ICO) has already announced it will investigate Recall.

"We expect organisations to be transparent with users about how their data is being used and only process personal data to the extent that it is necessary to achieve a specific purpose," stated ICO in a communique. "Industry must consider data protection from the outset and rigorously assess and mitigate risks to peoples' rights and freedoms before bringing products to market. We are making enquiries with Microsoft to understand the safeguards in place to protect user privacy."

The product hasn't yet been released, and it's still being tested and evaluated by Microsoft as a potential technology for Windows. However, other regulators will likely look into Recall once it becomes commercially available.