The U.K.’s Information Commissioner’s Office (ICO) said it contacted Microsoft over privacy concerns with the company’s newly-announced Recall AI feature coming to Surface devices and other PCs in the new Copilot + PC category.

Per the BBC, the ICO said that companies “assess and mitigate risks to peoples’ rights and freedoms” before launching a new product. The ICO said it’s contacting Microsoft to better understand the safeguards the company put in place to protect user privacy.

Recall caused significant alarm with the privacy community, with people calling it a privacy nightmare, dystopian, and comparing it to a Black Mirror episode on social media. The feature uses AI to provide natural language search to help people find things on their PC, but it also regularly captures screenshots — as often as every five seconds — to power the search capability.

Microsoft stressed that Recall happens on device, and all the related data, like the screenshots it captures, are stored locally and encrypted. Moreover, the company said in an online FAQ about Recall that the feature doesn’t share captured content with other users or Microsoft and is not used to target advertisements.

“Microsoft built privacy in Recall’s design from the ground up,” the FAQ page reads.

Recall is only available on new Copilot + PC devices, which aren’t available to customers until June.

Recall offers controls to manage what it captures but may not go far enough

Pete Kyriacou, corporate VP and Surface product manager, demoed parts of Recall to MobileSyrup, including showing various controls used to manage what Recall can capture. Users can choose to entirely disable Recall or pause it temporarily as well as exclude certain apps from Recall so it can’t capture content from them. Users can also prevent Recall from accessing certain websites, though this feature is limited to Microsoft’s own Edge browser. Kyriacou suggested Microsoft was open to allowing third-party browsers to utilize that feature but that it was up to them to implement.

Recall also won’t take snapshots of certain types of content, such as DRM content or content from InPrivate web browsing sessions in Edge. However, Microsoft also noted that Recall doesn’t perform any content moderation, meaning it can potentially capture information like passwords or financial account numbers.

The feature includes options to control how much storage space it can use to store snapshots as well as options to delete stored snapshots. Users can access some Recall controls right from a button in the taskbar, as well as a shortcut to all of Recall’s settings.

But while there are some protections in place, there are still significant concerns about Recall capturing screenshots of what people are doing on their devices. The stored screenshots could be a veritable treasure trove of personal data that could be accessed if someone got hold of your PC. The BBC also raised concerns about the possibility of law enforcement accessing the screenshots and about Recall potentially capturing proprietary or confidential information from governments and employers. There are also possible consent issues — for example, if you video chat with someone, they might not consent to Recall capturing screenshots of the call.

Source: BBC

MobileSyrup may earn a commission from purchases made via our links, which helps fund the journalism we provide free on our website. These links do not influence our editorial content. Support us here.


Source link