Microsoft Copilot+ withdrawal feature is a ‘privacy nightmare’

Image source, Microsoft brochure provided by PA

Screenshot, Microsoft boss Satya Nadella at the launch of AI assistant Copilot+

  • Author, Imran Rahman-Jones
  • Role, technology reporter

The UK’s data watchdog says it is “consulting with Microsoft” about a new feature that can take screenshots of your laptop every few seconds.

Microsoft says Recall, which will store encrypted snapshots locally on your computer, is exclusive to its upcoming Copilot+ PCs.

But the Information Commissioner’s Office (ICO) says it is contacting Microsoft for more information about the security of the product, which privacy advocates have called a potential “privacy nightmare.”

Microsoft says Recall is an “optional experience” and is committed to privacy and security.

“Recovery data is only stored locally and is not accessed by Microsoft or anyone who does not have access to the device,” the company said in a statement.

And it said that a potential hacker would need to gain physical access to your device, unlock it and log in before being able to access saved screenshots.

But an ICO spokesperson said companies must “rigorously assess and mitigate the risks to people’s rights and freedoms” before bringing any new products to the market.

“We are consulting with Microsoft to understand the safeguards put in place to protect user privacy,” they said.

‘Creepy’

Recall has the ability to search all users’ past activity, including files, photos, emails, and browsing history.

Many devices can already do this, but Recall also takes screenshots every few seconds and searches them as well.

“This could be a privacy nightmare,” said Dr. Kris Shrishak, an artificial intelligence and privacy consultant.

“The mere fact that screenshots are taken while using the device could have a chilling effect on people.”

Microsoft says it “built privacy into the design of Recall” from the beginning, and that users will have control over what is captured.

For example, users can choose not to capture certain websites and private browsing will not be captured in Microsoft’s Edge browser.

“People can avoid visiting certain websites and accessing documents, especially sensitive documents, when Microsoft takes screenshots every few seconds,” Dr. Shrishak said.

And Daniel Tozer, a data and privacy expert at Keystone Law, said the system reminded him of Netflix’s dystopian show Black Mirror.

“Microsoft will need a legal basis to record and redisplay user personal information,” he said.

“There may well be information on the screen that is proprietary or confidential to the user’s employer; will the company be happy for Microsoft to record this?

And he asked how consent would work for people appearing on screen in a video call or in a photo.

“Will they be given the option to consent to that? User and access controls will be a key issue that Microsoft will certainly focus on,” he said.

Screenshot Passwords

Meanwhile, Jen Caltrider, who heads a privacy team at Mozilla, suggested the plans meant someone who knew your password could now access your history in more detail.

“(This includes) court orders from law enforcement, or even from Microsoft if they change their mind about keeping all this content local and not using it for targeted advertising or training their AIs in the future,” he said.

According to Microsoft, Recall will not moderate or remove information from screenshots that contain passwords or financial account information.

“That data may be in snapshots that are stored on your device, especially when sites don’t follow standard Internet protocols, such as surreptitious password entry,” Ms. Caltrider said.

“I wouldn’t want to use a computer with Recall to do something I wouldn’t do in front of a bus full of strangers.

“That means not having to log into financial accounts, search for sensitive health information, ask embarrassing questions, or even search for information about a domestic violence shelter, reproductive health clinic, or immigration attorney.”