Microsoft Copilot+ Recall Feature Labelled a ‘Privacy Nightmare’

The UK’s Information Commissioner’s Office (ICO) is investigating a new Microsoft feature that captures screenshots of your laptop every few seconds. Microsoft explains that Recall, which will store encrypted screenshots locally on your device, is exclusive to its upcoming Copilot+ PCs. Privacy advocates, however, have labeled the feature a potential “privacy nightmare.”

Microsoft maintains that Recall is an “optional experience” and emphasizes its commitment to privacy and security. Users have the option to control which snapshots Recall collects, and Microsoft asserts that the data is only stored locally, which is inaccessible to Microsoft or unauthorized users without device access. Accessing the screenshots would require physical access to the device and user authentication.

Despite these assurances, the ICO stresses that companies must “rigorously assess and mitigate risks to people’s rights and freedoms” before launching new products. The ICO is seeking further details from Microsoft regarding the privacy protections in place.

Recall can search through users’ past activities, including files, photos, emails, and browsing history. While many devices offer similar capabilities, Recall’s frequent screenshots add a new dimension. Dr. Kris Shrishak, an AI and privacy advisor, warns that this could have a “chilling effect” on users, deterring them from certain activities due to privacy concerns.

Microsoft claims to have integrated privacy into Recall’s design, allowing users to exclude specific websites and ensuring that private browsing in Edge is not captured. Nonetheless, Dr. Shrishak and other experts remain skeptical about the potential privacy implications.

Daniel Tozer, a data and privacy specialist at Keystone Law, likened the feature to the dystopian scenarios depicted in the Netflix series “Black Mirror.” He emphasized the need for Microsoft to establish a lawful basis for recording and displaying personal information and raised concerns about capturing proprietary or confidential data.

Additionally, the question of consent for individuals appearing on screen during video calls or in photos remains unresolved. Tozer highlighted the importance of user and access controls in addressing these issues.

Jen Caltrider, head of Mozilla’s privacy team, pointed out that anyone with your password could gain extensive access to your history. She also raised concerns about potential future changes in Microsoft’s policies, such as using the captured content for targeted advertising or AI training. Caltrider expressed a reluctance to use Recall for any activities she wouldn’t perform in front of a large audience, citing risks related to logging into financial accounts, searching for sensitive health information, or seeking confidential assistance.

Microsoft has stated that Recall will not filter out screenshots containing passwords or financial information, further fueling privacy concerns. The ICO’s inquiries aim to clarify the safeguards Microsoft has implemented to protect user privacy.