Microsoft Copilot+ Recall feature ‘privacy nightmare’ – BBC News

Britain’s data watchdog says it is “inquiring with Microsoft” about a new feature that can take screenshots of your laptop every few seconds.

Microsoft says Recall, which stores encrypted snapshots locally on your computer, is exclusive to the upcoming Copilot+ PCs.

But the Information Commissioner’s Office (ICO) says it is contacting Microsoft for more information about the security of the product, which privacy campaigners have called a potential “privacy nightmare”.

Microsoft says Recall is an “optional experience” and is committed to privacy and security.

“Revocation data is only stored locally and cannot be accessed by Microsoft or anyone else without device access,” the company said in a statement.

And it said a potential hacker must gain physical access to your device, unlock it and log in before accessing saved screenshots.

But a spokesperson for the ICO said companies must “rigorously assess and mitigate the risks to people’s rights and freedoms” before launching new products.

“We are checking with Microsoft to understand the security measures in place to protect user privacy,” they said.

Recall has the ability to search through all users’ past activities, including files, photos, emails, and browsing history.

Many devices can already do this, but Recall also takes screenshots every few seconds and searches them as well.

“This could be a privacy nightmare,” said AI and privacy consultant Dr. Kris Shrishak.

“The mere act of taking screenshots while using the device can have a chilling effect on people.”

Microsoft says it has “built privacy into the design of Recall” from the start, and that users will have control over what is captured.

For example, users can opt out of logging certain websites, and private browsing in Microsoft’s own Edge browser won’t be logged.

“People may avoid visiting certain websites and accessing documents, especially confidential documents, when Microsoft takes screenshots every few seconds,” says Dr. Shrishak.

And Daniel Tozer, a data and privacy expert at Keystone Law, said the system reminded him of the dystopian Netflix show Black Mirror.

“Microsoft needs a legal basis to capture and display the user’s personal data,” he said.

“There could very well be information on the screen that is proprietary or confidential to the user’s employer; will the company be happy for Microsoft to include this?

And he asked how consent would work for people appearing on screen during a video call or photo.

“Are they going to get a choice as to whether they want to agree to that? User and access control will be a key area that Microsoft will undoubtedly focus on,” he said.

Meanwhile, Jen Caltrider, head of a privacy team at Mozilla, suggested the plans meant someone who knew your password would now have more granular access to your history.

“[This includes] court orders, or even from Microsoft if they change their mind about keeping all this content local and not using it for targeted advertising or training their AIs later,” she said.

According to Microsoft, Recall will not moderate or remove information from screenshots that contain passwords or financial account information.

“That data could be in snapshots stored on your device, especially when sites don’t follow standard internet protocols, such as entering cloak passwords,” says Ms. Caltrider.

“I wouldn’t want to use a computer running Recall to do something I wouldn’t do in front of a bus full of strangers.

“That means no more logging into financial accounts, looking up sensitive health information, asking embarrassing questions or even looking up information about a domestic violence shelter, reproductive health clinic or immigration attorney.”