2 min read Privacy

Total Recall - Copilot+ PC feature Recall

Microsoft's "Recall" feature on new Surface PCs aims to enhance memory by capturing screen snapshots. This raises questions about data privacy and access, especially in shared environments.
Total Recall - Copilot+ PC feature Recall
Photo by Agê Barros / Unsplash

Earlier this week, Microsoft unveiled its new PC lineup, featuring the Surface Laptop 7 and Surface Pro 11. A key highlight is the inclusion of dedicated NPUs (Neural Processing Units), enabling these devices to efficiently run SLMs (Small Language Models) and other AI models locally. Microsoft has dubbed this generation "Copilot+ PCs."

Microsoft Unveils New Surface Laptop 7 & Pro 11 with "Recall"

One feature that didn't initially catch my attention during the announcement is called "Recall." While initially intriguing in its potential to aid memory recall, this feature has sparked significant privacy concerns. I stumbled upon a YouTube video that vividly expressed these concerns.

"Recall" – What Is It and How Does It Work?

The video creator rightly points out the unsettling aspect of capturing and storing your screen every few seconds, a practice that could potentially infringe on your privacy.

The Privacy Concerns Surrounding "Recall"

Of course, I don't know precisely how "Recall" is implemented or where the data in the filesystem is stored. However, in enterprise environments, it's common for employee data to be stored on network storage or OneDrive for Business. Making it in theory accessible to other persons.

According to the Copilot+ PC features, additional data encryption is in place, but it doesn't describe whether the user can choose or influence this encryption.

Shop Copilot+ PCs | Microsoft
Shop the newest Windows Copilot+ PCs on the official Windows site.
WindowsMicrosoft

Copilot+ PC features describe current preview of "Recall"

Recall snapshots are kept on Copilot+ PCs themselves, on the local hard disk, and are protected using data encryption on your device and (if you have Windows 11 Pro or an enterprise Windows 11 SKU) BitLocker. Recall screenshots are only linked to a specific user profile and Recall does not share them with other users, make them available for Microsoft to view, or use them for targeting advertisements. Screenshots are only available to the person whose profile was used to sign in to the device. If two people share a device with different profiles they will not be able to access each other’s screenshots. If they use the same profile to sign-in to the device then they will share a screenshot history. Otherwise, Recall screenshots are not available to other users or accessed by other applications or services.

Bitlocker Recovery Keys are usually accessible to global administrators in enterprise environments, as they are commonly stored in EntraID for user support hotlines to retrieve them. The document merely mentions the separation of user accounts. More information must be provided on where the additional data besides the screenshots is stored. Is there a separate store per user, or is it machine-wide?

Conclusion: Balancing Innovation with Privacy

While "Recall" offers potential benefits for memory enhancement, the privacy implications cannot be ignored. Microsoft, as a responsible tech giant, needs to provide users with greater transparency and control regarding their data collection and storage. Furthermore, stricter opt-in policies should be implemented, especially for personal devices, and "Recall" should be disabled by default in work environments to safeguard user privacy.

Published by:

Dariusz Parys