ADVERTISEMENT

Technology

Microsoft’s Maligned AI-Enabled ‘Recall’ Gets a Security Reboot

Gil Luria, Senior Software Analyst, D.A. Davidson, joins BNN Bloomberg and talks about how Microsoft's AI lead diminished.

(Bloomberg) -- Microsoft Corp. has announced upgrades for Recall, an artificial intelligence feature that creates a record of everything users do on their PCs, following criticism that the tool created an attractive target for hackers.

In an interview Thursday, David Weston, a vice president for enterprise and operating system security, said the company heard the critiques “loud and clear” and set about devising layers of security safeguards for Recall designed to thwart even the world’s most sophisticated hackers.

In the soon-to-be-released version, users will be able to filter out specific apps or websites. Sensitive content filtering — which looks for such things as Social Security numbers or credit card numbers — will be on by default. In-private browsing in supported applications won’t saved, Weston said.

Users can only enable Recall and use it by authenticating themselves using biometric features such as facial recognition or a fingerprint. Data collected by Recall will be stored in an isolated environment, and only information requested by a user will leave that secure space.

Microsoft says Recall is intended to serve as “an explorable timeline of your PC’s past,” making it easier to sort through it and search. The technology takes periodic snapshots of a computer screen that are stored and analyzed.

Soon after Recall was announced in May, security researchers warned that bad actors could access and scoop up records gathered by the tool and stored locally on a user’s PC. Those criticisms came as Microsoft was already combating criticism of its internal security practices following a number of high-profile hacks. 

In June, Microsoft said recall would be shipped in the “off” position on its line of AI-branded PCs. That will continue, with users being required to opt-in to use Recall.

In the new version of Recall, sensitive data is encrypted with keys and isolated on a user’s machine, so that even if a computer is infected with malware or stolen, a bad actor won’t be able to access it, Weston said. A biometric match is required to decrypt the data, he said.

Recall will also time out if it’s not being used — the default is 15 minutes — but can be adjusted. “We want people to have it when they need it but not have it hanging around,” he said.

The revised product will be available to consumers in a beta version next month. Recall only operates on Copilot+ PCs, a new class of Windows 11 machines. However, the upgraded Recall won’t be automatically installed on business versions of those PCs, though companies can download it, Weston said. 

©2024 Bloomberg L.P.