Microsoft has announced that it will postpone the release of its highly anticipated Recall feature, an AI-powered tool designed to track computer usage, due to mounting security concerns. The tech giant had initially planned to roll out Recall with its new Copilot+ PCs on June 18, but will now preview the feature with a smaller group of users through the Windows Insider Program (WIP) in the coming weeks.
The decision to delay the release of Recall comes in response to privacy risks and security vulnerabilities identified by industry experts and users alike. The feature, which tracks web browsing, voice chats, and other activities to create a searchable history stored on the user's computer, has sparked controversy since its announcement last month.
In a blog post on Thursday, Microsoft stated, “Recall will now shift from a preview experience broadly available for Copilot+ PCs on June 18, 2024, to a preview available first in the Windows Insider Program (WIP) in the coming weeks. Following receiving feedback on Recall from our Windows Insider Community, as we typically do, we plan to make Recall (preview) available for all Copilot+ PCs coming soon.”
Copilot+ PCs, unveiled in May, are a new category of personal computers equipped with advanced artificial intelligence (AI) capabilities. The Windows Insider Program (WIP) is a public software testing platform that allows millions of Windows enthusiasts to preview and provide feedback on upcoming features for the operating system.
The company emphasized that the decision is “rooted in our commitment to providing a trusted, secure and robust experience for all customers and to seek additional feedback prior to making the feature available to all Copilot+ PC users.”
Cybersecurity experts have raised alarms about the potential risks associated with Recall, warning that the feature could be exploited by hackers to steal sensitive information. Kevin Beaumont, a security researcher and former senior threat intelligence analyst at Microsoft, labeled Recall a potential “disaster” for cybersecurity, noting that the feature stores data in a plain text database that could be easily accessed by attackers using malware.
Beaumont explained that Recall takes screenshots every few seconds, which are then automatically processed by Azure AI on the user's device and stored in an SQLite database. This database file, he cautioned, could simplify the process for malware and attackers to steal sensitive information.
Privacy advocates have also expressed concerns over the setup process for Recall, which was initially designed to be enabled by default on Copilot+ PCs. Microsoft has since announced that it will make Recall an opt-in feature, requiring users to actively choose to enable the tool.
In addition to making Recall opt-in, Microsoft has outlined several security enhancements for the feature, including “just in time” decryption protected by Windows Hello Enhanced Sign-in Security (ESS), which ensures that Recall snapshots can only be accessed when the user authenticates their identity. The company has also encrypted the search index database associated with Recall.
Despite these measures, concerns persist about the potential for Recall to be exploited by threat actors. Simon Pardo, director of technology specialist Computer Care, called the feature “a concerning development, particularly from a security standpoint,” noting that it “creates a single point of failure that could be catastrophic for businesses.“
The delay in releasing Recall comes amid heightened scrutiny of Microsoft's security practices. The company's President, Brad Smith, recently testified before the U.S. House Committee on Homeland Security, addressing criticism of Microsoft's handling of a cyberattack by China-sponsored hackers on U.S. government email accounts.
As part of its Secure Future Initiative, Microsoft has pledged to prioritize security over new AI-powered features and has tied executive bonuses and employee performance reviews to meeting security goals.
Industry experts believe that the postponement of Recall's broad release is a necessary step to ensure the long-term success and trustworthiness of AI-powered tool. As enterprises increasingly look to leverage AI for productivity gains and competitive advantages, the responsible development and deployment of these technologies will be critical.
Microsoft has not provided a specific timeline for when Recall will be made available to all Copilot+ PC users, stating only that it will happen “soon” after gathering feedback from the Windows Insider Program. The company plans to publish a blog post with details on how to access the Recall preview once it becomes available to Windows Insiders.
The delay in releasing Recall highlights the growing challenges faced by tech companies as they navigate the rapid advancement of AI technologies while addressing concerns over privacy, security, and responsible deployment. As Microsoft works to refine Recall and ensure its security, the industry will be watching closely to see how the company balances innovation with the need to protect users' data and maintain trust in an increasingly AI-driven world.
