Microsoft Puts Recall on Hold

Microsoft has announced a delay in the rollout of its controversial AI-powered Recall feature for Copilot+ PCs. The feature was supposed to be released on June 18, 2024, but met serious backlash from security and privacy experts. 

The Recall Feature and Its Controversy

Recall is a new AI-powered feature designed by Microsoft to enhance user productivity. It captures screenshots of users’ PC activities and turns them into a searchable database. This new feature was developed to help users easily find and retrieve information they have seen before on their devices.

Microsoft assured the public that all data would be stored and processed locally to mitigate privacy concerns, but many were not convinced. They warned that the feature could inadvertently capture sensitive information such as passwords and financial data.

Adjustments and Enhanced Security Measures

In response to the uproar, Microsoft has decided to make Recall an opt-in feature rather than enabling it by default. Additionally, several security measures have been introduced:

• Windows Hello Authentication: Users must authenticate via Windows Hello to access the captured content.
• Just-in-Time Decryption: Screenshots will only be decrypted and accessible when the user authenticates, enhancing the security of stored data.

Delayed Rollout and Community Feedback

Microsoft emphasized its commitment to refining the Recall feature by leveraging the Windows Insider community. “We are adjusting the release model for Recall to leverage the expertise of the Windows Insider community to ensure the experience meets our high standards for quality and security,” the company stated. This approach aims to gather feedback and ensure a robust and secure user experience before making Recall broadly available to all Copilot+ PC users.

Context of Microsoft’s Security Challenges

The delay follows Microsoft President Brad Smith’s testimony before the House Homeland Security Committee on June 13, 2024. Smith acknowledged Microsoft’s responsibility for past security lapses and outlined the company’s commitment to prioritizing cybersecurity. He emphasized that addressing security issues is “more important even than the company’s work on artificial intelligence.”

Smith’s testimony comes in the wake of high-profile breaches by state hackers from China and Russia, highlighting the growing threats in the cybersecurity landscape. He noted that Microsoft is taking comprehensive steps to improve its security posture, including the implementation of the Secure Future Initiative (SFI). This initiative focuses on three core cybersecurity tenets: Secure by Design, Secure by Default, and Secure Operations.

The post Microsoft Puts Recall on Hold appeared first on Centraleyes.

*** This is a Security Bloggers Network syndicated blog from Centraleyes authored by Rebecca Kappel. Read the original post at: https://www.centraleyes.com/microsoft-puts-recall-on-hold/