Updated: June 12, 2024 (June 3, 2024)
BlogCIO Talk: Should Microsoft Recall Be Recalled?
No more amount of digital ink has been spilled about any feature announced at Microsoft’s Build 2024 conference than Recall, which purports to record everything you do on your computer by taking screenshots every few seconds. Microsoft claims that Recall is a better AI-enabled (of course) way to search your computer, to find that great bon mot you used in an email a few days ago, or the name of that Korean restaurant someone recommended.
How It Works
Recall saves the screenshots it takes in a local, encrypted database, saving up to three months of data. According to Microsoft, specialized software called “screenray” and hardware called a Neural Processing Unit (NPU) – which requires PCs that aren’t yet available – then analyzes the image, extracts text, and creates a “semantic index” so that you can go back and find the name of that restaurant your friend was so excited about. What’s a “semantic index?” It seems to be a local LLM and vector database (perhaps leveraging Silica ) similar to what’s used by language models like Microsoft’s Phi3 and Meta’s Llama. Vector databases are useful for capturing relationships between words and thus can help infer meaning. (Creating a vector database is a math-intensive process, which explains the need for an NPU.) Users are presented with a conventional-looking search bar to query for results, which can be filtered by the application in which the terms were mentioned.
Wait—What?
Privacy and cybersecurity experts have raced to point out the dangers of Recall, some of which are real, and some perhaps overblown. Recall, according to Microsoft, does not capture Edge’s InPrivate or Chrome’s Incognito windows, or content protected by digital rights management (DRM). Users can pause and resume Recall (assuming they remember to do so) and can exclude apps from recording. Its database, as we mentioned, is encrypted, and Microsoft assures us that the content is never sent to the cloud. And there are, or will be, group policies and end-user options made available to turn it off.
Nevertheless, as any number of commentators have mentioned, Recall will record sensitive interactions – such as, for example, the browser screen from your bank, the Monday Night Football game you were furtively watching during a late meeting (who, me?), or other content you perhaps might not want captured. Whether or not Recall records passwords such that they can be extracted isn’t yet clear – but maybe, or maybe in some cases.
All this seems very scary indeed and I for one will waste no time turning Recall off.
Recall, Purview, and Compliance
There may be more to worry about. As IT and compliance administrators know, Microsoft has made huge, if quiet, investments in Purview, its family of regulatory compliance services. One of the services that has grown significantly over the past few years is a service called Insider Risk Management, which includes capabilities for compliance teams to manage and monitor employee activities: one called Communication Compliance can “watch” email and Teams conversations for offensive, illegal, or policy-violating talk. An add-on called Forensic Evidence can literally watch, in real time, what an employee is doing, in order to collect evidence for an investigation. Sound familiar?
Perhaps, in fact, compliance administrators will have the ability to override the group policy or end user setting and remotely turn on Recall without the user’s knowledge! Indeed, it’s hard to imagine that the data Recall collects will be immune to eDiscovery requests from lawful authorities, which means that Microsoft will find itself in the unenviable position of having to decrypt, or provide keys, to the database – again, with or without the user’s and/or organization’s knowledge.
Worse, it’s even harder to imagine that bad guys, such as well-funded and well-trained foreign actors, won’t expend a ton of energy working to break the code. Will they be successful? Who knows, but Recall has presented them with yet another target.
Finally: Why?
It’s hard to deny, at least on the surface, that Recall’s a cool-looking feature.
But I have to ask: why? As I wrote a year or so ago in a post called “Has Microsoft Forgotten About Windows?” Microsoft has neglected what was once its prize offering. Instead of introducing a new privacy worry, the company could have fixed Windows Search, for example (I still can’t understand why Google, which searches orders of magnitude more content than is on my PC, is orders of magnitude faster than Windows Search.)
Even worse: the UI for Recall would be dandy for a first-class, local Windows Backup a la the Mac’s wonderful Time Machine.
Of course, we all know why. AI rules these days, it’s driving Microsoft’s stock price, not to mention those of all the tech vendors. Not only that, Recall gives Microsoft (and Qualcomm) a justification for a whole new chip – the NPU – in the new Copilot+ PCs.
Does any of this add real value for users or enterprises?
Color me skeptical.
What do you think? Is Recall valuable or a huge risk? Drop me a line at bbriggs@directionsonmicrosoft.com.
UPDATE (June 12): Since this blog post was first published, Microsoft has reconsidered Recall. While not exactly “recalling” it, the company has chosen to make the feature “opt-in” rather than on by default on Copilot+ PCs. An extensive blog post by Pavan Davaluri, CVP for Windows + Devices, dives deep into the additional safeguards and guardrails being implemented. Are they enough? What do you think?
Related Resources
Accelerating ML: CPU, GPU, TPU, NPU, and Oh, My (Directions members only)
Purview’s Insider Risk Management Expands Reach, Simplifies (Directions members only)
Big Brother Is Watching: Communication Compliance Updates (Directions members only)
The Future of Purview eDiscovery Is Premium (Directions members only)
