The News: Microsoft introduces Recall, a new feature announced as part of Copilot+ PC that aims to help users search through their PC activity, creating a wave of privacy concerns. Microsoft Support includes a guide to ensuring privacy and control over the recall experience. Find out more here.
Microsoft Recall: A Shrewd Move or Big Brother in Your PC?
Analyst Take: Microsoft’s introduction of its Recall feature, which functions by taking screenshots of the user’s screen at regular intervals to create a local, searchable record of user activity on the device, sparks a newfound debate regarding data privacy in the context of artificial intelligence (AI) apps.
Like most Copilot-like AI assistant tools, Recall can potentially enhance productivity for users by allowing them to find anything quickly, facilitating the ability to search for a specific document simply by recalling a keyword or a phrase and eliminating the time and frustration of digging through folders and file names. For more visually oriented workers, the screenshot-based approach provides further assistance by helping them to quickly locate specific tasks or projects by recalling the visuals on screen.
At the same time, however, it introduces a number of privacy and security considerations. While the data is stored locally and encrypted at rest, industry researchers are concerned about the potential for hackers to access the data on a compromised Copilot+ PC, or as a result of misuse or accidental exposure resulting from user error. Recall can be disabled but is by default enabled, likely resulting in Recall operating on a vast majority of Copilot+ PCs.
In sum, Recall, like many AI applications, is potentially a double-edged sword – a promising feature, but requires gaining of trust among users and a cautious approach when it comes to adoption. Microsoft Recall boasts undeniable potential for boosting productivity and accessibility – especially when we consider the potential for integration with Office 365. However, the privacy concerns cannot be ignored, and will require robust security measures and a commitment to user control.
Given that the Recall security and privacy controversy will not cool down anytime soon, it is possible that security concerns will tarnish or possibly slow the rollout of new Copilot+ PCs. An ongoing emphasis on clear communication and documentation of best practices for data privacy from Microsoft will be required to avoid this. To avoid this, Microsoft will need to put an ongoing emphasis on clear communication and documentation of best practices for data privacy.
It is important that businesses are aware and monitor this issue, as Recall presents data exposure and data loss risks when personal or unmanaged Copilot+ PCs are used in BYOD (bring your own device) and remote/work-at-home scenarios.
Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.
Other Insights from The Futurum Group:
Security Above All Else – Six Five on the Road
Microsoft and the Future of Security – The Six Five On The Road
Image Credit: Microsoft
Author Information
With a focus on data security, protection, and management, Krista has a particular focus on how these strategies play out in multi-cloud environments. She brings approximately 15 years of experience providing research and advisory services and creating thought leadership content. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.
Prior to joining The Futurum Group, Krista led the data protection practice for Evaluator Group and the data center practice of analyst firm Technology Business Research. She also created articles, product analyses, and blogs on all things storage and data protection and management for analyst firm Storage Switzerland and led market intelligence initiatives for media company TechTarget.
Mitch Ashley is VP and Practice Lead of DevOps and Application Development for The Futurum Group. Mitch has over 30+ years of experience as an entrepreneur, industry analyst, product development, and IT leader, with expertise in software engineering, cybersecurity, DevOps, DevSecOps, cloud, and AI. As an entrepreneur, CTO, CIO, and head of engineering, Mitch led the creation of award-winning cybersecurity products utilized in the private and public sectors, including the U.S. Department of Defense and all military branches. Mitch also led managed PKI services for broadband, Wi-Fi, IoT, energy management and 5G industries, product certification test labs, an online SaaS (93m transactions annually), and the development of video-on-demand and Internet cable services, and a national broadband network.
Mitch shares his experiences as an analyst, keynote and conference speaker, panelist, host, moderator, and expert interviewer discussing CIO/CTO leadership, product and software development, DevOps, DevSecOps, containerization, container orchestration, AI/ML/GenAI, platform engineering, SRE, and cybersecurity. He publishes his research on FuturumGroup.com and TechstrongResearch.com/resources. He hosts multiple award-winning video and podcast series, including DevOps Unbound, CISO Talk, and Techstrong Gang.