Asked to explore data privacy issues arising from Microsoft Recall, the Windows manufacturer’s ill-received self-monitoring tool, Jaime Teevan, principal scientist and technical associate at Microsoft Research, brushed aside concerns.
Teevan was speaking Wednesday with Erik Brynjolfsson, director of Stanford’s Digital Economy Lab, at the US university’s Institute for Human-Centered Artificial Intelligence’s fifth anniversary conference.
Brynjolfsson said when Recall was announced, there was “kind of a backlash against all the privacy challenges around that. So you talk about the pros and cons of using all that data and some of the risks it creates and also some of the opportunities.”
This was definitely a popular topic.
We are certainly rethinking what data means and how we use it, how we value it, how it is used
“Yeah, and so that’s a great question, Erik,” Teevan said. “That’s also come up throughout the morning — the importance of data. And this AI revolution that we’re in right now is really changing the way we understand data.”
She continued, “Microsoft generally helps large enterprises manage their data, create data, share data, and that data is really something that makes the business work differently in the context of generative AI.
“And as individuals as well, we have important data, data that we interact with all the time, and there’s an opportunity to start thinking about how to do that and to start thinking about what it means to be in able to grasp and use it. But of course we’re rethinking what data means and how we use it, how we value it, how it’s used.”
registry noted when Recall was introduced at Microsoft Build last month that the software — which builds an archive of screenshots taken every few seconds and records user activities so past actions can be recalled — poses a risk considerable privacy. As recently described by author Charlie Stross, it’s “the product no one wanted” and “a complete privacy show.”
Undaunted by Teevan’s unwillingness to admit why Recall struck a nerve, Brynjolfsson probed further.
“Is it kept in place?” he asked. “So suppose I turn on Recall, and I don’t know if I can, but when you have something like that available, I’d be worried about all my personal files going up to the cloud, Microsoft or whatever. Do you have it held in place?”
Teevan replied, “Yeah, yeah, so that’s a fundamental thing that we as a company care a lot about is data protection. So, Recall is a feature that captures information. It’s a native Windows functionality, nothing goes in the cloud, everything is stored locally.”
And that was that, as if the continuous recording of one’s computer activities in a series of screenshots and activity logs has no security or privacy implications if the data is local and protected by Microsoft account credentials – and not much of a security in light of the release of security researcher Alex Hagenah’s Total Recall Tool. This code can extract and display data from Recall’s unencrypted SQLite database, in which the operating system “function” stores snapshots of user activity.
Meanwhile, researchers and security analysts continue to rally, calling for the Recall – due to be released later this month – to be forgotten.
As Stross argues, Windows computers with Recall will be targeted by lawyers during discovery proceedings because they will provide access not only to email messages, but also to conversations in any messaging or collaboration application, and possibly spoken conversations as well. if word-to-text data is captured by Redmond’s activity logging. It is also useful for a system intruder to us to eavesdrop on what their victim has been doing recently, personally and for work.
“It’s a shitshow for any organization that handles medical data or has a legal duty of confidentiality; indeed, for any business that needs to be GDPR compliant (how does Recall handle the right to be forgotten? With one word: bad), or HIPAA in the US,” he writes in his post.
“This faulty function contravenes privacy law across the EU (and the UK) and in healthcare organizations wherever they have a medical right to privacy.”
Referring to Recall’s ability to avoid capturing DRM’d content, the sci-fi writer continued: “About the only people whose privacy isn’t compromised are the Hollywood studios and Netflix, which tells you something about the state of things. ” ®
Also at Stanford: To solve the AI energy crisis, ‘rethink the whole stack from electrons to algorithms’, says Prof.