Microsoft has decided to delay the release of its controversial AI feature, Recall, amidst ongoing security concerns raised by the Information Commissioner's Office (ICO).
Originally slated for release alongside other updates next week, Recall, which captures screenshots of users' laptops at regular intervals, will now first undergo testing within Microsoft's Windows Insider Programme in the coming weeks.
"This decision reflects our commitment to ensuring a trusted and secure experience for all users while gathering additional feedback," explained Pavan Davuluri, Microsoft's vice president, in a blog post on Thursday.
The delay follows warnings from cybersecurity experts, including Muhammad Yahya Patel from Check Point, who described Recall as a potential target for cybercriminals due to its capability to aggregate sensitive data in one place.
Microsoft describes Recall as an AI-powered tool that aids users in recollecting information by organizing screenshots and related data based on natural language queries. For instance, a user could search for "red lamp" to retrieve screenshots and associated links from previous browsing sessions.
However, concerns have been raised regarding privacy and security implications. Charlie Milton from Censornet highlighted that such screenshots could provide insights into user behavior if accessed by hackers.
In response to these concerns, Microsoft has implemented additional security measures, including just-in-time decryption to ensure that Recall snapshots are only accessible after user authentication.
Despite these efforts, the ICO's investigation into Recall's security remains ongoing, as confirmed by the ICO to Sky News on Friday.
The scrutiny over Recall comes amidst broader cybersecurity challenges faced by Microsoft, as highlighted during a recent hearing in the US Congress where President Brad Smith addressed concerns over security breaches involving foreign actors.
Smith emphasized Microsoft's commitment to bolstering cybersecurity across the board, including tying executive bonuses to cybersecurity outcomes and integrating security metrics into employee performance evaluations.
