VP Shares Privacy Measures for AI-Powered Recall on Copilot PCs

Key hiGHLIGHTS

Microsoft’s VP recently wrote about the security measures behind the Recall feature, shedding light on how the company is protecting users. The feature will be available only on Copilot+ PCs that meet strict security standards, giving users full control over their data.

David Weston, Microsoft’s VP for enterprise and OS security, shared these updates in a blog post, addressing concerns from the community about privacy.


VP Shares Privacy Measures for AI-Powered Recall on Copilot PCs

Important Context

The Recall feature takes screenshots of a device’s activity, allowing users to visually search through them later. When Recall was first introduced in May, it stirred up quite a bit of controversy.

For anyone needing a reminder, you can check out more details on the feature here.

VP Shares Privacy Measures for AI-Powered Recall on Copilot PCs

Opt-In for Peace of Mind

Weston emphasizes that Recall is an opt-in feature, meaning no data will be captured or saved unless the user chooses to enable it. He reassures users, saying, "If a user doesn’t actively turn it on, it stays off, and no snapshots are taken or stored." He also explains that Recall can be completely removed through the Windows settings, offering another layer of control.

Interestingly, Microsoft only recently made this uninstall option available, initially offering it to European users before expanding it.


Strong Security Model

Weston dives into the technical aspects of Recall’s security. Screenshots and any associated data are encrypted and stored locally, with encryption keys safeguarded by the Trusted Platform Module (TPM). These keys are further protected in VBS Enclave, which isolates and shields memory from system-level attacks. Microsoft also introduced additional security measures, like rate-limiting and anti-hammering, to fend off malware.

Access to stored data requires biometric authentication through Windows Hello, adding a personal touch to the security, as users can feel confident that only they can access their data.

VP Shares Privacy Measures for AI-Powered Recall on Copilot PCs

Privacy at the Core

Weston reassures users that their data stays private. "Snapshots aren’t shared with Microsoft," he writes, ensuring that users remain in control. At any time, users can delete their snapshots or turn the feature off completely. They can also customize what’s stored, filtering out sensitive information like passwords, national ID numbers, or credit card details. It’s all about giving users the power to protect their personal data.


Exclusive to Copilot+ PCs

The Recall feature will only be available on Copilot+ PCs that meet high security standards, including:

  • BitLocker and Device Encryption
  • TPM 2.0
  • Virtualization-based security and hypervisor-enforced code integrity
  • Measured Boot and System Guard Secure Launch
  • Kernel DMA Protection against attacks from peripherals


Security Audits and Reviews

Weston notes that Microsoft has conducted several security tests, including penetration tests, independent security design reviews, and a Responsible AI Impact Assessment. These thorough evaluations show Microsoft’s commitment to protecting users’ privacy and data, leaving no stone unturned in their quest for security.

By openly addressing these concerns, Microsoft hopes to assure users that their data remains secure and under their control, even as AI becomes a bigger part of our digital lives.