Why Microsoft's Controversial AI Search Tool, Recall, Suffered a False Start

On August 21, Microsoft announced that a controversial feature called Recall would finally be launching this fall for an exclusive group of product testers outside the company. The feature, which automatically takes screenshots and uses AI to classify them, will only be available on specific Microsoft-approved laptops, and could help people spend less time searching through their computer history to find something they vaguely remember seeing. Microsoft originally announced Recall in May as a feature for its new line of AI-powered Copilot+ PCs, which are specifically built to take advantage of Copilot, Microsoft's generative AI-powered assistant. Recall is meant to serve as a kind of device-specific search engine, designed to find "anything you have ever seen or done on your PC." Soon after the reveal, though, it was reported that Microsoft's security team wasn't able to get the feature in a safe enough state to launch with the PCs in June, and delayed Recall to later in the year. Microsoft now says Recall will first be released in October exclusively to people within the company's software testing program, called Windows Insider. How is Recall supposed to work? Here's how Recall is intended to function: The feature constantly takes screenshots of whatever you're looking at on your display, and uses computer vision to categorize what it "sees." Then, users can use identifying keywords to search through their PC's history. In an example shown at the May event, a Microsoft leader used Recall to search for a "chart with purple writing," and automatically found the annotated PowerPoint page she was looking for. What are the security concerns with Recall? Immediately following Recall's reveal, cybersecurity experts began to express concern with the feature, like pointing out that it doesn't hide passwords or financial information when taking screenshots. Former Microsoft threat intelligence analyst Kevin Beaumont wrote on his blog that "with Recall, as a malicious hacker you will be able to take the handily indexed database and screenshots as soon as you access a system ... If you have malware running on your PC for only minutes, you have a big problem in your life now rather than just changing some passwords." So, what's happening with Recall now? In June, less than a month after its reveal, Microsoft announced that Recall would not be rolling out with the new line of PCs and would instead launch exclusively for Windows Insiders, but did not specify when the feature would become available to the general public. In the announcement, Microsoft said that it had delayed Recall in order to "leverage the expertise of the Windows Insider community to ensure the experience meets our high standards for quality and security." To allay security concerns, Microsoft has said that users will be required to explicitly opt-in to Recall, and screenshots will be encrypted and can only be unlocked with a successful face scan of the computer's owner. Microsoft now says that "when Recall is available for Windows Insiders in October, we will publish a blog with more details."