IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image

Microsoft revealed the latest updates of Recall for enhanced PC security & privacy

Tue, 1st Oct 2024

Microsoft has announced the updates of Recall, a security and privacy feature tailored for Copilot+ PCs. According to the company, Recall harnesses a 40+ TOPS Neural Processing Unit to bolster AI capabilities on the edge, which provides users with lower latency, improved battery life, and enhanced privacy by processing data locally.

The company has emphasised that Recall aligns with its Secure Future Initiative commitments. A spokesperson from Microsoft noted, "Recall is an example of how the company is operationalising the Secure Future Initiative commitments; the company's approach is that it is secure by default."

Recall's architecture includes several advanced security and privacy features to provide robust user control and data security. Among the key aspects is the feature's opt-in nature, which allows users to enable or disable Recall during the setup of their Copilot+ PC. Users can remove Recall through the Windows settings anytime, ensuring complete control over their data.

Data encryption is a pivotal part of Recall. All snapshots and associated data are encrypted, with the encryption keys protected by the Trusted Platform Module (TPM) and Windows Hello Enhanced Sign-in Security. Microsoft stated, "The encryption process is designed to be robust, preventing unauthorised access and ensuring that user data remains confidential."

Service isolation is another critical component of Recall. Services operating on snapshots are isolated within a Virtualisation-based Security Enclave (VBS Enclave). This ensures that only user-requested information leaves the secure environment. The isolation is crucial for maintaining the integrity and security of the data, as it prevents potential breaches from affecting the entire system.

Enhanced privacy controls have also been integrated into the Recall feature. Features include automatic filtering of sensitive content by default, excluding specific apps and websites, and an in-private browsing option. Recall saves data locally on the device and does not share it with Microsoft or third parties, reducing the risk of data breaches.

Recall is constructed on core principles aimed at maintaining user privacy. This includes features such as:

  • An opt-in feature where snapshots are only taken and saved if the user opts in.
  • Data can be stored locally on the device without being shared with Microsoft or third parties.
  • Customisable settings allow users to filter out specific apps or websites, control retention periods, and manage disk space allocation for snapshots.
  • Automatic filtering of sensitive information such as passwords and credit card numbers by leveraging Microsoft's Purview information protection libraries.

Microsoft has aimed to ensure that any changes to Recall's secure settings are intentional and authorised. Secure settings stored within the VBS Enclave require user authorisation for any adjustments. The semantic index converts images and text into encrypted vectors for secure search operations, and the snapshot store contains encrypted snapshots and metadata, all protected by individual keys within the VBS Enclave.

The company has conducted extensive security assessments, including design reviews and penetration testing, by the Microsoft Offensive Research & Security Engineering team and a third-party security vendor. Additionally, a Responsible AI Impact Assessment was completed to address risks and ensure compliance with Microsoft's AI principles.

A spokesperson affirmed, "These advancements demonstrate Microsoft's commitment to making the power of AI available to everyone while retaining security and privacy against even the most sophisticated attacks."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X