In a move to address growing concerns over privacy and security, Microsoft has unveiled significant updates to the security architecture of its Recall feature, an AI-powered tool designed to help users find what they’ve seen on their PCs.
The updates come in the wake of controversy surrounding data handling and security practices in AI-driven applications.
Recall, which is exclusive to Copilot+ PCs, is built on four core principles: user control, encryption, isolation, and intentional use. The feature is opt-in, meaning users must explicitly choose to enable it during the setup process for Copilot+ PCs.
If a user does not opt-in, snapshots will not be taken or saved, and users can remove Recall entirely through optional features settings in Windows.
Leveraging AI for enhanced security => Free Webinar
Updated Recall Security Architecture
The security architecture of Recall is centered around Virtualization-based Security (VBS) Enclaves, which use the same hypervisor as Azure to segment the computer’s memory into a protected area.
This ensures that sensitive data, such as snapshots and associated metadata, are encrypted and stored locally on the device.
The encryption keys are protected via the Trusted Platform Module (TPM) and tied to a user’s Windows Hello Enhanced Sign-in Security identity, preventing unauthorized access.
Key components of the Recall architecture include the Secure Settings, Semantic Index, Snapshot Store, and Recall User Experience.
The Secure Settings store security configuration data within the VBS Enclave, while the Semantic Index converts images and text into vectors for later search, encrypting these vectors with keys protected within the VBS Enclave.
The Snapshot Store contains saved snapshots and associated metadata, all encrypted by individual keys protected within the VBS Enclave.
To further enhance security, Recall leverages Windows Hello Enhanced Sign-in Security for authorization, including biometric credentials to protect privacy and actively authenticate users to query semantic indices and view associated snapshots.
The feature also includes rate-limiting and anti-hammering measures to protect against malware.
In response to concerns over data handling, Microsoft emphasizes that Recall does not share snapshots or associated data with Microsoft or third parties, nor is it shared between different Windows users on the same device.
Users have full control over their data, with the ability to delete snapshots, pause, or turn them off at any time.
Additionally, sensitive content filtering is enabled by default to reduce the storage of sensitive information such as passwords, national ID numbers, and credit card numbers.
The updates to Recall’s security architecture are part of Microsoft’s broader commitment to making AI available while retaining security and privacy.
The company has conducted thorough security assessments, including design reviews and penetration testing by the Microsoft Offensive Research & Security Engineering team (MORSE) and an independent third-party security vendor.
A Responsible AI Impact Assessment (RAI) was also completed to cover risks, harms, and mitigations analysis across six RAI principles.
By updating the security architecture of Recall, Microsoft aims to provide a robust set of controls against known threats, ensuring that users can benefit from AI-powered tools without compromising their privacy and security.
This move underscores the company’s dedication to delivering a Windows experience that is secure by design and secure by default.
Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Free Webinar