When Microsoft launches its new Copilot Plus PCs next week they won’t have the much touted and then criticized Recall functionality built-in.
The idea behind Recall is a good one. Use AI to remember everything that happens on your computer so it can remind you if you forget something later. The allegedly unsecure storage of that info saw cybersecurity experts call it a security disaster waiting to happen.
In an update to its Recall blog post, Microsoft now says it will delay the release pending feedback from additional testing.
The post said, “Recall will now shift from a preview experience broadly available for Copilot+ PCs on June 18, 2024, to a preview available first in the Windows Insider Program (WIP) in the coming weeks. Following receiving feedback on Recall from our Windows Insider Community, as we typically do, we plan to make Recall (preview) available for all Copilot+ PCs coming soon.”
The post didn’t address the specifics of the security vulnerabilities experts raised but its decision seems to be an acknowledgment that there are valid concerns.
Refocus on security
Allegations that Microsoft’s planned release of Recall was evidence of a culture of security negligence couldn’t have come at a worse time.
Microsoft President Brad Smith testified before the US House Committee on Homeland Security in Congress on Thursday to address Microsoft’s culpability in a massive security breach that took place in 2023.
Hackers backed by the Chinese government breached Microsoft’s cloud computing servers and stole hundreds of thousands of customer emails, including those of officials in the US Departments of State and Commerce.
In his prepared testimony, Smith said that Microsoft acknowledged full responsibility for the breach and is working on fostering a culture of security at the company.
Smith said that Microsoft CEO Satya Nadella was taking personal responsibility for this with Nadella reportedly saying that “we each needed to make this the most important thing we do as leaders of the company. It is more important even than the company’s work on artificial intelligence.”
Smith said that Nadella sent every employee the following instructions:
“If you’re faced with the tradeoff between security and another priority, your answer is clear: Do security. In some cases, this will mean prioritizing security above other things we do, such as releasing new features or providing ongoing support for legacy systems.”
Propublica published an eye-opening interview with Microsoft whistleblower Andrew Harris where the former employee said his warnings of security vulnerabilities were consistently ignored.
How long will it take Nadella to instill a culture of security in a giant corporation that rewards shippable products, not pointing out problems?
The mantra of ‘Move fast and break things’ may foster innovation, but with AGI looming let’s hope companies like Microsoft don’t ship the things they break.