Copilot+ PCs Could Be A Privacy Nightmare For Professionals

News Room
5 Min Read

On a May 20th event on Microsoft’s
Microsoft
campus, the Redmond, Washington company introduced Windows PCs designed specifically for AI—dubbed Copilot+ PCs.

The new hardware at the core of the announcement are PCs with high-performance Neural Processing Units (NPUs) that are, at least ostensibly, capable of handling much of the processing on-device. It remains an open question, however, the extent to which external processing will be necessary—and that will tell part of the tale in terms of Copilot+ PC usability by an entire class of professionals who handle sensitive information.

As it stands, however, it appears the Recall feature is in some cases enabled by default and, even with entirely on-device processing, may be a privacy concern for many professionals.

Recall Security and Privacy

Recall is intended to metaphorize in software the feeling of having a photographic memory. That is, everything ever seen or done on a Copilot+PC, likely save for some exceptions for digital rights managed media consumed on that PC, will be able to be recalled in the form of a database of screenshots continuously capturing activity.

The assumption is those screenshots will be leveraged to organize information semantically, connecting bits of disparate data based on relationships and associations—allowing a user to retrieve files, emails, websites, and more.

According to Microsoft, users will be able to scroll through a timeline to locate content across various applications, platforms, and websites. By leveraging on-device processing, said to be built and stored entirely locally, Recall hopes to ensure users’ snapshots remain private and secure.

A filter feature will enable users to exclude specific applications and websites from being saved, which is intended to ensure that users have the ability to control what is and is not indexed—but it remains an open question whether that will be a sufficient safety net for professional users handling sensitive third-party information.

Handling Sensitive Third-Party Information

Recall, while unquestionably innovative, raises potential concerns for professionals—from attorneys and accountants to health practitioners and even payroll departments—who regularly handle sensitive third-party information.

Many professions carry with them strict confidentiality and privacy standards, making it incumbent upon individuals handling sensitive information to adhere to strict confidentiality and privacy standards—which raises the question whether the privacy controls offered by Recall, in conjunction with requiring the user to explicitly exclude a given class of applications or websites, will be sufficient to discharge that duty.

As announced, Recall will allow users to exclude certain applications from being indexed, but the possibility may remain that an excluded application may nonetheless have related interactions that could allow third-party information to be improperly indexed.

Moreover, the deletion capabilities of Recall will need to be scrutinized by professional ethics boards to ensure data retention and deletion standards can be adequately met. While it was announced Recall provides options to delete individual snapshots and even swaths of time, the features will need to be sufficiently robust so as to guarantee that deleted data is permanently erased and can in no way be recovered. This is a high bar and not something artificial intelligence language models excel at.

Legal Compliance

Similar to the data deletion and privacy concerns, professionals will need to consider how Recall handles compliance with legal obligations like subpoenas and requests for production.

Professional users may be required, regularly, to produce specific documents or sets of data during legal proceedings and it is essential that Recall can accurately and securely manage those requests—without compromising other information. Striking a balance between compliance with legal obligations and compromising other sensitive information will be key, and it remains to be seen if artificial intelligence is up to the task.

Outlook

While Microsoft’s Copilot+ PCs and specifically the Recall feature almost certainly portend the future in personal and professional computing, and they boast significant advancements in artificial intelligence that will boost productivity, there are substantial considerations professional users will need to make.

Ensuring the privacy, security, compliance, and even proper deletion of data are all paramount for compliance with ethical and legal standards. Only time and rigorous testing will tell the tale as to whether these innovative features can reliably support the needs of users with such sensitive, specific, and exacting requirements.

Read the full article here

Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *