The new AI-powered Windows ‘Recall’ feature that takes 5-second screenshots to generate a searchable timeline of everything a user has interacted with has prompted security and privacy concerns.

What Is Recall? 

The Recall feature for Windows (currently in preview status) is a new feature that’s exclusive to Microsoft’s forthcoming Copilot+ PCs. Recall takes snapshots of whatever is on your screen every five seconds (e.g. emails, and photos), while content on the screen is different from the previous snapshot. These snapshots are then stored (encrypted) and analysed using optical character recognition (OCR), which uses AI, locally on the user’s PC. The collection of snapshots is designed to give users not only a timeline of everything they’ve done and seen, but they can use voice commands to search through it for what they need, e.g. for any content (text and images) they may have been working on or seen. Microsoft says the functionality will be improved “over time” to enable users to open the actual source document, website, or email in a screenshot.

When Recall opens the snapshot a user has requested, it enables ‘screenray’.  This runs at the top of the snapshot and allows the user to interact with any of the elements in the snapshot, so for instance, the user can copy text from the snapshot or send pictures from the snapshot (to an app that supports jpeg files).

Won’t It Just Fill Up The PC’s Storage Space With Snapshots? 

With different screen snapshots (captured every-five-seconds having to be stored locally on the PC) you may be wondering what this will do to the storage space. Microsoft says the minimum hard drive space needed to run Recall is 256 GB (whereby 50 GB of space must be available) and that the default allocation for Recall on a device with 256 GB will be 25 GB, which can store approximately 3 months of snapshots. Users can increase the storage allocation for Recall in the PC Settings and old snapshots are deleted when the allocated storage is used, allowing new ones to be stored.

Why Use Recall?

According to Yusuf Mehdi, Microsoft’s executive vice president and consumer chief marketing officer, with Recall, Microsoft “set out to solve one of the most frustrating problems we encounter daily — finding something we know we have seen before on our PC”. 

Broadly speaking therefore, Recall is essentially a productivity and user experience-enhancing feature. Microsoft hopes that Recall will transform how users interact with their digital content by providing powerful, AI-driven tools for retrieving and managing past activities while maintaining a high level of control and (hopefully) privacy too.

Privacy Concerns 

While on the face of it, it’s possible to see how useful this feature could be, Recall has set privacy alarm bells ringing for some users. For example, it’s been reported that the Information Commissioner’s Office (ICO) is contacting Microsoft for more information on the safety of the product and that Recall has been described as a “privacy nightmare” by some privacy watchdogs. Examples of some of the key concerns about the potential privacy issues of Recall include:

– Since the feature doesn’t moderate what it records, very sensitive information including snapshots of passwords, financial account numbers, medical or legal information (and more) could be accessed and taken, presenting an obvious risk. Microsoft says: “Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers. That data may be in snapshots that are stored on your device, especially when sites do not follow standard internet protocols like cloaking password entry.”

– With gaining initial access to a device being one of the easier elements of an attack, this is all that would be needed to potentially access the screenshots and steal sensitive information or business trade secrets.

– Anyone who knows a user’s password could access that user’s history in more detail.

– Recall is currently at the preview stage, but unless Microsoft assesses the data protection, and peoples’ rights and freedoms before the feature is released to the wider market, there may be some serious legal issues and consequences.

Elon Musk also posted about the feature on his X platform saying: “This is a Black Mirror episode. Definitely turning this ‘feature‘ off.” 

What Does Microsoft Say? 

In defence of Recall and to allay the privacy concerns expressed, Microsoft points out that:

– Recall is not enabled by default – it is an opt-in feature. Users must manually activate it to use it and can configure its settings to control what data it captures and stores.

– Microsoft says it built privacy into Recall’s design “from the ground up”.

– By clicking on the Recall taskbar icon after user’s first activate their Copilot+ device, they can choose what snapshots Recall collects and stores on their device. For example, users can select specific apps or websites visited in a supported browser to filter out of snapshots, snapshots on demand from the Recall icon in the system tray, clear some or all snapshots that have been stored, or delete all the snapshots from the device.

– Microsoft says: “For enterprise customers, IT administrators can disable automatically saving snapshots using group policy or mobile device management policy. If a policy is used to disable saving snapshots, all saved snapshots from users’ devices will be deleted, and device users can’t enable saving snapshots.” 

– The snapshots captured by Microsoft’s Recall feature are stored locally on the PC but are encrypted and protected using BitLocker encryption.

– Recall data is only stored locally and isn’t accessed by Microsoft or anyone who does not have device access.

What Does This Mean For Your Business? 

It’s possible to see the value of the Recall feature (in the forthcoming Copilot+ PCs) in terms of offering UK businesses a potential boost in productivity and efficiency. Being able to search by voice and quickly find (and eventually click through to) anything you’ve been looking at could make it much faster and easier to retrieve and manage digital content. This could, of course, save valuable time and reduce frustration, leading to more streamlined workflows and increased operational efficiency.

However, the elephant in the room with this feature which has piqued the attention of many commentators and the ICO is the significant risk to privacy that it could seemingly pose to businesses and individual users. For example, the unmoderated collection of everything (which could include sensitive information such as passwords, financial data, and confidential business details), raises substantial security and privacy risks. For example, if these snapshots were to be accessed and fall into the wrong hands, the consequences could be severe, including data breaches and the exposure of proprietary information. It appears, therefore, that the only thing standing between a potential bad actor and your personal/sensitive/business information is knowledge of the password for the PC.

Microsoft’s assertion that Recall is an opt-in feature, with snapshots stored locally and protected by BitLocker encryption, may, however, provide some reassurance, as may the fact that users can control what data is captured and stored, plus enterprise customers can disable automatic snapshot saving through group policy or mobile device management. Nevertheless, despite these measures, the potential for misuse remains, especially if a device is compromised or accessed by an unauthorised individual.

To address these privacy concerns, Microsoft will need to provide comprehensive transparency and robust security assurances to the ICO, businesses, and privacy advocates too. Demonstrating that Recall complies with data protection regulations and adequately safeguards user data will be crucial. Clearly, even though Recall is still just at the preview stage, there are serious concerns, and failure to address these could result in significant backlash, legal challenges, and a loss of trust among users.

If / when Recall is thought to be suitable for wider release for businesses, the decision to implement it will require a careful evaluation of the trade-offs between increased productivity and potential privacy risks. Companies will need to establish clear policies and provide training to ensure that employees understand how to use the feature securely. IT departments will also need to remain vigilant, continually monitoring and managing the feature’s settings to maintain data protection standards.

While Recall offers exciting possibilities for enhancing business efficiency, its success will depend on Microsoft’s ability to address privacy concerns and provide robust security measures, so it remains to be seen how Recall progresses though this preview stage and whether risks can be mitigated to an acceptable level.

In this insight, we look at the implications of Microsoft’s announcement that the Windows 11 24H2 update is being tested in a pre-release stage and the deprecation of VBScript is being initiated by making it an optional feature.

What Did Microsoft Say? 

Microsoft has announced that it is making this year’s annual feature update Windows 11, version 24H2 (Build 26100.712) available in the Release Preview Channel for customers to preview ahead of general availability later this year.

Microsoft says that Windows 11, version 24H2 includes a range of new features like “the HDR background support, energy saver, Sudo for Windows, Rust in the Windows kernel, support for Wi-Fi 7, voice clarity” and more.

Improvements Across Windows 

The update also includes many improvements across Windows, such as:

– A scrollable view of the quick settings flyout from the taskbar.

– The ability to create 7-zip and TAR archives in File Explorer (in addition to ZIP). 7-Zip is a free, open-source file archiver that compresses files into various archive formats, notably its own 7z format, and TAR (Tape Archive) – a widely used format for combining multiple files into a single archive file (typically without compression).

– Improvements for connecting Bluetooth® Low Energy Audio devices, i.e. to enhance audio quality, reduce latency, and improve power efficiency for supported devices.

Copilot Pinned To The Taskbar 

Microsoft has also said that in response to feedback from users, the update will also mean that Copilot on Windows as an app will be pinned to the taskbar. This means users can get the benefits of a traditional app experience (e.g. it can be resized, moved, and snapped to the window).

More Details To Come 

Microsoft says although Windows Insiders in the Release Preview Channel can install Windows 11, version 24H2 via its “seeker” experience, the rest of us will have to wait for more details in the coming months of the new features and improvements included as part of Windows 11, version 24H2 leading up to general availability.

The Deprecation of VBScript 

One other significant announcement from Microsoft was the sharing of a timeline for the deprecation (phasing out) of Visual Basic Scripting Edition, commonly referred to as VBScript. Last October, Microsoft announced that VBScript, first introduced in 1996, would be gradually deprecated.

The latest timeline news is that beginning with the new OS release later this year, VBScript will be available as features on demand (FODs). Microsoft says the feature will finally be completely retired from future Windows OS releases “as we transition to the more efficient PowerShell experiences.”  A diagram of the timeline states that VBScript FODs will be completely disabled by default in 2027.

Why Is VBScript Going? 

Microsoft says VBScript (VBS) is finally going because there are more versatile scripting languages (e.g. JavaScript and PowerShell) that offer “broader capabilities and are better suited for modern web development and automation tasks.” 

However, it should also be noted that VBS was a popular tool for cyber-criminals and the fact that VBScript was integrated into the Windows environment meant that it could be exploited to create VBS malware. For example, the highly destructive “ILOVEYOU” worm (2000) was VBS malware. Increased security by closing another door for cyber-criminals is apparently therefore another reason why Microsoft’s getting rid of VBS.

What Does This Mean For Your Business? 

The forthcoming Windows 11 24H2 update looks like it will bring several key benefits for UK businesses, promising to enhance productivity, security, and overall user experience. Key improvements, such as support for HDR backgrounds, energy-saving features, and the integration of Sudo for Windows and Rust in the Windows kernel, will provide businesses with more robust and efficient systems. The introduction of support for Wi-Fi 7 and improved voice clarity may also enhance connectivity and communication within the workplace, which would be helpful for maintaining seamless operations in today’s ‘digital-first’ business environment.

Also, the update’s enhancements for Bluetooth Low Energy Audio devices could be particularly advantageous for businesses relying on audio devices for communication and collaboration.

The news of the inclusion of a scrollable quick settings flyout and the ability to create 7-Zip and TAR archives directly in File Explorer may simplify business file management and streamline workflows. Such improvements could help make everyday tasks more intuitive and less time-consuming, allowing employees to focus on more critical business activities.

However, it’s worth noting for balance that, as with other updates, some businesses may face compatibility issues with legacy systems or software that has not yet been optimised for the new features. There may also be a learning curve associated with the new functionalities, i.e. perhaps requiring additional training time to fully utilise the update’s benefits.

As for the deprecation of VBScript, considering how long it’s been around, the timeline for its demise marks a significant shift for businesses still relying on this scripting language. While moving to more modern and secure scripting languages like PowerShell and JavaScript offers improved capabilities and security, the transition may necessitate some adjustments. Businesses may need to update or replace legacy systems and scripts that depend on VBScript, which could involve some time and resource investments.

On the positive side, phasing out VBScript should reduce some Windows security risks, as VBS has historically been exploited for malware attacks. The phasing out of VBS, therefore, should enhance the overall security posture of Windows environments, thereby helping businesses protect their data and operations from cyber threats.

In summary, while the Windows 11 24H2 update promises enhancements that can drive efficiency and security, businesses must prepare for potential compatibility issues and the need to transition away from VBScript. Armed with this knowledge, proactive planning for the changes can help UK businesses to maximise the benefits of the new update and maintain a secure, modern, and efficient IT environment.

After an Ofcom investigation that found BT didn’t give clear and simple information to customers who signed up to deal with its subsidiaries EE and Plusnet, BT has been told it must refund early exit fees and let existing affected customers walk away penalty-free.

What Happened? 

Under new consumer protection rules, known as ‘General Conditions’ (GCs), that came into force in June 2022, phone and broadband companies, of which BT is both, must give consumers and small businesses the details of a contract, as well as a summary of its key terms, before they sign up. These details must include the price, the length of the contract, the speed of the service, and any early exit fees.

UK Telecoms regulator, Ofcom, says that it opened an investigation into BT after it received information that two of BT’s wholly-owned subsidiaries, EE and Plusnet, may not have been providing the required documents to some customers.

The Findings 

Ofcom says its investigation revealed that since the introduction of the new rules on 17 June 2022, EE and Plusnet made more than 1.3 million sales without providing customers with the required contract summary and information documents. Ofcom found evidence that 1.1 million customers were affected by this between 26 June and 30 September 2023, i.e. they were not given contract information before they signed up as is required under the new rules.

Other key findings by Ofcom were that:

– Despite telling Ofcom in February 2022 that it was confident the deadline to meet the new rules would be met, evidence showed that BT knew as early as January 2022 that some of its sales channels would not meet the deadline.

– In some cases, BT deliberately chose not to comply with the rules on time.

– Ofcom says that whereas other providers dedicated the resources required to meet the implementation deadline for the new rules, BT may have saved costs by not doing so.

– Some sales channels are still non-compliant, and BT is still not providing the required information at the right time to some customers.

The Outcome 

The outcome of Ofcom’s findings in this case are that:

– Ofcom has issued a £2.8 million fine to BT, although this includes a 30 per cent discount as a result of BT’s admission of liability and its completion of Ofcom’s settlement process.

– The 1.1 million customers affected have been given the opportunity to request the information and/or cancel their contract without charge.

– For those customers who left BT before the end of their contract and were charged an early exit fee, BT must refund those early exit fees, and let existing affected customers walk away penalty-free.

Other Action 

Other actions that BT has been instructed to take by Ofcom in relation to this case include:

– Identifying and refunding any affected customers who may have been charged for leaving before the end of their contract period, within five months of Ofcom’s decision.

– Within three months, contacting the remaining affected customers who are still with BT and have not already been contacted, to offer them their contract information and/or the right to cancel their contract without charge.

– Amending remaining sales processes that are still non-compliant within three months of Ofcom’s decision.

Unacceptable 

Ofcom’s Enforcement Director, Ian Strawhorne, said: “When we strengthened our rules to make it easier for consumers to compare deals, we gave providers a strict timeline by which to implement them. It’s unacceptable that BT couldn’t get its act together in time, and the company must now pay a penalty for its failings.”  

Also, Rocio Concha, Director of Policy and Advocacy for consumer organisation ‘Which?’ said: “It’s absolutely right that Ofcom is fining BT for not providing EE and Plusnet customers with clear contract information before they signed up – as some people will have been hit with pricey exit fees they never should have faced.” 

What Does BT Say? 

BT has been reported as saying that it is sorry, will “implement the remedial actions” required by Ofcom and has “taken steps to proactively contact affected customers and arrange for them to receive the information and be refunded where applicable.” 

What Does This Mean For Your Business? 

Ofcom’s ruling against BT is a reminder to telecoms companies and service providers about the importance of compliance with the latest regulatory requirements. For BT, this incident highlights the critical need for transparency and accountability in customer communications, especially in a competitive market where trust is paramount. The £2.8 million fine (which some commentators say should have been higher) and the mandated refunds are examples of the financial and reputational risks associated with non-compliance.

For other providers, this case is a cautionary tale that emphasises the need to adhere to consumer protection rules and the potential consequences of failing to do so. It also shows that companies that decide to push boundaries in their marketing campaigns must think more carefully about these strategies, ensuring that their promotional activities do not leave customers in the dark about what they are signing up for. In an industry where bundling services into complex contracts is common, maintaining clarity and simplicity within customer interactions is still essential to avoid regulatory scrutiny and potential penalties.

For customers, this case may see them benefit (a little) from increased regulatory oversight and assurances that providers must comply with clear guidelines, thereby helping them make more informed decisions about their service contracts. Also, the knowledge that you can exit contracts without penalty in cases of non-compliance should be reassuring and help consumers from being unfairly trapped in agreements they did not fully understand.

A new partnership means that Truecaller’s AI Assistant can use Microsoft Azure AI Speech technology to enable Truecaller to answer your phone (via the Truecaller app) using an authentic AI version of your voice.

Truecaller 

Truecaller is a mobile app, available on iOS and Android, that offers caller identification, call blocking, and spam filtering services. It also provides features like call recording, chat, and contact management. Truecaller is based in Stockholm and was founded in 2009 and is now believed to have over 383 million users globally.

Microsoft’s Speech Technology – Answers In Your Voice 

The Microsoft Azure AI Speech technology (that as part of the new partnership enables Truecaller to answer the phone using an AI version of the user’s voice) is Microsoft’s ‘Personal Voice’. Launched in November 2023 and updating the existing ‘Custom neural voice’, the new ‘Personal Voice’ feature means that paid users of Truecaller’s Assistant (AI) “can get AI replicating their voice in a few seconds by providing a 1-minute speech sample as the audio prompt, and then use it to generate speech in any of the 100 languages supported”. 

Integrated With The Truecaller Assistant – How It Works 

Microsoft describes how ‘Personal Voice’ works when integrated with Truecaller’s Assistant, saying: “The Truecaller Assistant answers users’ calls and asks questions for the users, detecting spam and letting the users know if the call is worth answering.” 

Truecaller’s Product Director & General Manager, Raphael Mimoun, explains that “The personal voice feature allows our users to use their own voice, enabling the digital assistant to sound just like them when handling incoming calls.”

Why? 

Truecaller says being able to use an AI version of the user’s voice “adds a touch of familiarity and comfort for the user”, and Microsoft says it “provides a fully personalised voice experience” and it will “will revolutionise the way our users manage their calls and elevate their overall experience with Truecaller Assistant”. 

Limitations 

It’s been reported that although Truecaller’s Assistant usually gives the option to edit the introductory greeting template for callers, this option will be restricted if users opt for their personal voice instead of a system-generated one. That said, it’s understood that follow-up responses can be customised, based on user preferences.

Introduced in China Too 

Microsoft’s Personal Voice feature was developed with Haier, a leading IoT Smart Living brand in China, and the new Personal Voice feature has now been added to Haier’s service so that its users can create AI versions of their family’s voices to control and use home appliances via intelligent speakers.

Truecaller – More In Future 

Truecaller has indicated that it intends to work with Microsoft in future to enhance its products with AI. For example, Truecaller’s Raphael Mimoun said: “We look forward to further exploring the potential of AI-powered voice technologies in partnership with Microsoft and delivering even more innovative solutions to our global user base.”   

What Does This Mean For Your Business? 

The collaboration between Truecaller and Microsoft to integrate Azure AI Speech technology into Truecaller’s app can be seen as a significant advancement in AI-driven customer interaction tools. For Truecaller, this partnership enhances its service offering by leveraging cutting-edge AI to create a more personalised and seamless experience for users. The ability to replicate a user’s voice with AI not only adds a unique touch of familiarity but also sets Truecaller apart from its competitors in the call management and spam detection market. This innovation also aligns with Truecaller’s commitment towards continually improving its user experience and expanding its global reach.

For Microsoft, this partnership underscores the versatility and power of its Azure AI Speech technology. By enabling Truecaller to offer AI-generated voice capabilities, Microsoft showcases its ability to provide scalable, advanced AI solutions that can be integrated into various applications. This collaboration not only strengthens Microsoft’s position in the AI market but also opens up new avenues for the deployment of its technology across different industries and usage cases.

For businesses using Truecaller, the integration of AI-generated personal voices could transform how they manage incoming calls. For example, this technology allows for a more efficient and personalised customer interaction, potentially reducing the burden on customer service teams and improving the overall customer experience. By ensuring that calls are answered in a familiar voice, businesses can also maintain a personal touch, even when calls are handled by an AI. Also, the continued partnership between Truecaller and Microsoft hints at the possibility of even more sophisticated AI-driven features in the future, which could further streamline communication processes and enhance business operations.

Looking ahead, the potential for further AI integrations is vast. Businesses might see developments such as AI-driven analytics providing deeper insights into call patterns and customer behaviour, or enhanced automation features that could seamlessly integrate with other business systems. The ongoing advancements in AI technology promise to bring about more intelligent and adaptive solutions, helping businesses stay ahead in an increasingly competitive landscape. As Truecaller and Microsoft continue to innovate, businesses can look forward to leveraging these technologies to enhance efficiency, improve customer engagement, and drive growth.

The Digital Markets, Competition and Consumers Bill (DMCC) which becomes law later this year (autumn) and is aimed at promoting fair competition, regulating digital markets, and protecting consumer rights in the UK, may mean that Apple will need to open up its business practices.

Similar to being a ‘gatekeeper’, for example, if the CMA’s Digital Markets Unit (DMU) decides Apple has a ‘Strategic Market Status’ (SMS) and decides that Apple has “substantial and entrenched market power” and a “position of strategic significance”, Apple may be forced to change its business practices to enhance competition and consumer choice.

This could involve measures like allowing third-party app stores, enabling app sideloading, unbundling WebKit from browsers, sharing data with competitors, and avoiding preferential treatment of its own services. However, some commentators have suggested that if strict regulations hurt Apple’s business, it could impact the 4.8 million jobs supported by the iOS app economy in the US and Europe.

A political consultant who paid a local street magician $150 to make a deepfake anti-Biden robocall, asking people not to vote in the New Hampshire Democratic primary, is now facing $6 million fine.

It’s been alleged that Steven Kramer, 54, of New Orleans, commissioned and paid for the bogus Biden AI deepfake voice call, used ID spoofing to hide the source, and hired a telemarketing firm to play fake recording to 5,000+ voters over the phone.

Mr Kramer now faces felony charges of voter suppression and misdemeanor impersonation of a candidate and faces the multi-million dollar fine from the US Federal Communication Commission (FCC) for the bogus call. This is likely to send a powerful message to those looking to misuse AI deepfakes in this year’s US presidential election.