On 19 May, the same Nadella announced a feature called Recall where Windows would store up to 25GB of data from an individual's desktop session locally. Just so that people could see what they had been doing in the past, say, three days.
There seems to be some kind of dissonance about these two statements. When Microsoft talks about security most long-time users of computers have no other reaction other than a cynical smile. Something like what's on the visage of the Mona Lisa.
But Nadella was doing what he does best when he made that statement on security: playing the grand poobah of public relations for a company that is a marketing entity first and a technology firm a distant second.
|
|
Satya Nadella says Windows PCs will have a photographic memory feature called Recall that will remember and understand everything you do on your computer by taking constant screenshots pic.twitter.com/Gubi4DGHcs
— Tsarathustra (@tsarnick) May 20, 2024
According to the 3 May statement, Nadella said the approach from now on would be governed by three principles:
"Secure by Design: Security comes first when designing any product or service.
"Secure by Default: Security protections are enabled and enforced by default, require no extra effort, and are not optional.
"Secure Operations: Security controls and monitoring will continuously be improved to meet current and future threats."
Given such lofty goals, the announcement of Recall looks like rank hypocrisy from the soft-spoken Nadella who often uses references to cricket to slip in a few googlies in his spiel and get them past the keeper. He did it this time too.
Let's be clear about one thing: for all technology companies, money comes first, second and third. (Also fourth, fifth, sixth ad infinitum). Nadella is just the latest in a line of chef executives who try to use gentle speech and devious words to sell users on some feature or the other.
Top British security practitioner Kevin Beaumont, who has worked for Microsoft in the past, had these comments, among others, about Recall:
"To put this into context, this isn’t 'the last thing in the clipboard'. It is everything you did in recent memory – and it’s instantly available to malicious software and individuals. If you have malware running on your PC for only minutes, you have a big problem in your life now rather than just changing some passwords.
"Microsoft will wordsmith around this and issue lovely comments to [the] press, but this seems like a huge risk which fundamentally undermines the security of the Windows ecosystem. All consumers and businesses should disable and reject Recall on Copilot+ PCs unless it has a substantial rework, as it directly places you and the data you view at risk."
I couldn't have put it better myself.
