Sometimes the biggest faults with Artificial Intelligence (AI) come with the human judgment and lack of wisdom that come with building it. Whether you love AI or avoid it like the plague, it is here to stay and will be subject to plenty of hits and misses during its growth – and it is the misses that will forever determine people’s trust in AI technology.
The Recall on Microsoft
Microsoft Recall – a name that has been the talk of every company running an identity management system and serious about AI adoption over the past few months certainly didn’t win AI any new fans.
An application that stores snapshots of your computer screen every couple of seconds, indexing it for recall whenever you may want to review it. Microsoft said there were no identity management risks as everything stored in Recall is kept in local, encrypted files, not in the cloud. By Microsoft’s belief, any hacker would need to gain physical access and identity management to your device, unlock it, and sign in before any screenshots could be accessed.
However, this doesn’t cover the entire class of malware that works by gaining control of a victim’s device. The result was a major backlash from experts in cybersecurity and identity management access following its unveiling, especially around its default implementation that required users to turn it off by themselves.
Action Within Days
Within days, security experts found ways around security precautions that Microsoft had implemented for protection in Recall, including codes that extracted and displayed data from the feature that was essentially an all-access pass to your PC identity manager activity, including Microsoft Teams, Slack, and Signal.
Microsoft was initially reluctant to withdraw the feature or answer any queries about the ease it provided for hackers to bypass the protection barriers and gain identity management. Eventually, succumbing to the mounting pressure and bad press after 17 days, Microsoft decided to delay the product over security concerns – but the choice of releasing the product in its initial preview state only three weeks after Microsoft CEO Satya Nadella issued the memo about staff prioritising security over new feature releases is one that will stick for the company.
Dropping the Ball
Microsoft is not new to dropping the ball in colossal ways. One look at how they fumbled the opportunities of the web and smartphone showcases that. Computing has always been its strong suit, and AI should have made the company a strong contender from the get-go. Is Microsoft going through a midlife crisis for Recall to have so spectacularly blown up in their faces in identity management?
It is no secret that identity access management solutions are at the heart of any AI development and a key concern for every organisation with access to sensitive data. If a company as long-established as Microsoft is fumbling with new features, and providing wide access for cybercriminals, it raises questions about large corporations and the need to race out features before being tested against such threats.
Recall has since added additional security precautions and been relegated to its testing group, the Windows Insider Programme. However, following the company’s admission that Recall has been a fiasco, how will it deal with initial scrutiny of every feature that has to follow?
Interested to learn more about customer identity and access management talks happening in the UK? Look for future talks on identity management solutions happening in 2024.