Charlie StrossJun 4, 2024

Welp, I knew Microsoft's CoPilot+ Recall was going to be a privacy disaster but I didn't expect it to turn into an enterprise computing catastrophe for Microsoft *quite* this fast!

But this can't be a one-off. Any large enterprise that has to comply with a regulated privacy environment—HIPAA in the USA, GDPR in the EU, banking/insurance/finance globally—must be considering a ban on Microsoft installations on laptop/desktop computers right now or be breaking the law.

https://infosec.exchange/@SecurityWriter/112558224281615019

Security Writer :verified: :donor: (@[email protected])

If you’re wondering how the Microsoft Recall scandal is going, I’ve just had a client tell me they’ve replaced their order for 10k Microsoft Surfaces with new MacBook Airs, at nearly twice the cost, and that we need to start the ongoing 6 month endpoint security project over.

Infosec Exchange
Show thread Why Not Zoidberg? 🦑Jun 4, 2024
@cstross also lawsuits from third parties getting their info recorded will be happening. Very soon.
Show threadJoão Tiago Rebelo (NAFO J-121)Jun 4, 2024
@WhyNotZoidberg my thoughts exactly, as a lawyer I'll be all over that in discovery, even if where I practice it is rare to ask for computer records in possession of the parties unless specifically identified. With Recall I can ask for the whole database to be entered into evidence.
@cstross
Show threadJonathan Kamens 86 47Jun 4, 2024
@jt_rebelo @WhyNotZoidberg @cstross I don't think you can. That would be the same as asking for someone's entire file cabinet or entire hard drive be entered into evidence. It would be ipso facto overly broad.
If you have probable cause to believe your opponent is concealing discovery information they're legally required to disclose, and there might be evidence of that in Recall, you might be able to convince the court to appoint a special master to examine the Recall data.
Show threadOriel Jutty 
@jik I, too, like to give legal advice to lawyers from foreign countries.
Jun 4, 2024 at 3:24pmWeb