The NYTimes article on reports on the work of University of Washington computer scientists on "self-destructing messages."
Vanish uses a key-based encryption system in a different way, making it possible for a decrypted message to be automatically re-encrypted at a specified point in the future without fear that a third party will be able to gain access to the key needed to read the message.
The pieces of the key, small numbers, tend to “erode” over time as they gradually fall out of use. To make keys erode, or timeout, Vanish takes advantage of the structure of a peer-to-peer file system. Such networks are based on millions of personal computers whose Internet addresses change as they come and go from the network. This would make it exceedingly difficult for an eavesdropper or spy to reassemble the pieces of the key because the key is never held in a single location. The Vanish technology is applicable to more than just e-mail or other electronic messages. Tadayoshi Kohno, a University of Washington assistant professor who is one of Vanish’s designers, said Vanish makes it possible to control the “lifetime” of any type of data stored in the cloud, including information on Facebook, Google documents or blogs. In addition to Mr. Kohno, the authors of the paper, "Vanish: Increasing Data Privacy with Self-Destructing Data," include Roxana Geambasu, Amit A. Levy and Henry M. Levy.
Congratulations on the NYT article. However, the significant point of using a trust model that does not depend on the integrity of third parties is not new, while relying on a peer-to-peer network for "key hiding" is by itself an unsolved problem today (both technically and commercially). The free "Zmail Basic" listed in "Ten Free Services To Send Self-Destructing Emails Which Expire/Disappear Automatically After Specified Time Interval" ... also uses a trust model that does not depend on the integrity of third parties but the novelty there is that keys are not stored anywhere (each dialogue party holds a part of it), and uses a system of "minority control" to allow independent destruction of the capability to reassemble the entire key.
There are also significant issues relating to the use of "self-destruct" technologies (e.g., Vanish) and the operation of legal proceedings. At the onset of a litigation, a litigation hold is placed against all potentially relevant documents. Self-destruct polices with no provision to stop the clock create interesting problems on both sides of disputes and investigations.
I discussed this more extensively in my recent blog entry "Vanishing E-mail and Electronically Stored Information: An E-Discovery Hazard" available at http://www.rlgsc.com/blog/ruminations/vanishing-electronic-data-ediscovery.html
Posted by: Bob Gezelter | Sunday, August 02, 2009 at 20:15