The half-life of data: bug or feature?

privacyThe great paradox of electronic data must surely be that while the stuff we want to keep is considered frangible and at risk (think of the old programmer’s adage – “if your data doesn’t exist in three separate locations, it might as well not exist at all), the stuff we’d rather have disappear (that inebriated email to your ex-partner or lawyer, or that Facebook picture of you smoking crack on the steps of the town hall) has a tendency of hanging around out in “the cloud” long enough to embarass or incriminate. [image by rpongsaj]

The answer to the first problem is obviously to take multiple geographically-separated back-ups (and make a yearly sacrifice to Cthulhu for peace of mind); the latter is a bit more tricky, but a team at the University of Washington think they may have cracked it with a system named Vanish, which is designed to “give users control over the lifetime of personal data stored on the web or in the cloud. Specifically, all copies of Vanish encrypted data — even archived or cached copies — will become permanently unreadable at a specific time, without any action on the part of the user or any third party or centralized service.”

Sounds intriguing – so how does it work?

We created self-destructing data to try to address this problem. Our prototype system, called Vanish, shares some properties with existing encryption systems like PGP, but there are also some major differences. First, someone using Vanish to “encrypt/encapsulate” information, like an email, never learns the encryption key. Second, there is a pre-specified timeout associated with each encrypted/encapsulated messages. Prior to the timeout, anyone can read the encrypted/encapsulated message. After the timeout, no one can read that message, because the encryption key is lost due to a set of both natural and programmed processes. It is therefore impossible for anyone to decrypt/decapsulate that email after the timer expires.


we leverage an unusual storage media in a novel way: namely, global-scale peer-to-peer networks. Vanish creates a secret key to encrypt a user’s data item (such as an email), breaks the key into many pieces and then sprinkles the pieces across the P2P network. As machines constantly join and leave the P2P network, the pieces of the key gradually disappear. By the time the hacker or someone with a subpoena actually tries to obtain access to the message, the pieces of the key will have permanently disappeared.

It’s a clever idea, that’s for certain, and its application to sensitive emails makes a great deal of sense (though I’d want the low-down from Bruce Schneier before deploying it on anything that mattered). As far as Facebook messages are concerned, though, anyone stupid enough to post incriminating material about themselves or others on the biggest social network on the planet can be assumed to lack the gumption to avail themselves of encryption technologies like Vanish. Maybe it’s just because I spend a lot more time on the internet than is really healthy, but I can’t understand how it isn’t more widely acknowledged that the best way to keep something secret is to avoid talking about it in public spaces… [via BoingBoing]

2 thoughts on “The half-life of data: bug or feature?”

  1. For emails, maybe. Doesn’t sound like it would work on captured screen dumps of web pages.

Comments are closed.