For those readers who haven't heard of the Vanish Self-Destructing Digital Data project, its goal is to give users control over the longevity of the data they post online, protecting information in archived or cached copies of emails that may be stored by an ISP or email provider. The data would automatically become unreadable after a user-specified time.
The initiative is certainly a noble cause. Few of us are truly aware of the trail of data and correspondence we leave scattered across the Internet, like Facebook posts, emails cached on mail servers, or other data found in Google's cached pages, for example. It's virtually impossible not to leave some data behind. Vanish allows users to write emails, Google documents, blog comments and the like and specify how long they're accessible for. Prior to that time limit, anyone who has access can read them; once the expiry time is reached, the data becomes permanently unreadable as the encryption keys are lost in the ether.
The drawback of this technology is that you, as the creator of the data, need the recipient to also not want the data to persist past a certain point in time. Digital rights management (DRM) systems face a similar problem. Online movie rental websites use the technology to prevent customers from viewing downloaded movies after a certain length of time has passed. The technology relies on encryption in a scenario where the intended recipient and the "adversary" are the same person, which is part of the reason why even big corporations haven't managed to come up with a truly unbreakable solution yet.
An additional problem faced when trying to make the data unreadable and limit the life of text-based content is that the recipient cannot be prevented from copying and keeping the cleartext. Even if a technology can restrict printing or copy-and-paste functions, there's nothing to stop the recipient from photographing the contents while they're displayed on his or her screen. This capability greatly reduces the effectiveness in any scenario where you want to give a user a file and then have it disappear against his or her will later. You are still reliant on the behavior of the recipient, both human and computer.
Vanish tries to achieve a different goal. It protects data if your ISP or cloud provider is hacked into, or if government agencies request it. Vanish, however, can also provide deniability. Even if the recipient saves an email in plain text, there's no way to prove that the plain text is the text in the original email. This presents practical problems for businesses that need to keep track of their communications and store them for legal reasons. Financial institutions, for example, are required to retain every communication for three years. What would happen if a client sent a buy instruction via email which vanished after 24 hours?
Despite my reservations, I am still interested to see how the Vanish project progresses. Electronic data lifecycle security is an interesting and vital aspect of information security. Many information security solutions can protect electronic documents at rest or in transit, but provide no protection once they leave the enterprise. This is why Adobe Document Services are widely used, as they include document access rights and permissions, as well as tracking of what has or hasn't been done with a document. I expect to see this sort of DRM technology continue to evolve along with the needs of the enterprise, but it remains to be seen whether tools that enable self-destructing data catch on.
This was first published in February 2010