Q

Will technologies like Vanish help create archived, unreadable data?

Self-destructing data is a nice thought, says Michael Cobb, but we're some ways off from achieving reliable document control of this kind.

What are your thoughts on technologies like Vanish that seek to create self-destructing data? Is it realistic to try to make every copy of a given piece of data unusable after a given period of time, encrypting certain data and splitting it up into pieces on a peer-to-peer network?
Self-destructing data is a nice thought, but we're some ways off from achieving reliable document control of this kind.

For those readers who haven't heard of the Vanish Self-Destructing Digital Data project, its goal is to give users control over the longevity of the data they post online, protecting information in archived or cached copies of emails that may be stored by an ISP or email provider. The data would automatically become unreadable after a user-specified time.

The initiative is certainly a noble cause. Few of us are truly aware of the trail of data and correspondence we leave scattered across the Internet, like Facebook posts, emails cached on mail servers, or other data found in Google's cached pages, for example. It's virtually impossible not to leave some data behind. Vanish allows users to write emails, Google documents, blog comments and the like and specify how long they're accessible for. Prior to that time limit, anyone who has access can read them; once the expiry time is reached, the data becomes permanently unreadable as the encryption keys are lost in the ether.

The drawback of this technology is that you, as the creator of the data, need the recipient to also not want the data to persist past a certain point in time. Digital rights management (DRM) systems face a similar problem. Online movie rental websites use the technology to prevent customers from viewing downloaded movies after a certain length of time has passed. The technology relies on encryption in a scenario where the intended recipient and the "adversary" are the same person, which is part of the reason why even big corporations haven't managed to come up with a truly unbreakable solution yet.

An additional problem faced when trying to make the data unreadable and limit the life of text-based content is that the recipient cannot be prevented from copying and keeping the cleartext. Even if a technology can restrict printing or copy-and-paste functions, there's nothing to stop the recipient from photographing the contents while they're displayed on his or her screen. This capability greatly reduces the effectiveness in any scenario where you want to give a user a file and then have it disappear against his or her will later. You are still reliant on the behavior of the recipient, both human and computer.

Vanish tries to achieve a different goal. It protects data if your ISP or cloud provider is hacked into, or if government agencies request it. Vanish, however, can also provide deniability. Even if the recipient saves an email in plain text, there's no way to prove that the plain text is the text in the original email. This presents practical problems for businesses that need to keep track of their communications and store them for legal reasons. Financial institutions, for example, are required to retain every communication for three years. What would happen if a client sent a buy instruction via email which vanished after 24 hours?

Despite my reservations, I am still interested to see how the Vanish project progresses. Electronic data lifecycle security is an interesting and vital aspect of information security. Many information security solutions can protect electronic documents at rest or in transit, but provide no protection once they leave the enterprise. This is why Adobe Document Services are widely used, as they include document access rights and permissions, as well as tracking of what has or hasn't been done with a document. I expect to see this sort of DRM technology continue to evolve along with the needs of the enterprise, but it remains to be seen whether tools that enable self-destructing data catch on.

This was first published in February 2010

Dig deeper on Data Loss Prevention

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close