The New York Times reports on new technology that would place a time limit on digital data, causing it to self-destruct. Vanish was created by researchers at the University of Washington. In a press release, the researchers explained:
The Vanish prototype washes away data using the natural turnover, called “churn,” on large file-sharing systems known as peer-to-peer networks. For each message that it sends, Vanish creates a secret key, which it never reveals to the user, and then encrypts the message with that key. It then divides the key into dozens of pieces and sprinkles those pieces on random computers that belong to worldwide file-sharing networks, the same ones often used to share music or movie files. The file-sharing system constantly changes as computers join or leave the network, meaning that over time parts of the key become permanently inaccessible. Once enough key parts are lost, the original message can no longer be deciphered. […]
Vanish works with any text entered into a Web browser: Web-based e-mail such as Hotmail, Yahoo and Gmail, Web chat, or the social networking sites MySpace and Facebook. The Vanish prototype now works only for text, but researchers said the same technique could work for any type of data, such as digital photos.
It is technically possible to save information sent with Vanish. A recipient could print e-mail and save it, or cut and paste unencrypted text into a word-processing document, or photograph an unscrambled message. Vanish is meant to protect communication between two trusted parties, researchers say.
The New York Times notes that timed self-destruction of electronic data isn’t a new concept. “A number of services that perform this function exist on the World Wide Web, and some electronic devices like FLASH memory chips have added this capability for protecting stored data by automatically erasing it after a specified period of time.” But:
The significance of the advance is that the Vanish “trust model” does not depend on the integrity of third parties, as other systems do. The researchers cite an incident in which a commercial provider of encrypted e-mail services revealed the contents of digital communication when served with a subpoena by a Canadian law enforcement agency.
The researchers acknowledged that there are unexplored legal issues surrounding the use of their technology. For example, certain laws require that corporations archive e-mails and make them accessible.
The researchers have detailed Vanish’s technology in a paper, “Vanish: Increasing Data Privacy with Self-Destructing Data.”