7.22.2009

AMAZING NEW WORLD: New technology to make digital data self-destruct

A group of computer scientists at the University of Washington has developed a way to make electronic messages "self destruct" after a certain period of time, like messages in sand lost to the surf. The researchers said they think the new software, called Vanish, which requires encrypting messages, will be needed more and more as personal and business information is stored not on personal computers, but on centralized machines, or servers. In the term of the moment this is called cloud computing, and the cloud consists of the data - including e-mail and Web-based documents and calendars - stored on numerous servers. The idea of developing technology to make digital data disappear after a specified period of time is not new. A number of services that perform this function exist on the World Wide Web, and some electronic devices like FLASH memory chips have added this capability for protecting stored data by automatically erasing it after a specified period of time. But the researchers said they had struck upon a unique approach that relies on "shattering" an encryption key that is held by neither party in an e-mail exchange but is widely scattered across a peer-to-peer file sharing system. Public key cryptography makes it possible for two parties who have never physically met to share a digital secret and as a result engage in a secure electronic conversation sheltered from potential eavesdroppers. The technology is at the heart of most modern electronic commerce systems.

The potential value of such technology was brought into stark relief last week when a computer hacker stole data belonging to the social media company Twitter and e-mailed it to Web publishing companies in the United States and France. The significance of the advance is that the Vanish "trust model" does not depend on the integrity of third parties, as other systems do. The researchers cite an incident in which a commercial provider of encrypted e-mail services revealed the contents of digital communication when served with a subpoena by a Canadian law enforcement agency. The researchers acknowledged that there are unexplored legal issues surrounding the use of their technology. For example, certain laws require that corporations archive e-mails and make them accessible. The researchers have developed a prototype of the Vanish system based on a plug-in module for the Mozilla Firefox Web browser. Using the system requires that both parties of the communication have a copy of the module, which is one of the limits of the technology. Mr. Kohno said that he did not envision Vanish being used for all communications, but only for sensitive ones.
Source: Migalhas International