The Public Eye with Eric Chabrow

Mission Possible: Self-Destructing E-mail

Mission Possible: Self-Destructing E-mail

Remember the opening of Mission Impossible - your choice, the TV series or the motion picture - when the taped message describing the secret mission assigned Jim Phelps self destructs?

Computer scientists at the University of Washington announced this week they've developed a virtual version of a self-destructing message in a prototype system they call Vanish. Vanish places a time limit on text upload to any web service through a web browser. After a set time, text written using Vanish will, in essence, self-destruct. A paper about the project will be presented at the Usenix Security Symposium next month in Montreal.

This software should be useful for spies, criminal conspirators and cheating lovers messaging one another over the Internet, whether by e-mail or posts on social networks. The system would seem to hamper legal investigations, as a press release issued by the university touting Vanish suggests:

"Computers have made it virtually impossible to leave the past behind. College Facebook posts or pictures can resurface during a job interview. A lost cell phone can expose personal photos or text messages. A legal investigation can subpoena the entire contents of a home or work computer, uncovering incriminating, inconvenient or just embarrassing details from the past."

But the developers of Vanish declare less nefarious motives for their invention. "If you care about privacy, the Internet today is a very scary place," UW computer scientist Tadayoshi Kohno, a UW assistant professor of computer science, said in the press release. "If people understood the implications of where and how their e-mail is stored, they might be more careful or not use it as often."

Doctoral student Roxana Geambasu, who along with professor Hank Levy, undergraduate student Amit Levy and Kohno coauthored the paper, pointed out that when sensitive e-mails are sent to a handful of friends, the sender has no idea where it may end up.

"Your friend could lose her laptop or cell phone, her data could be exposed by malware or a hacker, or a subpoena could require your e-mail service to reveal your messages. If you want to ensure that your message never gets out, how do you do that?"

Not the delete key, she said.

"The reality is that many web services archive data indefinitely, well after you've pressed delete."

According to the researchers, simple encryption of data could prove risky; the information can be exposed years later. That's problematic for those wanting to keep their messages secret, especially as more and more prosecutors and plaintiff lawyers ratchet up the use of subpoenas to collect evidence to advance their legal cases.

How does Vanish work? Here's the official explanation from UW's media relations office:

"The Vanish prototype washes away data using the natural turnover, called 'churn,' on large file-sharing systems known as peer-to-peer networks. For each message that it sends, Vanish creates a secret key, which it never reveals to the user, and then encrypts the message with that key. It then divides the key into dozens of pieces and sprinkles those pieces on random computers that belong to worldwide file-sharing networks, the same ones often used to share music or movie files. The file-sharing system constantly changes as computers join or leave the network, meaning that over time parts of the key become permanently inaccessible. Once enough key parts are lost, the original message can no longer be deciphered.

The researchers say the network's computers running Vanish purge their memories every eight hours in the current prototype; an option lets users keep data for any multiple of eight hours. A message sent using Vanish is kept private by an inherent property of the decentralized file-sharing networks it uses, researchers say, unlike existing commercial encryption services. Adds Geambasu:

"A major advantage of Vanish is that users don't need to trust us, or any service that we provide, to protect or delete the data."

The researchers this week released a free, open-source version of Vanish for the Firefox browser. Senders and recipients must have the tool installed for Vanish to work. The sender highlights the sensitive text and presses the Vanish button. The recipient highlights the garbled text and presses the Vanish button to unscramble it. After eight hours, the message will be impossible to unscramble and will remain gibberish forever.

Though the current prototype works only for text, researchers said the same method could work for any type of data, such as digital photos. Technically, the data can be saved by producing a paper printout of the decrypted text or by cutting and pasting the concealed message into a word-processing document or a photograph.

A major flaw of Vanish is the human element. Not everyone who sends a message wants it to disappear, even if its for the eyes' only of the recipient. Senders might feel they want to maintain a record, even if it should cause embarrassment or legal problems in the future.

Still, Vanish seems like a great tool to assure confidentially of our communications, an admirable goal of its developers. Unfortunately, like other facets of the digital world, such technology could camouflage illicit behavior from authorities. But that's a price worth paying to protect our privacy.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.