'Vanish' Makes Sensitive Data Self-Destruct

Hugh Pickens writes "The NY Times reports on new software called 'Vanish,' developed by computer scientists at the University of Washington, which makes sensitive electronic messages 'self destruct' after a certain period of time. The researchers say they have struck upon a unique approach that relies on 'shattering' an encryption key that is held by neither party in an e-mail exchange, but is widely scattered across a peer-to-peer file sharing system. 'Our goal was really to come up with a system where, through a property of nature, the message, or the data, disappears,' says Amit Levy, who helped create Vanish. It has been released as a free, open-source tool that works with Firefox. To use Vanish, both the sender and the recipient must have installed the tool. The sender then highlights any sensitive text entered into the browser and presses the 'Vanish' button. The tool encrypts the information with a key unknown even to the sender. That text can be read, for a limited time only, when the recipient highlights the text and presses the 'Vanish' button to unscramble it. After eight hours, the message will be impossible to unscramble and will remain gibberish forever. Tadayoshi Kohno says Vanish makes it possible to control the 'lifetime' of any type of data stored in the cloud, including information on Facebook, Google documents or blogs."

Copypaste

[sopssa]

'Our goal was really to come up with a system where, through a property of nature, the message, or the data, disappears,'

And yet after a copypaste or screenshot it wont disappear anywhere.

Let's not kid ourselves

[Bruce Perens]

If the decryption key is ever available to the browser, a modified version of the tool could store it and decode the document forever.

Re:Let's not kid ourselves

[Eevee]

No disrespect, but read the article. It explicitly states that this is not designed to keep the parties from saving the information.

It is technically possible to save information sent with Vanish. A recipient could print e-mail and save it, or cut and paste unencrypted text into a word-processing document, or photograph an unscrambled message. Vanish is meant to protect communication between two trusted parties, researchers say.

Re:We already have better tools for that

[Eskarel]

True, however, in the many years between the invention of Public Key Crypto and today, no one has come close to being able to come up with a way to easily and automatically distribute the keys that doesn't rely on some third party having all of them on file.

There's a reason that encrypted e-mail is pretty non-existent and it's because key management remains unsolved. Manually passing your self generated keys back and forth is all well and good, but it's not all that scalable, and most folks don't know how to do it. I don't know if this works any better mind you, it's probably really more of a nifty trick/experiment, but pretending that Public Key Encryption has solved the secure communication problem is at best naive.

Corporate crimes

[wjousts]

I can see this being useful for corporations that want e-mails to be destroyed before they can be used against them in court. Sure you could take a screen shot or copy/paste the text before the e-mail is permanently destroyed, but can you prove that your copy wasn't tampered with? Can you prove that was what the e-mail originally said? Plausible deniability!

Re:Copypaste

[QX-Mat]

So this is really just a very obfuscated way of achieving what DRM providers have been trying to [favourably] do when they (willfully) allow their authentication services to die or go the companies hosting them plunge into insolvancy.

And to think people thought we were crazy when we warned them that the above DRM 'technique' was a bad idea for consumers from the get go. Pitty "a do over" or repurchase isn't a very good business plan for message encryption -

"Sorry about this, can you send me your email from last week since it's expired now and I need to check up on a few things?"
"No can do, we didn't actually mean anything we said in it. But we didn't lie either. Got proof?".

Sad that it works for media formats.

Just imagine if we allowed the reasons behind why we went to war or how the recession occured to expire like this! Blame would be apportioned in terms of aquiessence rather than proof, "Yes sir, it's definitely not our fault, since we have no records of that - and there's no point in looking since all the keys have expired! If only it had crossed our minds a little sooner, we could have looked at our records when it was politically damaging..."

Re:Copypaste

[NotQuiteReal]

heh - the Print Screen button is a terrorist tool!

Re:Adaptability

[drxenos]

The only answer to that problem is lots and lots of jewelry.

Re:Not useful for DRM

[Bruce Perens]

It's because the tool itself would need to be DRM-locked if you wanted to enforce the time expiration on the intended recipient.

Re:Corporate crimes

[westlake]

Plausible deniability!

The judge and jury get to decide what is plausible.

It won't look good if the erasure violates standard practice or professional guidelines, legal obligations or existing corporate policy.

In criminal law, a guilty verdict demands proof beyond a reasonable doubt.

That does not mean that every piece of evidence has to carry the same weight - only that the evidence when viewed as a whole is damning.

If the state's witness performs credibly on the stand, that will carry over to whatever documents he is asked to describe and identify.

"Plausible denial" is a world of hurt.

Re:Adaptability

[element-o.p.]

The only answer to that problem is lots and lots of jewelry.

Let me know how that works for you. Seems to me like you are training your wife to bring up something again every time she wants a shiny new trinket...