Social networking posts and photos can come back to haunt you in a job search. Litigation or criminal investigations can result in a subpoena that gives others full access to your computer – letting the world see incriminating or embarrassing details from your past. Once information shows up on the internet it is almost impossible to get rid of it.
Can you make information ’self-destruct’ on schedule? That’s the promise of Vanish, a free web-based system created by a research team at the University of Washington. There is an online version you can use without installing anything on your computer. [Update 9/19/09. It looks like they've taken down the online version.]
Although many media reports (like here and here) talk about the information ’self-destructing’, it’s not so much that it disappears as that your encrypted information can no longer be decrypted – even if you have the decryption key. Emails and other text-based information become unreadable after a set time – between 8 and 9 hours by default. It works with web-based email like Hotmail, Yahoo and Gmail and with social networking sites like MySpace and Facebook. The same technique could work with any data, including pictures, but in its current version, Vanish supports only text.
What Vanish Does
Vanish is does three things.
- It encrypts a text message.
- It allows decryption without access to the decryption key.
- It allows the decryption key to become unusable after a set period of time.
It’s the last step that makes it unique.
Vanish splits the secret key needed to decrypt the message into dozens of pieces and then puts those pieces on random computers all over the world. Those computers are part of large file-sharing systems known as peer-to-peer networks. Parts of the key are lost as computers join or leave the peer-to-peer networks. Once enough pieces are lost, Vanish is no longer able to decipher the message. If you wait too long to decipher the message, you see a message like this:
When Vanish is Useful – and When It Is Not
If the goal is to make information unavailable after a specified time, that goal is reachable only if those with access to the information don’t keep electronic or hard copies of the clear text. And security is assured only after the ‘time-out’ period. Before then anyone can decrypt the message.
Tools like Vanish are most useful for information that has no long-term value. It’s probably most useful for emails between a small group of trusted individuals who will not save the clear text, print it or do anything that will preserve the plain English version.
I’ll give a couple examples later. But first, let’s make sure we understand the idea.
Simplified Example of How It Works
Mary asks you hold a message for John. She says that if John doesn’t show up to get it in the next few hours, she wants to make sure that no one – not even John – will know what the message is.
You think about it for a few moments and tell Mary you can do it. You ask Mary to write each word of her message on a separate piece of paper. She gives you a stack of pages and, without looking at the words, you count 15 pages.
Then you take off for a college football game. As people enter the stadium, you randomly hand the pieces of paper to 15 people. As you give each of them a piece of Mary’s message, you ask to look at their ticket and write down their seat number. After you’ve given away all 15 pages, you have a piece of paper with groups of seemingly random letters and numbers like 128-R-43 and 5-C-14. This page is the secret key needed to rebuild Mary’s message.
You keep the secret key. You do not give it to either John or Mary.
Let’s review what has happened. Mary gave you a message to hold for John. You split the message into 15 pieces and 15 different people have those pieces. They don’t know what the entire message is. Nor do you. You – and only you – know where to find the pieces and how to put them together.
If something happens to that piece of paper, the chances that anyone can rebuild Mary’s message is very small. Even if someone gets it, they won’t know what to do with it unless they also know the numbers are seat numbers in the stadium and that the people in those seats have pieces of paper which, when collected and put in order, will reveal Mary’s message.
Sometime during the game, John finds you and asks for Mary’s message. You take out the page with the decryption key. You then run around the stadium (very quickly because John is a little impatient), collect the 15 pieces of paper, put the words together and give John the message.
But what happens if John waits until right before the game is over to find you? Now when you start collecting the parts of the message, you may discover that some of the people with pieces of the message decided to leave the game early. They thought it was boring. Maybe the babysitter called. No matter why they are not there when you go looking for them, the result is that you may not get enough pieces to rebuild Mary’s message. And if he waits until after the game is over to find you, it’s almost certain that you won’t be able to recreate Mary’s message.
That is the basic idea that Vanish is built on.
Example – The Criminal Endeavor
Let’s take an outrageous example.
Henry hires you to break into his office and steal some paperwork inside a safe. He needs to get the combination to the safe to you. Because he doesn’t want to call you or meet with you personally, he uses Vanish to send you an email. The email reads “The combination to the safe is 20-36-14 . My office door will be unlocked after 8 p.m. tonight.” The result is an email that is a bunch of gobbledygook, maybe something like this (but much longer):
—–BEGIN VANISH MESSAGE—–
This message will self-destruct by Wed, 05 Aug 2009 04:58 GMT.
Use http://vanish.cs.washington.edu to read this message.
AKztAAVzcgBGZWR1Lndhc2hpbmd0b24uY3MudmFuaXNoLmludGVybmFs
Lm1ldGFkYXRhLmltcGwuRXBvY2hBd2FyZU1ldGFkYXRhSW1wbE1yiFVDGn2bAgACS
gAMZXBvY2hfbGVuZ3RoTAAIbWV0YWRhdGF0ADVMZWR1L3dhc2hpbmd0b24vY3
MvdmFuaXNoL2ludGVybmFsL21ldGFkYXRhL01ldGFkYXRhO3hwAAAAAAG3dABzcgB
HZWR1Lndhc2hpbmd0b24uY3MudmFuaXNoLmludGVybmFsLm1ldGFkYXRhLmltcGw
uSW5kaXJlY3RLZXlNZXRhZGF–
—END VANISH MESSAGE—–
When you get the email, you use Vanish to turn it back into plain English. Even though a secret key is needed to decrypt the message, neither Henry nor you have the secret key needed to do that. A few hours after he sends that email, the secret key begins to disappear and by tomorrow only the NSA will be able to decrypt the email.
How can the plan fail?
My criminal law professor always started class with a story prefaced with the words, “Ladies and gentlemen, criminals are stupid!”
Encryption (and criminal endeavors) fail because of people.
Let’s say Henry forwards a copy of the email to his home where his wife happens to see it while she’s checking his emails (because she’s suspicious of how he’s spending his time). She wonders what’s going on, so she goes to the Vanish website and decrypts the message. Because she and Henry are not getting along so well, she doesn’t hesitate to call the police and suggest Henry is up to no good. As long as they act before the secret key self-destructs, the police can decrypt the message and be waiting in Henry’s office to welcome you when you show up this evening.
Or maybe Henry (or you) save the unencrypted email. Or you copy the plain English version and save it. Or you take a digital picture of the screen with the plain English – just in case you forget the combination before this evening.
Example – The Ugly Divorce
The Vanish website gives an example of Ann and Carla who are close friends. They love to use popular Web services, such as Gmail, Hotmail, Google Docs, and Facebook, to communicate and collaborate with each other. Ann has problems in her marriage and has started drafting divorce documents. She would like Carla’s advice and help with the documents. Ann trusts Carla completely. What she does not have confidence in is that the electronic footprint of her sensitive and still tentative communications can be kept away from her husband’s lawyer.
Vanish works for Ann only if
- Ann doesn’t keep the drafts on her own computer or on Google Docs.
- Carla doesn’t save the documents to her own computer after she decrypts them.
- Neither Ann nor Carla print the documents and keep copies.
- Ann’s husband (or his attorney) doesn’t get access to the encrypted documents before the secret key needed to decrypt them disappears.
Final Thoughts
You can read a research paper about Vanish here.
The folks who created Vanish say it is like writing a message in the sand at low tide. You can read the message only until the tide comes in and permanently washes it away. Making data unreadable doesn’t require any special action by the sender, the recipient or any third-party service. The encrypted message still exists, but unless you are the NSA – or someone keeps a copy after decrypting the message – no one will ever know what it said.
Your thoughts? Share them with other readers by leaving a comment.
Related articles from WalterBristow.com:
Loading ...
