Monday, March 1, 2010

Ensured privacy: Data with a lifespan

In a video report entitled, "The Future of Data Encryption" ZDNET's Sumi Das tells us about a budding technology that will, it is hoped, make sure that any online data you don't want coming back to bite you in the buttocks will die a graceful death. A team of researchers at the University of Washington: Seattle is developing an encryption scheme that will make sure data will eventually become inaccessible. Called Vanish, it encrypts selected data and sends portions of the key to different computers on peer to peer networks. As computers drop off the network, the data becomes inaccessible.

It's an interesting concept. I see a few problems, and it will be interesting to see how they overcome them. First, what's to keep someone from copying the data? A copy made using copy and paste wouldn't be encrypted, so wouldn't be affected by the Vanish software. There are also screenshots. Of course, it is possible to block copying and screenshots, but I have to wonder if doing that wouldn't actually make people less likely to use the software. One thing we like to have is control of the data we received on our computers.

Another problem is getting people to use it. PGP has been around for almost 20 years, and it's open source cousin, GPG, has been around for a little over 10, but neither has been embraced by the general web using public. The twin problems of setting yourself up and getting your friends and colleagues to use it and setting them up is more than most people want to deal with.

Of course, a simple way to get it to work would be to get a major OS or email client to integrate Vanish and have millions of instant users. Microsoft is the logical choice, but Apple would do for a start.