System limits lifetime of personal data in the Web

Deleting a file from your computer deletes it, or doesn't it? And when you send an e-mail, do you know where it goes? What about text? So much personal information is in our computers and out there on servers and cell phones, we may be placing ourselves at risk. College Facebook posts or pictures can resurface during a job interview. A lost cell phone can expose personal photos or text messages. A legal investigation can subpoena the entire contents of a home or work computer, uncovering incriminating, inconvenient or just embarrassing details from the past.

To meet growing concern about personal data in computers and on the Web, the University of Washington has developed a way to make such information expire. Somewhat akin to Mission Impossible messages, electronic communications such as e-mail, Facebook posts and chat messages would automatically self-destruct in a specified amount of time, becoming irretrievable from all Web sites, inboxes, outboxes, backup sites and home computers. Not even the sender could retrieve them.

Tadayoshi Kohno, part of the team that reported on the tool they call "Vanish," noted, "If you care about privacy, the Internet today is a very scary place. If people understood the implications of where and how their e-mail is stored, they might be more careful or not use it as often."

'Vanish' to self-destruct
The team of UW computer scientists developed a prototype system called Vanish that can place a time limit on text uploaded to any Web service through a Web browser. After a set time text written using Vanish will, in essence, self-destruct.

Co-authors on the paper are Kohno, Roxana Geambasu, Hank Levy and Amit Levy, all with the UW's department of computer science and engineering. The research was funded by the National Science Foundation, the Alfred P. Sloan Foundation and Intel Corp.

"When you send out a sensitive e-mail to a few friends you have no idea where that e-mail is going to end up," Geambasu said. "For instance, your friend could lose her laptop or cell phone, her data could be exposed by malware or a hacker, or a subpoena could require your e-mail service to reveal your messages. If you want to ensure that your message never gets out, how do you do that?"

Many people believe that pressing the "delete" button will make their data go away.

"The reality is that many Web services archive data indefinitely, well after you've pressed delete," Geambasu said.

Simply encrypting the data can be risky in the long term, the researchers say. The data can be exposed years later, for example, by legal actions that force an individual or company to reveal the encryption key. Current trends in the computing and legal landscapes are making the problem more widespread.

"In today's world, private information is scattered all over the Internet, and we can't control the lifetime of that data," said Hank Levy. "And as we transition to a future based on cloud computing, where enormous, anonymous datacenters run the vast majority of our applications and store nearly all of our data, we will lose even more control."