Slashdot Mirror

← Back to Stories (view on slashdot.org)

Self-Shredding E-Mail

Posted by timothy on from the plausible-deniability dept.

yoink! writes: "I just read an article on CNN.com describing a self-shredding e-mail system. With all the persistent e-mail documents gathered by the Government in the MS Anti-Trust case, and the massive shredding of paper documents by parties in the Enron fiasco, it's no wonder people have been looking for an electronic solution to a material problem solved years ago with some cutting tools, a motor, and a garbage bag." One of the companies highlighted here was called Disappearing, Inc. when it was mentioned a few years ago, but now several others have joined the fray.

1 of 210 comments (clear)

  1. Yeah, whatever. by Cerebus · · Score: 5, Informative

    "Self-expiring" email schemes work essentially the same way: a trusted key authority generates and stores encryption keys for any and all email. Reading an email requires authentication to the key authority, which either returns the key or decrypts the email. After a preset time, the key authority purges the encryption key, after which the email encrypted with that key is theoretically unreadable.

    These schemes have several practical problems and weaknesses:

    1) These are closed email systems. Composing, sending, receiving and reading all protected email *must* take place within the system. Communication outside the system typically involves a web-based email solution-- you don't actually send the email, you send a URL to a server that hosts the email for the recipient, and a one-time authenticator to access it.

    2) There is no protection for email that is removed from the system. Screen captures, saving as text, etc. all remove the email from the "expiry" system, rendering it moot.

    3) The key authority is a central point of failure. Reading any protected email requires that the key authority be online and available, and that it's keystore be intact. Any interruption in this services makes *all* email hosted by that service unavailable-- and this is (conceivably) all email in your enterprise.

    4) If the key store is ever archived-- a typical response to worries about (3), above-- the archived keys can be used to access old mail that has otherwise "expired," or "shredded." There is nothing in the application of the encryption that prevents an archived key from being used past its valid date, should it be recovered from a backup or recovered forensically the key server's storage.

    Just some thoughts.

    --
    -- Cerebus