Slashdot Mirror
Self-Shredding E-Mail
yoink! writes: "I just read an article on CNN.com describing a self-shredding e-mail system. With all the persistent e-mail documents gathered by the Government in the MS Anti-Trust case, and the massive shredding of paper documents by parties in the Enron fiasco, it's no wonder people have been looking for an electronic solution to a material problem solved years ago with some cutting tools, a motor, and a garbage bag." One of the companies highlighted here was called Disappearing, Inc. when it was mentioned a few years ago, but now several others have joined the fray.
With a traditional document (esp. in the case of sensitive items) versioning is kept to a minimum, and hence the total destruction of a 'mail chain' would be possible. With digital documents it is too easy for multiple versions to exist - using the email example you could have multiple vendors and multiple sysadmins with mailbox backups, many of which could be unknown to the individuals concerned.
With digital documents there will always be an tension between the desire to be able to fix a system that breaks (using backups) and to digitally shred sensitive items. This will probably mean that there will never be as much certainty with digital shredding as traditional shredding.
How bout not sending anything that could get you in trouble? Common sense should prevail here. But in the wake on Enron, I am sure they will do well.
There's a scene in Cryptonomicon in which Avi (I think) explains that important discussions have to take place between only two people at a time, so there is plausible deniability and nothing to subpoena.
This is why, even when email, videoconferencing and even faxes are widespread, nothing will ever replace face to face meetings for serious business.
The trouble with PGP is: Once it becomes so widespread that the government has to fear loss of face in front of a court, other countries will do the same as the UK: Pass a law that requires you to hand over the key, or else...
Besides, with PGP you still can't control if the RECIPIENTS of the mail keep it - the point of these new systems was to delete the mail after you sent it.
Doing this prevents the recipiant from saving a plain text version on their disks
I hope nobody reading this will rely on "pgp -m" for security--it's just a convenience that tries to ensure that your recipient doesn't do something insecure such as saving plaintext to disk, but if he wants to he can probably still do that with a couple of keypresses.
Back in the distant mists of time, when we had cc:mail in house, messages were deleted from the server after 15 days. Since it was not pop3 and all messages were kept right on the server instead of downloaded to your hard drive, it meant that after 15 days it was gone for good. In theory, backups were made. But the person in charge of cc:mail and the backups had . . . issues with the backup, so itwas hit and miss anyway.
If people wanted to keep a message, they did what every one using these e-mail shredders will do: either print it directly or copy and paste it into word and print it from there.
I wonder how this stuff interacts with spyware that logs keystrokes, viewed screens, email, etc.
Of course, talk about being hoisted by one's own petard:
Company X installs spyware on its machines - "to protect itself"; and the results wind up as evidence in a court trial, including "shredded" emails. Concievably, Company Y could send the email, and have it recovered from X.
I'm a consultant - I convert gibberish into cash-flow.
The problem was, how does one create a system to help with document retention policies that a company creates? Up until companies like Omniva, there wasn't a software process to handle electronic documents where you can say "I don't have that document as it has been destroyed through our retention process".
BTW... These products are not just for large companies like Microsoft. Individuals can benefit through it. Email to your tax accountant would be examples of mail that you may want to disappear after you file your returns. A number of great example on how folks have gotten screwed by electronic documents can be found in Jeffrey Rosen's book, "The Unwanted Gaze : The Destruction of Privacy in America".
From a security standpoint, this is great, but from a historical perspective, this is an archivist's nightmare. How do you write a biography of a famous figure of the information age without their email to go through? (I know, insert MS trial email joke here.) How many current biographies of presidents, CEOs, entertainers, etc. are based on their mounds of personal correspondence squirreled away in six million shoeboxes in the family archives? With self-destructing email, the possibility of finding such a treasure trove in email form just got even smaller than it already was.
Was that out loud?
From the website (for the lazy or bandwidth impaired):
Rubberhose transparently and deniably encrypts disk data, minimising the effectiveness of warrants, coersive interrogations and other compulsive mechanims, such as U.K RIP legislation. Rubberhose differs from conventional disk encryption systems in that it has an advanced modular architecture, self-test suite, is more secure, portable, utilises information hiding (steganography / deniable cryptography), works with any file system and has source freely available. Currently supported ciphers are DES, 3DES, IDEA, RC5, RC6, Blowfish, Twofish and CAST.
Currently alpha, but has a cool graphic, cool idea and cool name :)
Once more unto the breach, dear friends, once more, Or close the wall up with our American dead!
Here's an anecdote to back that up. I used to work for a company that did CGI, mostly for games. They were informed by a man-who-knew-a-man that Paramount needed some CGI for a some Star Trek game. Tiny problem:
So, farcically, the whole thing was carried out by cryptic phone calls (from home numbers, more often than not) or face to face. No email, nothing in writing, no hard requirements, no direct references to any contract, expressed or implied, on the phone, in case the other side was recording it. Paramount needed plausible deniability that they even knew my employer was producing this stuff, as they would have to be seen to prosecute them, even though they (as represented by a middle manager) were informally soliciting the work.
So my employer put about a man year of work into producing a test sequence based on a guess of what Paramount might want (made for some happy animators, mind you), then it was taken by hand to Paramount to be viewed by a mid level peon, without even so much as a record of the appointment or meeting.
My employer lost the "bid". It was made clear to them (face to face) that they should under no circumstances account for the work as being to do with Paramount or Star Trek. They gambled a man year of work, lost, and then had to scam their own shareholders by cooking the books to cover it up.
With my hand on my heart, this is the honest truth. It's probably not even the whole truth, I only heard the stuff that got filtered through our bid manager.
So, yes, even legitimate businesses have a desire for self destructing messages. I won't say a "need", because the whole process was a farce. But just because it's dumb doesn't mean they aren't begging for it like a drunk soaped up cheerleader in a post-football shower (sorry, I just needed to get the bad taste out of my head).
If you were blocking sigs, you wouldn't have to read this.
Maybe saving all traffic through a mail server is a good thing. This could prevent someone from forging a mail or a reply. It's not hard to craft a mail message. The mail servers at my last company were all screwed up IMHO. They used HP Openmail servers with Outlook clients. You could craft emails to look like anyone from the company to anyone at the company with absolutely no tracking from the client end. All you had to do was send an Internet email with a From: header that someone in the company had, like some_user@company.com. When it got to our mail servers, it would recognized the From: field as an internal user, attach all the associated Openmail routing stuff, remove the SMPT stuff and send it to the specified recipient. Result? A forged email that appears in every instance to have come from an employee at the company, to an employee at the company and sent internally (no indication that it was sent from the internet and sent via SMTP). You could send mail from one supervisor to another explaining how you thought they sucked and no one would know the difference, we had >50000 employees so you could find other useful things to do with it. Hell, I don't even work there anymore, have no access to their network and I could still send mails between employees. I never got involved with our Openmail setup but I assume that it was configured that way by our headquarters and not the default behavior. I for one would like to think that logging and backing up of email would prevent someone from getting away with this or being blamed for something they did not do.
Bad boys rape our young girls but Violet gives willingly.