Emails can resurface after deletion — in the wrong hands

July 22nd, 2009 - 5:33 pm ICT by IANS  

Facebook Washington, July 22 (IANS) Beware, emails or Facebook posts or pictures can resurface months after they are deleted — in the wrong hands or at the wrong time, according to researchers.
“If you care about privacy, the internet today is a very scary place,” said University of Washington (UW) computer scientist Tadayoshi Kohno. “If people understood the implications of where and how their email is stored, they might be more careful or not use it as often.”

For instance, a lost cell phone can expose personal photos or text messages. A legal investigation can subpoena the entire contents of a home or work computer, uncovering incriminating, inconvenient or just embarrassing details from the past.

The team of UW computer scientists developed a prototype system called Vanish that can place a time limit on text uploaded to any web service through a web browser. After a set time text written using Vanish will, in essence, self-destruct.

Study co-authors include Roxana Geambasu, Tadayoshi Kohno, Hank Levy and Amit Levy, all with UW’s department of computer science and engineering.

“When you send out a sensitive email to a few friends you have no idea where that email is going to end up,” Geambasu said.

“For instance, your friend could lose her laptop or cell phone, her data could be exposed by a hacker, or a subpoena could require your e-mail service to reveal your messages. If you want to ensure that your message never gets out, how do you do that?”

Many people believe that pressing the “delete” button will make their data go away. “The reality is that many web services archive data indefinitely, well after you’ve pressed delete,” Geambasu said.

Simply encrypting the data can be risky in the long term, the researchers say. The data can be exposed years later, for example, by legal actions that force an individual or company to reveal the encryption key.

“In today’s world, private information is scattered all over the internet, and we can’t control the lifetime of that data,” said Levy.

“And as we transition to a future based on cloud computing, where enormous, anonymous data centres run the vast majority of our applications and store nearly all of our data, we will lose even more control.”

Researchers compare using Vanish to writing a message in the sand at low tide, where it can be read for only a few hours before the tide comes in and permanently washes it away.

Erasing the data doesn’t require any special action by the sender, the recipient or any third party service.

A paper about the project went public on Tuesday and will be presented at the Usenix Security Symposium Aug 10-14 in Montreal, Canada.

Related Stories

Tags: , , , , , , , , , , , , , , , , , , ,

Posted in Sci-Tech |