Self-Shredding E-Mail 210
yoink! writes: "I just read an article on CNN.com describing a self-shredding e-mail system. With all the persistent e-mail documents gathered by the Government in the MS Anti-Trust case, and the massive shredding of paper documents by parties in the Enron fiasco, it's no wonder people have been looking for an electronic solution to a material problem solved years ago with some cutting tools, a motor, and a garbage bag." One of the companies highlighted here was called Disappearing, Inc. when it was mentioned a few years ago, but now several others have joined the fray.
Where does it end? (Score:1)
Common sense? (Score:4, Insightful)
One thing I did not see in the article, what happens if the person on the other end saves the email as an attachment, or saves it? I doubt it would be able to "shred" that. This is a very niche market item imo. Once again, DON'T SEND IT IF IT COULD GET YOU IN TROUBLE.
Re:Common sense? (Score:5, Interesting)
There's a scene in Cryptonomicon in which Avi (I think) explains that important discussions have to take place between only two people at a time, so there is plausible deniability and nothing to subpoena.
This is why, even when email, videoconferencing and even faxes are widespread, nothing will ever replace face to face meetings for serious business.
Re:Common sense? (Score:1)
Re:Common sense? (Score:3, Interesting)
Here's an anecdote to back that up. I used to work for a company that did CGI, mostly for games. They were informed by a man-who-knew-a-man that Paramount needed some CGI for a some Star Trek game. Tiny problem:
So, farcically, the whole thing was carried out by cryptic phone calls (from home numbers, more often than not) or face to face. No email, nothing in writing, no hard requirements, no direct references to any contract, expressed or implied, on the phone, in case the other side was recording it. Paramount needed plausible deniability that they even knew my employer was producing this stuff, as they would have to be seen to prosecute them, even though they (as represented by a middle manager) were informally soliciting the work.
So my employer put about a man year of work into producing a test sequence based on a guess of what Paramount might want (made for some happy animators, mind you), then it was taken by hand to Paramount to be viewed by a mid level peon, without even so much as a record of the appointment or meeting.
My employer lost the "bid". It was made clear to them (face to face) that they should under no circumstances account for the work as being to do with Paramount or Star Trek. They gambled a man year of work, lost, and then had to scam their own shareholders by cooking the books to cover it up.
With my hand on my heart, this is the honest truth. It's probably not even the whole truth, I only heard the stuff that got filtered through our bid manager.
So, yes, even legitimate businesses have a desire for self destructing messages. I won't say a "need", because the whole process was a farce. But just because it's dumb doesn't mean they aren't begging for it like a drunk soaped up cheerleader in a post-football shower (sorry, I just needed to get the bad taste out of my head).
Re:Common sense? (Score:2, Insightful)
Sure, there are easy cases: Bill Gates should not have sent e-mails about destroying Netscape, and all corporate officials should receive training in which buzzwords will always set off antitrust alarm bells.
That said, what about the cubicle monkey who sends pricing information that is unwittingly the focus of a Patman Act claim? Or the secretary who sends along an agenda and participants at a meeting between competitors? The point is, almost anything can be identified as worrisome ex poste. An auto-shredding system -- properly implemented -- is a good fail-safe.
Again and Again (Score:2)
I'll say it once more, in simple language, for everyone who hasn't been in this situation, so pay attention.
A document retention policy (with document destruction schedules) is necessary even for a company that adheres strictly to the moral "up-and-up" to prevent lawsuits from inflicting huge cost and manpower burdens. For example, let's assume that you keep your records forever, so you have five year's worth of emails. Let's also assume that you don't have anything incriminating in these emails. Someone presses a sexual harassment lawsuit against you and subpoenas all of your email records relating to the lawsuit. Now, even though you didn't do or say anything wrong, you (not they) get to pay your IT person to dig through every email sent by every employee for five years (and an attorney to sit with him/her, fending off the plaintiff's attorney, who will also insist on sitting with him/her) just to prove that there's nothing there that relates to the lawsuit. Sounds expensive, doesn't it? With a retention policy that says email is to be destroyed after six months, you can answer the judge by saying, "our policy for email includes destruction after six months, so we have no records farther back than that" and thereby limit the scope of a subpoena (and the time and money spent fulfilling it). There are other reasons, including taking comments out of context and such, but as you can see, even companies with a perfectly sterling record benefit from such policies.
Virg
Lessons Learned (Score:2)
Re:Lessons Learned (Score:4, Insightful)
Only on closed, proprietary systems! (Score:2)
How easily they forget the fundamental axiom of copy protection: if the user can see it, the user can record/copy/save it.
I could just point a camera at the screen and take a picture....
It won't work... (Score:3, Insightful)
In short: Why waste money on a system that prevents Email from getting read by Law-enforcement-officers? Why not simply do nothing illegal?
Re:It won't work... (Score:2, Funny)
Re:It won't work... (Score:4, Insightful)
Microsoft subpoenaed Netscape for all those internal message board documents, saying how much better IE was than Netscape. Nothing illegal, but would have been great to be killed automatically, look at how much damage *legal* posts did.
Now, someone actually subpoenaing a couple emails of printed off is probably very little of a concern, when compared to possibly gigs & gigs of emails laying around that can be subpoenaed and gone through, that would not only include the couple of printed emails already, but possibly even more.
I look at it like security, just because the only truely safe system from network hackers is a unplugged system, doesn't mean I shouldn't throw in the towel and not secure the systems that are plugged in.
Re:It won't work... (Score:2)
sPh
Re:It won't work... (Score:2)
shredding is a very legit concern. So many things are effected by storing email besides the 'bad' emails....increased storage, support, backup, etc....costs.
They address those issues (Score:2)
Re:It won't work... (Score:2, Funny)
Maybe i need to sell that idea to Dissapearing Inc. anyone reading this that works for that company? just don't want them to pay me with bills that were printed after the treasury starts using those toner cartridges. ;)
Outlook (Score:3, Funny)
Re:Outlook (Score:1)
Why not? Because... (Score:2)
Snake Oil ? (Score:3, Insightful)
I fear however that they might be in for a surprise when the apparently "self shredded" messages pop up at all those likely and unlikely places like backup tapes, swap files, printouts and the like.
It's probably safer to employ a clean and transparent corporate culture, then getting kicked in the but by embarassing messages popping up on ol' backup tapes.
Once again, doesn't make sense (Score:1)
I see a point in digital shredding, and it's to not leak information by human mistake. But then if they're willingly keeping the info safe and not trying to copy it, wouldn't sending a URL suffice? When the document isn't needed anymore, you change the URL content to "Not here anymore, sorry."
Can there ever be a perfect digital shredder? (Score:3, Interesting)
With a traditional document (esp. in the case of sensitive items) versioning is kept to a minimum, and hence the total destruction of a 'mail chain' would be possible. With digital documents it is too easy for multiple versions to exist - using the email example you could have multiple vendors and multiple sysadmins with mailbox backups, many of which could be unknown to the individuals concerned.
With digital documents there will always be an tension between the desire to be able to fix a system that breaks (using backups) and to digitally shred sensitive items. This will probably mean that there will never be as much certainty with digital shredding as traditional shredding.
Re:Can there ever be a perfect digital shredder? (Score:3, Informative)
Honest men (Score:3, Insightful)
Its too bad that company execs won't see things that way. I guess the most valuable thing then to have as an investor is the list of Dissapearing, Inc's clients.
Re:Honest men (Score:3, Insightful)
That's the same horsecrap argument right-wing Republicans have been using for years.
Re:Honest men (Score:5, Insightful)
Not only is this statement false; it is dangerous.
If an honest man comes up with a new, beautiful, invention, shouldn't he hide it until the patent forms come out?
If an honest man writes a personal email to an honest woman, thanking her in detail for the honest sex they had last night, would he be suddenly dishonest if he didn't want those details accessible to any snoop a few years later?
If an honest man writes an email to his honest colleague, and makes some honest fun about the way that his honest customer dresses, just the way that colleagues often jest and jape, is it that big a stretch that he wouldn't want that email to surface years later in some lawsuit?
If you are living your life in such a way that you never write or say anything that you would like to keep private, I wouldn't call you "honest," I would probably call you "bland." And I don't believe that being bland is a virtue to which we should aspire.
Re:Honest men (Score:3)
The real dangerous thing is the way many people advocate privacy while their intent is to shield criminal activity. That is what causes "if you're not a criminal, you've got nothing to hide" mentality in law-n-order types.
Re:Honest men (Score:2)
Just about any tool can be used for criminal activities. In the past the way of doing things was to have laws against the crime, rather than (as we are seeing now) laws against various tools.
And when someone says something ridiculous like "Honest men have nothing to hide," in response to an article about a self-shredding email system, it is clear that THEY are missing the point.
Let alone that "Honest men" pose no risk by hiding things, since they are honest in the first place...
Re:Honest men (Score:2)
Perhaps a better phrasing would be "Men of honor are not afraid of the truth." But then, they say that men of honor are horribly out of fashion these days.
Re:Honest men (Score:2)
If the honest man having sex with the honest woman was really honest and not cheating on somebody, why should he want to destroy the mail? Do you destroy the loveletters you sent to your girlfriends?
These are very good points, and deserve a thoughtful response.
To the first question: It is a question of timing. He may not want the knowledge of the invention to exist until it is in a form he is proud to take credit for and patent. If I have come up with a new type of GUI, for example, I wouldn't want Microsoft or Apple to look at it until I was ready to have it marketed. Otherwise, if they thought it was a good idea, they might use their superior resources to make a copy and get the copy on the market first.
Also, philosophically, if I have invented something, or written something, I may want to destroy it for many reasons. I may believe that the invention would be a Bad thing for my society, or I may believe that my writing has not acheived what I want it to achieve. I can therefore choose to destroy what I have created, even if I am an Honest Man. (And one could even argue that the Honest Man probably destroys more of his work than the Dishonest Man who is happy to just get another publication/patent on the ol' C.V.)
To the second point: There are many reasons an Honest Man would want to delete graphic email he has sent to a girlfriend. In this context, one main reason is that his emails to her are between the two of them. He may not want future internet-snoopers reading graphic descriptions of their private life. You can think of other reasons.
Honest men have nothing to hide? (Score:2)
Or salary details? Or pretty much anything sensitive?
Admittedly you'd be best off not sending these bits of information, but if you have to then you'd best protect it.
On the other hand I for one can see no possible way a self shred system can work. Once you have information, it's yours. The original may be wiped, but you can use a screenshot, saved copy, hexeditor, memory dump etc etc
Re:Honest men (Score:2)
(b) and (c) are the most dangerous when combined, because the usual Fed tactic is to bring a massive prosecution against someone, use that prosecution to dig up charges of "obstruction of justice", then actually convict on the "obstruction" charges. And absolutely anything you say can be twisted into evidence of "obstruction".
So it is not so black and white as you would have it appear.
sPh
Re:Honest men (Score:2)
And for B, I guarantee, you Mr. Conspiracy Theorist, that I have not broken 50-100 laws this morning, unless Congress has passed a law against skipping breakfast. We (at least I presume you do as well) live in the United States of America, not Communist Russia, where anything worth doing was illegal.
Nobody said that honor was an easy task. But if the DA wants you proscecuted so bad that he is going to stoop to interpretations and gray area misrepresentation, there's nothing that will stop him from proscecuting you. Your best hope is compliance, unless you happened to have actually broken some laws.
Re:Honest men (Score:4, Insightful)
As for your comment about not breaking any federal laws, clearly you haven't read the US Code (or the Federal Register, since the Supreme Court ruled that administrative regulations have the force of law) lately. Flush the leftover pills from a prescription down the toilet and and the question is not if you have broken FDA and EPA regulations but how many. ill you be prosecuted for that? Probably not - unless someone decides you have something they need. What's that? One of the customers for your database consultancy is the local mosque? Hmmm...
Before you flame back, please spend a few hours at your local library scanning through a couple weeks' Federal Registers.
To you other points: countersuits are a nice idea, unless you are facing an opponent with 100,000 times your resources. Then you are screwed, because even if you win your $10,000 award will not cover your $500,000 in legal fees. And it is nice to think that the feds only go after "bad guys", but the definition of "bad guy" can change quite rapidly. Just ask Mr. Ashcroft.
sPh
Re:Thanks for the laugh (Score:2)
Oh - and it is the next thing to impossible to sue a district attorney for malicious prosecution.
Ha ha.
sPh
Re:Thanks for the laugh (Score:2)
Re:Thanks for the laugh (Score:2)
sPh
Re:Honest men (Score:3, Insightful)
Not even from the dishonest?
Re:Honest men (Score:4, Insightful)
"Honest men have nothing to hide."
The most obvious and American counterexample to that is the voting booth. It has a privacy curtain, and I bet you use it.
Honest people have things to hide from dishonest people. Hiding your vote protects you from being threatened or rewarded for your vote. Hiding your business plans prevents your competitor from beating you to the punch. Hiding your homework prevents other students from cheating. Hiding your phone number prevents some telemarketers from bothering you. Hiding your home address prevents customers from bothering you after business hours. Hiding an embarrassing (but ethical) hobby provides enjoyment of life while protecting from harassment. Hiding your religion protects you from persecution.
Re:Honest men (Score:2)
Even if everybody knows how I will vote, I close the curtain, vote, and do not tell anyone how I voted. As much to protect my neighbor's right to a secret ballot as anything.
Honest men hide things to discourage the snoops. The snoops can cause a lot of mischief for honest people.
Trust me. (Always trust me. ???) Sounds like the beginning of a con.
Re:Honest men (Score:2)
IF you have nothing to hide, you have no problem giving up this information.
do you see the point now?
Re:Honest men (Score:2)
xenocide2, what's your social security number, mother's maiden name, and which credit cards do you carry? Can you give me their numbers, or do you have something to hide? How about your home address, and phone number? Passwords to computer accounts? A list of all your purchases, including those you made in cash, over the last year? A list of all the web pages you've hit, ever? Your income history, and tax returns, for the last 7 years (you know the IRS wants you to keep those for that long, right?) All school transcripts?
Why don't you post those all to slashdot, as proof that you're an honest man, and that you're following your set of "moral codes."
Re:Honest men (Score:2)
PGP can be a substitute (Score:4, Informative)
When encrypting a message with PGP you can use the -m option (or sellect the 'secure viewer' if you are using one of the windoze versions) Doing this prevents the recipiant from saving a plain text version on their disks
No, it isn't as good as "shreading" and there are ways to cercumvent this if the recipiant was so incliend, but it is a good substitute providing you trust the recipiant.
If you dont trust the recipiant then WTF are you doing sending them such an e-mail in the first place!
Re:PGP can be a substitute (Score:3, Interesting)
Besides, with PGP you still can't control if the RECIPIENTS of the mail keep it - the point of these new systems was to delete the mail after you sent it.
Re:PGP can be a substitute (Score:2)
IANAL, but in the US, if the message is part of an investigation, they could get a warrant requiring you to turn over the key. No new law needed.
Re:PGP can be a substitute (Score:2)
Re:PGP can be a substitute (Score:2)
Re:PGP can be a substitute (Score:2, Interesting)
From the website (for the lazy or bandwidth impaired):
Rubberhose transparently and deniably encrypts disk data, minimising the effectiveness of warrants, coersive interrogations and other compulsive mechanims, such as U.K RIP legislation. Rubberhose differs from conventional disk encryption systems in that it has an advanced modular architecture, self-test suite, is more secure, portable, utilises information hiding (steganography / deniable cryptography), works with any file system and has source freely available. Currently supported ciphers are DES, 3DES, IDEA, RC5, RC6, Blowfish, Twofish and CAST.
Currently alpha, but has a cool graphic, cool idea and cool name :)
Re:PGP can be a substitute (Score:1)
'man xwd' Enjoy.
Wanna buy a bridge?
Re:PGP can be a substitute (Score:4, Interesting)
Doing this prevents the recipiant from saving a plain text version on their disks
I hope nobody reading this will rely on "pgp -m" for security--it's just a convenience that tries to ensure that your recipient doesn't do something insecure such as saving plaintext to disk, but if he wants to he can probably still do that with a couple of keypresses.
Re:PGP can be a substitute (Score:2, Insightful)
If I trust the recipient, all I need do is write "Please to not save a plain-text version of this document." Which, essentially, is all that this option can do - ask. Not prevent.
Re:PGP can be a substitute (Score:2)
This basically asuming that the recipient is using a known "cypher machine". Which is only viable in a closed environment where there is no way for the end user to change software or install their own. (Which rules out even thinking about using Windows.)
Re:PGP can be a substitute (Score:2)
Surely this is a joke.
Anyone who trusts someone else's computer to obey their wishes, is going to be the owner of my next bridge.
Re:PGP can be a substitute (Score:2)
They're at it again. (Score:2, Redundant)
And no, hardware protection still can't help. In the worst case - take a camcorder and tape your screen contents. They can't overcome that!
Re:They're at it again. (Score:4, Insightful)
Consider, as an example: I run a business in which sensitive information is bandied about by internal corporate e-mail. In order to keep a whole variety of bad things from happening to that information (subpoenas years later, inadvertent forwarding to somebody who shouldn't see it, proprietary information being leaked by cast-off hardware), I enact an electronic document destruction policy; one year after an internal e-mail is sent, it is destroyed. I mandate use of one of these self-shredding systems to help enforce my policy.
Now I haven't really helped anything from a strict can-it-be-done standpoint: a whistle-blowing employee can still take the aforementioned camcorder and set it up; a sysadmin who's for some reason obsessed with archiving all his mail can probably download a crack for the system in question. These issues are pushed into the realm of policy, but the number of such issues that have to be dealt with strictly by policy means decreases by an order of magnitude. What I have really accomplished is to drastically reduce the probability that something will happen that nobody in the organization intended.
Um... ok (Score:1)
Ok, so the first time they need to review a document that is now "expired" they start copying the documents to their local harddisks for review or putting the information into databases and refering to them in memos. Nobody has time to scower a whole corporate network for copies of documents which should not have been copied so this is still not really a solution.
And here comes yet another bit of work for interns (Score:2, Funny)
Even if the self-shredding software disables printing, copying and screen-capture functions, nothing will stop a determined person from photographing the screen or jotting down the information by hand.
I can see it now. Interns' job descriptions will now include handwriting received email in addition to coffee-fetching, photocopying, and (in the case of Washingtonians) sexual favors...
Re:And here comes yet another bit of work for inte (Score:2)
They're supposed to provide those? God damn. Why didn't anyone tell me!?
the (l)users will undermine this... (Score:1)
I kinda see the point behind this, they are playing off of Enron, milking that scandal du jour for all it's worth. I bet the scandal next month will have something to do with Linux and those pesky "h4ck3rs", right on time to push the SSSCA through.
mafia knew it better before. (Score:1)
instead you should say it in person, and make sure the guy isn't wiretapped. then if you want to later _totally_ remove this message you said to him from existence(provided that he doesnt tell anyone), just dump him in the canal with heavy duty boots.
you just cant remove mails from all the machines they might get into..
Yeah, whatever. (Score:5, Informative)
These schemes have several practical problems and weaknesses:
1) These are closed email systems. Composing, sending, receiving and reading all protected email *must* take place within the system. Communication outside the system typically involves a web-based email solution-- you don't actually send the email, you send a URL to a server that hosts the email for the recipient, and a one-time authenticator to access it.
2) There is no protection for email that is removed from the system. Screen captures, saving as text, etc. all remove the email from the "expiry" system, rendering it moot.
3) The key authority is a central point of failure. Reading any protected email requires that the key authority be online and available, and that it's keystore be intact. Any interruption in this services makes *all* email hosted by that service unavailable-- and this is (conceivably) all email in your enterprise.
4) If the key store is ever archived-- a typical response to worries about (3), above-- the archived keys can be used to access old mail that has otherwise "expired," or "shredded." There is nothing in the application of the encryption that prevents an archived key from being used past its valid date, should it be recovered from a backup or recovered forensically the key server's storage.
Just some thoughts.
Re:Yeah, whatever. (Score:3, Insightful)
I doubt there is currently much a legal-leg to stand here to prevent your self from being raked over one way or another.
Please keep in mind, I'm not a lawyer, however, these seem like the obvious paths law enforcemet would go to ensure these systems don't prohibit their ability to investigate.
Re:Yeah, whatever. (Score:2)
While I hear what you're saying, it just doesn't sound like firm ground to me.
The powers of warrant and subpoena... (Score:2)
>Reading an email requires authentication to the key authority, which either returns the key or decrypts the email. After a preset time, the key authority
>purges the encryption key, after which the email encrypted with that key is theoretically unreadable.
Now one must ask, is the encryption key truly purged, or merely taken offline? If the former, at what point does the FBI require that the keys NOT be purged, and be merely taken offline? Or for that matter, what about system backups that retain keys? You've got to backup your keys, in case of a true system failure, because unexpired messages MUST be read. But you then need to take care to purge backups of keyspace appropriately, as well.
And those are one two more points of failure, as well as the others people are mentioning.
Honesty is simpler.
Re:Yeah, whatever. (Score:2)
Self-Shredding email (Score:2, Insightful)
Okay, you have a remote encryption key (Me to keyserver: "Please make this key publicly available until 5/5/2002") which you can use to decrypt documents for a while.
But what is to stop people taking a copy of this key, or of the decrypted message? Do you have to run a "trusted software" reader to view the message?
Either way, it sounds like the equivalent of sending a Yahoo card - "Click here to view your message, which we will store for 3 months"
But then, screenshots are still admissable in court.
copy protection? (Score:2, Insightful)
And we all know how overwhelmingly successful those have been at preventing copying...
The old bromide that "information wants to be free" is not just a statement about copyright. It's a statement about privacy as well - whether you want it to spread or not, once you set information in a digital form and send it to someone else, controlling it becomes well-nigh impossible.
The obvious observation (Score:2, Informative)
Senders can destroy messages either remotely or automatically, without a recipient's consent or cooperation.
Just like the whole digital-rights management problem, eventually you have to give access to the message to your recipient and they can store a copy. If it's displayed on your screen then even the most recalcitrant software can be bypassed with a screen-shot or at absolute worst, a photograph of your monitor.
All these schemes can do is make it less convenient to store the email you receive. Even so, the receiving software could be dissasembled (DeCSS style) and you could create tools that would store the plain-text like a normal email client.
not in a corporate environment (Score:5, Insightful)
They have every right to tell you not to print it out and save it; but of course that's what people will do if they know the messages will be deleted after a certain time. I print out and save messages to cover my own ass.
Which brings up a point. I print out the stuff with full headers, with message ID and info when it was sent; however, does it really serve a purpose? I remembered thinking that while watching "Clear and Present Danger", when Harrison Ford prints out a memo and shoves it into the other director's face saying something like "here's the proof". What good is my printout if I don't have server logs to back up that the message was actually sent to me? What good is a backup of the server logs if I can't prove it wasn't tampered by myself? I know my boss will believe me if I used it as proof to protect my ass, but would a jury? Am I just wasting trees?
Re:not in a corporate environment (Score:2)
Sorry for taking this a bit out of context, but I don't want to accept this "the company pay you, therefore they owe you". If I spent time at work composing a love poem for my girl friend, the company is perfectly entiteled to tell me off, for not doing my work. They are not entiteled to my poem.
They have every right to tell you not to print it out.
Normally yes, you will have to comply with company policy - however if the company engages in criminal behaviour, their rights have just ended. Collecting evidence about that is normally perfectly lawful, if it's not in you jurisdiction, I think it ought to be. I believe the US has "whistle-blower" laws too, though.
You're making a very good point about the proof issue, unless the email is PGP-signed (or something similar) it's not a terribly good proof. However, looking at a text it's sometimes possible to associate it with a writer anyway e.g. looking for typical spelling mistakes, a certain style of writing, etc. Basically there are signs which could be used to prove that you faked the email, so if those can't be found it increases your credibility. So it might help somewhat.
Re:not in a corporate environment (Score:2)
So far as I understand these expiring-email systems, the presence of a message will still show up in the server logs, at least for a while. That "presence of a message" log will be pretty convincing to a jury, as it at least proves that you didn't make the message up yourself.
On backups of server logs, the only thing I could recommend would be to have both yourself and a cow-orker PGP sign the logs at the same time -- then they have to prove a consipiracy between the two of you to alter the logs, which will probably harder than throwing just your credibility into question.
If you have shell access to the server in question (I.E. are high-enough up that you can do most anything to the server), try writing something that would take a hash (md5sum or so) of the logs in question (while they're still on the server, and thus unalterable to you) and mail the sum (along with a timestamp, a sum of the program itself, and a sum of something that proves it's not in a chroot jail -- all to prove that the program hasn't been tampered with) to both yourself and a trusted external data repository that you can't alter [Again, a friend comes in handy here].
we had this years ago (Score:5, Interesting)
If people wanted to keep a message, they did what every one using these e-mail shredders will do: either print it directly or copy and paste it into word and print it from there.
Re:we had this years ago (Score:2)
Re:we had this years ago (Score:2)
Re:we had this years ago (Score:2)
The annual change in price per MB of storage (unit = $/MB) multiplied by the number of emails multipled by the average size per email will always be > 0.
Moore giveth, Gates takes.
Re:we had this years ago (Score:2)
cc:Mail was a nice program - simple, easy to use, did exactly what it was designed to do and no more. Too bad it is gone.
sPh
That's why AIM is so popular (Score:2)
Something that allows you to communicate, but without keeping records. No evidence, no worry, I suspect will be a requirement for future messaging systems.
Unless of course I'm using Trillian... (Score:2)
Provided AOL actually lets me get into the system of course....
If you have AIM on a Macintosh... (Score:2, Informative)
You were saying?
- Macintosh AIM logs. PC version has a Save option for each individual chat.
- ircle logs.
- BitchX logs.
- mIRC logs.
- pIRCh logs.
- And in programs that dont have a log or save feature, theres always select, copy, paste.
Need I say more?Self-Shredding E-mail Howto: (Score:3, Funny)
Spyware (Score:3, Interesting)
Of course, talk about being hoisted by one's own petard:
Company X installs spyware on its machines - "to protect itself"; and the results wind up as evidence in a court trial, including "shredded" emails. Concievably, Company Y could send the email, and have it recovered from X.
Automatic Shredding. (Score:2)
Automatic document shredding, unless specifically marked with the archive bit set to 1
It would sety a new standard for microsoft reliability.
Problems... (Score:2, Interesting)
The problem was, how does one create a system to help with document retention policies that a company creates? Up until companies like Omniva, there wasn't a software process to handle electronic documents where you can say "I don't have that document as it has been destroyed through our retention process".
BTW... These products are not just for large companies like Microsoft. Individuals can benefit through it. Email to your tax accountant would be examples of mail that you may want to disappear after you file your returns. A number of great example on how folks have gotten screwed by electronic documents can be found in Jeffrey Rosen's book, "The Unwanted Gaze : The Destruction of Privacy in America" [amazon.com].
Archivists can't be happy about this (Score:3, Interesting)
rubberhose (Score:2)
Been there, Done that. (Score:3, Funny)
Been out for years, described here. [microsoft.com] You can even get a demo version!
Self-Deleting Spam (Score:3, Funny)
Self-deleting e-mail is (mostly) smoke and mirrors (Score:2)
A fundamental law of information sharing is this: if I can read (or watch or listen to) it once, I can read (etc) it forever. I have the message, and I have all of the keys necessary to view it. All I have to do is keep them. Even simpler, I can copy and paste text out of the document, or I can just print it. Faced with the knowledge that all of your e-mail will be deleted after N days, you are much more likely to print anything of lasting value.
For the recipient to choose not to copy, print, or keep the message, he is cooperating with you. There is no way to prevent re-readability when the recipient is untrusted. Period. Saying otherwise is like claiming to have discovered perpetual motion.
I titled the post "(Mostly) smoke and mirrors" because a self-deleting e-mail system works unless the recipient specifically subverts it. In a normal e-mail system, messages are saved forever unless specifically deleted. So the marginal improvement is one of default behavior, not one of security.
--Patrick
Is this Snake Oil Still Around? (Score:2)
- If it is truly meant to make incriminating e-mail disappear, it will fail. Recipients of incriminating e-mail are likely to make durable storage copies, with a camera if nothing else. The crypto software cannot possibly prevent this.
- If it is only meant to make casual e-mail disappear, then it is a great deal of fuss for something that can be handled by simpler means, such as corporate policy, leaving e-mail on mail server spools, and having the system administrators delete it.
Crispin----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc. [wirex.com]
Immunix: [immunix.org] Security Hardened Linux Distribution
Available for purchase [wirex.com]
Two main problems (Score:2)
Secondly, this means that the private keys to your documents are stored on a server accessible via a website! Boggle! Have we not learned anything about the general security of most web services? And even presuming it has technical security, how secure is their identification scheme? Passwords, mostly, with no out-of-band ID system. Hi, I'm Santy Claus. My password is 122502 .
Sigh. All these wonderful sounding ideas, and me without my cluestick.
Archiving may be a good thing.. (Score:2, Interesting)
A Better way to do it - anon verification (Score:2)
A better way to do it is to have a system where all the emails are anonymous - and at the end of the message a one time SSL url (possibly javascript) that would allow the recipient to verify it once against it's md5 sum. This way it wouldn't matter what the email said, because anybody could have faked it. Only the person who checked knows for sure if it's real.
Re:A Better way to do it - anon verification (Score:2)
Wow! You think we have SPAM problems now?, imagine what anonomous email services would do..
Re:A Better way to do it - anon verification (Score:2)
There may be a way to deal with spam too. A sender would manually half to set the verification, it could ask a simple question, or be a javascript that would require a keyboard entry.
Re:legal?!?! (Score:2, Insightful)
Companies and individuals destroy documents for a number of legal reasons. Such as keep the competition from seeing trade secrets, draft copies that are not ready for public release and to minimize discovery costs.
Many companies have document retention policies right now. Most paperwork can be destroyed at any time. Some paperwork may be required by federal, state or local law to be kept. For instance, companies that are regulated by the feds have certain paperwork that they need to keep around such as banks, airlines and radio stations. Some of these document retention systems will give you the ability to differentiate between the document you are creating and how long it is to stick around.
Re:Doesn't this lack the feeling? (Score:2)
The same feeling I get when I put body parts through the wood chipper.
Feeling (Score:2)
> The same feeling I get when I put body parts through the wood chipper.
Really? I'd think that would hurt a lot. And you can really only do that four times (or five, if you're a fellow) before you'd run out of parts.
Virg