The Future Of... Data Encryption

February 1, 2010, 1:12pm PST | Length: 00:02:52

Digital memories are long. Emails, images, and documents sent today can resurface years from now, but new software could help ensure that what happens online, doesn't have to live there eternally. ZDNet correspondent Sumi Das explains how 'Vanish," the work of researchers at the University of Washington, Seattle, uses peer-to-peer networks to create unique encryption keys.

Transcript

The Future Of... Data Encryption

Knocking sounds

>> Sumi Das: From email to sensitive documents, digital data is a critical part of our lives, but it also presents risks.

>> It can be duplicated, distributed, and potentially end up in the wrong hands. But what if the information we sent had a shelf life?

>> In the future, protecting your digital privacy could be as easy as clicking your mouse.

Music

>> For better or worse, a computer never forgets.

>> Sumi Das: Digital data, whether it images, web posts or emails can be stored on PCs or servers forever. Embarrassing photos, or inappropriate web posts can linger online, and later be uncovered by perspective employers. A lost cell phone can divulge personal text messages. At the University of Washington, Seattle, a team of computer science students and faculty has invented software that helps people forget in the digital world. Vanish destroys all copies of data after a period of time specified by the users. To use Vanish for an email, for example, users highlight text they want to encrypt, then click a button, the software creates a secret encryption key that's divided into pieces and stored in various places on peer to peer networks, since P2P systems continuously change as computers log on and off the networks, pieces of the key eventually become inaccessible. Meaning the original data could no longer be decrypted or read, even by the sender. So why not just delete emails from your inbox, or drag files to the trash on your PC and click empty? The researchers say that doesn't wipe out all data copies. If you're using web based email, for example, archive copies are likely to live on backup servers. The goal is to create the digital equivalent of a telephone call, where both parties can be confident that the conversation will remain private forever. A prototype of Vanish is available, but the creators stress the software is very much a work in progress, and intended for research only. Ultimately the technology could be built into your email program, browser, operating system, or cell phone; anywhere you create, store, or manage data. The future of data encryption, helping your data disappear.

>> For SmartPlanet, I'm Sumi Das.

Music

==== Transcribed by Automatic Sync Technologies ====

Recently Added

Talkback Most Recent of 15 Talkback(s)

Follow via:: RSS; Email Alert

Deletion like a phone call???

The government monitors and sometimes records phone calls.How does this compare? The government could require web-based email to be stored.Better to "wipe" the info off of your computer.Some expert software maker should invent software to store this info,that when you want to "wipe" it off,they can "wipe" that part of the hard drive that it is stored on.
razzamatazzer@...
8th Feb 2010
- Reply to
- Flag
An email service needs to developed w' P2P

and off the grid. that would be cool.
pcguy777
27th Feb 2010
- Reply to
- Flag
RE: The future of... data encryption

I agree with razzamatazzer; depending on whom you are
hiding from, this isn't a completely reliable solution.
I'll stick with invisible ink on the wrong side of post
cards
J044NY8
9th Feb 2010
- Reply to
- Flag
Again?

Again?

Didn't I refute this video not long ago?

The data only needs to exist in plain text ONCE and be copied ONCE and you lose all benefits of this "vanishing encryption." If somebody really wants to copy the message and store it permanently - they can.
CobraA1
26th Feb 2010
- Reply to
- Flag
So all SSL encrypted credit card transactions, bank transactions, etc

is all useless, because it was in plain text "ONCE?"

...
T1Oracle
26th Feb 2010
- Reply to
- Flag
In transit vs at destination

Information in transit is an entirely different matter. It's very well protected by encryption.

BUT - that's not what this is trying to solve.

What this is trying to solve is the idea that information can be saved permanently at the information's destination.

But that's where it fails. Because at the destination, it can be decrypted and copied before it has degraded.
CobraA1
27th Feb 2010
- Flag
I thought they were talking about points on the way to the destination

where it would still be encrypted, but may stick around for longer than you would like.

An example would be the server storing and backing up (perhaps multiple times) your encrypted e-mail.
T1Oracle
27th Feb 2010
- Flag
Generally not an issue

If it stays encrypted, then it's not really not much an issue.

Current encryption algorithms are considered infeasible to crack.

Currently even if computation power doubles every year, it'll likely take well over 100 years to crack some of our current algorithms. Unless a serious weakness is found in the algorithms, the information is secure.

And that's a really, really low estimate - every time a single bit is added to the key length, the amount of computation needed to crack it via brute force doubles. Key lengths can easily grow faster than Moore's law with very little impact on performance.

"An example would be the server storing and backing up (perhaps multiple times) your encrypted e-mail."

In which case only you would have the key anyways, which you can destroy at any time you wish. No reason for them to be storing your key.
CobraA1
27th Feb 2010
- Flag
control alt print screen

yikes !

but its still a good idea, because it could not be proven a forgery either way -- (non-repudiation). like if someone created a fake account or two, and said you sent this etc ( a faked doc/text etc). You wouldn't be the creator. They would (the forger). So a screen shot wouldn't prove nonrepudiation. So still a clever concept.
pcguy777
27th Feb 2010
- Flag
thoughts

"but its still a good idea, because it could not be proven a forgery either way -- (non-repudiation). like if someone created a fake account or two, and said you sent this etc ( a faked doc/text etc). You wouldn't be the creator. They would (the forger). So a screen shot wouldn't prove nonrepudiation. So still a clever concept. "

Generally, digital signatures are much better for that.
CobraA1
27th Feb 2010
- Flag
Ahead of the curve!

We have been pioneering this for years!

http://fakesteveballmer.blogspot.com
Windowsseven
26th Feb 2010
- Reply to
- Flag
My Idea

Every home user would have a vpn gateway built into their home router. Every connection to every resource would generate a random synchronous one time (pad) key for that session via the gateway (hardware). So isp's would only know where packets are being routed to by IP or DNS info and thats it. Im saying this would be cooler than SSL certs because this would be built in to all SOHO tech, and server gateways by default. As Server memory gets bigger and bigger, maybe something like this could be a reality someday. an entirely encrypted cloud !
pcguy777
27th Feb 2010
- Reply to
- Flag
one time pads and keys

The problem with the one time pad is the length of the key - the key literally has to be as long as the data, and it has to be kept a secret. Now you have the issue of exchanging keys in a secure fashion.
CobraA1
27th Feb 2010
- Reply to
- Flag
Video not working

The video stops in the middle, tried again and again but it simply stops playing.
malcarada
1st Mar 2010
- Reply to
- Flag
RE: The future of... data encryption

i dont see what the big deal is, "if you dont want to resurface, dont put it in electronic form" has been a secure way of thinking since the days of "Sneaker Networking" (the bad ole days of 6Khz processors and dual 5-1/4" drives.
glockmi
13th Jul 2010
- Reply to
- Flag