The VICE Channels

    Self-Destructing Data Is the Spy-Proof Future of the Internet

    Written by

    Meghan Neal

    contributing editor

    Privacy just might be the tech world's new hot commodity. Which is why an old trend is gaining steam: “ephemeral media”—a way to make photos, texts, IMs, or emails that self-destruct once they’re delivered.

    I saw a new stat this morning that in post-PRISM America, 90 percent of internetters are taking action to up their online security game. Minutes later, I stumbled on an article in Wired describing how developers are scrambling to build hyper-secure encrypted email and messaging platforms in the wake of government spying. 

    Now Mission Impossible-style messages are springing up left and right: On the playful side—more in the SnapChat realm—a web app launched this week called Twitterspirit, which lets you decide how long your tweet will last with a hashtag—#4hr, #2d—before it vanishes from cyberspace.

    On the more serious end, encryption company Silent Circle announced its Silent Text app will now be available for Android, which includes “Burn Notice” feature that self-destructs the message from the sender and recipient’s phone. Last spring, another spy-proof messaging startup, Burn Note, launched its vanishing text and mail service. You can set a timer for how long you want your information to live on the internet before it explodes—virtually, that is. Even AT&T of all people is getting in the game. The company made headlines in July when it filed to patent a plan for self-destructing email.

    It’s no surprise there’s demand for this technology. The concept isn’t new—it’s simple and classic in that This message will self-destruct in 4, 3, 2, 1…” kind of way. Today, information with a shelf life acts as a second layer of protection on encrypted messages. But there's still some debate over whether it can actually work. Is ephemeral data really NSA-proof? When messages self-destruct, are they actually deleted? Does digital information ever really disappear?

    Interestingly, it’s not hard to delete data from the sites or applications where it’s hosted—it’s just that up until now web services didn’t want to. Personal data is a cash cow for companies like Google and Facebook; their business model depends on it. Plus, with the rise of cloud computing, it’s cheaper and easier than ever to store ginormous amounts of information on servers in massive datacenters.

    But ever since the NSA's mass surveillance programs were exposed, there's a growing public backlash against giving up control of so much personal information. People are finally getting creeped out that internet is forever, and the digital footprints you leave behind can come back to haunt you. Who wouldn’t want an easy way for your virtual identity to be impermanent for a change?

    So, here’s how self-destructing data works. In Burn Note’s case, the message you send is sent as a protected note using the startup’s message client. It’s not itself an email, it sends you an email saying you have a new, encrypted Burn Note.

    The thinking is, if the company retains control over the data at all points, it always has the power to delete it—from the company servers, and from the hardware devices on either end of the communication. Nothing is ever saved: There are no backup copies of the message, no standby servers, and the content of the notes is never logged. 

    The “Burn Notice” feature on the Silent Circle apps works more or less the same way. It routes calls and text messages directly between the app users—bypassing any central servers—and doesn’t collect metadata along the way. The messages are encrypted with an ephemeral key, so the key dies at the end of the call or message, too.

    You can think of it as “analogous to a secure courier service that merely delivers sealed envelopes,” a Silent Circle spokesman told me over email. "However the apps do not log user metadata… so it would be as though the courier does not remember the destination/return addresses.”

    Silent Circle doesn’t have the keys to its encryption locks, so can’t be forced to hand them over to the Feds, even if the government is within its legal rights, the spokesman said. If law enforcement went after the company servers, all that would be obtained is encrypted text.

    There’s a spate of other startups in the crowding space: Heml.is is a new slick-looking encryption app out from The Pirate Bay co-founder Peter Sunde that may build in an expiration feature for messages. OTR browsers take chats off the record by making messages vanish once sent, instead of being stored in company records for future embarrassment or lawsuits. And of course there’s SnapChat, though it’s less in the security game and more concerned with selfies and sexts you wouldn’t want your parents to see.

    Now back to that question, does it actually work? The short answer is, the new security technology comes pretty damn close, but nothing’s 100 percent reliable. Barriers can broken down, locks picked, codes hacked, and technology reverse-engineered.

    “All solutions are basically sort of faking it," security expert Moxie Marlinspike said in an article on ephemeral media this week. "The data itself is just data, and there's an app that decides at some point, 'I'm going to delete this.' If an app decides to make data disappear, what's to keep someone else from writing software that says 'don't delete it?'" 

    You probably remember the disconcerting discovery that SnapChat texts don't actually disappear—all those salacious photos can be retrieved from files stored on your PC. Burn Note and Silent Circle don’t store data in files, so are able to avoid that particular flaw. But there other, decidedly low-tech security holes in self-destructing media schemes.

    For one, there's nothing to stop people from copying and pasting the message or taking a screen grab once they get it, before it self-destructs, and sending it back out into cyberspace. Some upstarts are innovating in this area, with new technology that makes screen grabs impossible. Burn Note's "Spotlight" feature tackles the problem by making you read messages by hovering a finger or mouse over a spotlight of the text, so you only see bits of it at a time. Others point out that the assumption is, the two people communicating trust each other—the adversary is whoever might be eavesdropping in the process.

    Imagine a post-permanence future where temporary, deletable online communication is the new normal.

    Self-destructing email poses a particular challenge, because it's so easy to copy, print, forward, and archive. Also, to make vanishing emails possible, the sender and recipient would have to use the same email service, and getting the multitudes to migrate to a new email system is no small task.

    AT&T’s patented service deletes any trace of the email from the recipient's email client and application, so they can never dig it back up. It's a useful idea for confidential emails you don't want lying around in an inbox archive. But the glaring problem with that plan is that the information will almost certainly still be stored on AT&T servers—a direct line back to snooping Feds.

    Self-destructing media's biggest hurdle though, could be that people just don’t care enough to bother. Consumer demand has definitely shot up since Snowden’s leaks, but some netizens have simply surrendered to a privacy-free life. Talking about Helm.is’ user-friendly interface, Peter Sunde Pirate Bay told Motherboard, "To get people to use important technology, you simply have to make it more attractive than anything else, to get them to care enough to move over."

    But the tides are turning. In 2009, when ephemeral media was little more than "a fanciful vision," as the New York Times put it. Viktor Mayer-Schönberger, the author of Delete: The Virtue of Forgetting in the Digital Age, imagined in a post-permanence future where temporary, erasable online communication was the new normal. The future of privacy may depend on whether or not he was right.