October 16, 2006 at 6:40 pm
Poof
I've heard of this technology a few times in the past, a way to make messages expire after they've been read. It's not a bad idea, but I have some skepticism how well it will work and how secure it is and even how many times something will have to be resent over time. That's not even getting into the legalities of archiving messages.
Still it probably has a place in wonderful world of email for securing some things.And it got me thinking: could we get databases that expired?
Just think if we could send a replication or extract of some database, perhaps as an Express database that contained some information we wanted someone to use for some reports, maybe develop against, maybe just as a way to let someone work offline. But to be sure they didn't lose the data or even just used it for a limited time. Imagine a fully interactive RFP, powered from a database that expired in a day. Or a week.
There aren't a lot of places where you might want this, but maybe a list of prices for a blackberry or mobile device a salesperson carries around. Especially if you could "expire" the database on demand, this could be handy. And it wouldn't even require you wiping the device, which doesn't always leave the user happy.
Maybe I'm overthinking this. After all, you could secure the database with certificates and have them expire in a short period of time.
Maybe I just invented my own solution 🙂
Steve Jones
October 17, 2006 at 1:30 am
It would be hard. You can probably build a VMWare "solution" that can be restarted over and over again so it would need some form of calling home (or as you said calling the cert authority. But working offline would be difficult.
You probably should ask the mission impossible guys. They've had it for years and it fits the image of you post
October 17, 2006 at 1:49 am
Once information is released, there is no way of getting it back. If I receive a 'read once' email, I can cut and paste, or take a snap of the scren with my digital camera. If I have a database of prices, I can make my own notes.
The picture with your article is quite apposite, though, considering the current political situation. If only that technology could have been kept under wraps!
October 17, 2006 at 2:04 am
My two and a quarter cents:
Build an Encrypted Stored Proc thats used for logging in or checking prices (something that is used every session) build into it a delete from or update set prices = invalid, depending on the application.
That latter would be better as no data is "lost" or deleted just inactive.
Michael Gilchrist
Database Specialist
There are 10 types of people in the world, those who understand binary and those that don't. 😀
October 17, 2006 at 6:38 am
Sounds like consumer acceptance will be very hostile. People don't like not being in control of their email (the one that claims to delete if the wrong key is pressed is just asking for trouble). And as you point out there are potential legal problems. Companies are often REQUIRED to retain emails.
...
-- FORTRAN manual for Xerox Computers --
October 17, 2006 at 7:52 am
This topic dovetails well with today's NYTimes story "Criminal Records Erased by Courts Live to Tell Tales." Minor criminal convictions in many US states can be expunged from an individual's records after a certain time and with a judge's approval. Unfortunately these public records are now collected by commercial enterprises that do not reliably update their records. So this information is negatively affecting many individuals lives well beyond its expected lifespan. Data that expired could force those business to keep their records more up to date and minimize this problem.
And don't forget your postings here or as many have discovered on MySpace or Facebook have a life far beyond what most people expect. It won't be too long until we lose a major political candidate because of something he/she posted to MySpace years ago. Maybe then we'll see legislation forcing data to expire after a certain time.
-PJS
October 17, 2006 at 8:01 am
I must say I have to agree. The patent lawyer in the article says:
"I really need it to be easy for the client on the other end," says Mr. Currier, who says that leaked information could be disastrous for one of their patent applications. "People don't appreciate just how vulnerable email is."
The way I see it, if he recognizes that email is vulnerable (which it is), but he works in a field where secure communication is necessary, then the best thing to do is to absorb the time and money costs and deliver letters himself.
That's one extreme of the security continuum and is probably cost-prohibitive for almost any lawyer. A courier would be more efficient and still has a better chance of keeping a document secret than does email. That's probably why couriers are still so widely used despite the email explosion.
Couriers are human, of course, so they could be bribed or othewise induced to steal secret information. But it is possible to lock or tag or do other physical things to a paper letter that could reduce or reveal tampering. Email, on the other hand, is way down the list of tools someone should use if they depend on keeping secrets, as far as I am concerned.
-------------------
A SQL query walks into a bar and sees two tables. He walks up to them and asks, "Can I join you?"
Ref.: http://tkyte.blogspot.com/2009/02/sql-joke.html
October 17, 2006 at 8:27 am
There is a serious issue from the security side of this solution. You have to rely on the receiving system to expire the information.
I agree it would be useful in some situations, but in those situations I'd want to be pretty confident that the data would delete itself.
October 17, 2006 at 9:52 am
The way I see it, if he recognizes that email is vulnerable (which it is), but he works in a field where secure communication is necessary, then the best thing to do is to absorb the time and money costs and deliver letters himself.
It's not the security that is at issue (users will undersand need for encryption and authentication), it's the destruction of their 'copy' without their consent that is the deal breaker.
...
-- FORTRAN manual for Xerox Computers --
Viewing 9 posts - 1 through 8 (of 8 total)
You must be logged in to reply to this topic. Login to reply