Self-destructing e-mail, possibly impossible mission
Self-destructing e-mail, possibly impossible mission
By Lim Tri Santosa
BANDUNG (JP): Several companies are exploring ways to control
the copying and dissemination of electronic documents with their
own versions of self-destructing e-mail. They aim to make it
possible to send a message or document that will become
unreadable after a predetermined period, allowing companies and
individuals to keep their information on a short leash.
Keeping control of sensitive data in the age of the Internet
has been a notoriously difficult job, because computers and their
operating systems have been designed to make copying information
as easy as possible. The computer manufacturers wanted to make
tools for creating many documents, and so they made duplication
simple. What's great about the Internet and computers is that you
can zap information to anyone in the world in a matter of
seconds.
There are a lot of cases where people have gotten in trouble
because of their e-mails. One of the many examples is the
antitrust lawsuit brought by the U.S. Department of Justice
against Microsoft. Another incident took place at Los Alamos
National Laboratories in New Mexico, where a U.S. government
researcher allegedly e-mailed top-secret data to the Chinese
government.
These are the worst case scenarios of sending e-mail without
any thoughts for the consequences of what you are saying.
Remember, words have a way of coming back and haunting you.
Fans of the television show Mission: Impossible know that at
the start of each episode, the show's principals received their
top-secret orders from a tape-recorded message, one that would
always end with the words, "This tape will self-destruct in five
seconds."
Now, anyone who sends e-mail can conceal his tracks in the
same way. Infraworks Corp. of Austin, Texas, has a new product
that does the same thing to e-mail attachments, but without any
mess or noise. The product has attracted some positive attention
from the CIA and the U.S. Department of Defense, which already
uses other Infraworks data protection products.
Infraworks markets its software products to content and
publishing companies, government agencies, financial
institutions, lawyers, doctors and general businesses. A free
version of InTether is available at www.infraworks.com for a
limited time. For companies, it means less worrying about
confidential e-mail falling into the hands of competitors, or
government regulators.
If the police are knocking on your door and you start
shredding, that's destruction of evidence and you will be
prosecuted. But it's an accepted and legal business practice to
regularly destroy documents, in this case using a timer.
With InTether, users can protect their multimedia, word
processing, spreadsheet and presentation files by determining
ironclad access permissions that prevent unauthorized use and
redistribution. Because the InTether software integrates with the
computer's operating system and uses a series of layered
defenses, the access permissions cannot be easily overridden.
Violations, such as those attempted by hackers, are penalized
by self-destruction of the data.
InTether Packager is a standard Windows application that
encapsulates the source document. The packaged file that is
created contains a set of recipient permissions, reception
controls, the InTether Receiver (optional) and the content. This
file can be distributed using standard technologies such as e-
mail. The 200K receiver can be sent with the message or
downloaded by the recipient from Infraworks' web site. The
message will operate only with the reader of the intended
recipient.
The recipient uses the InTether Receiver to automatically
unwrap the package and access the document. When the package is
unwrapped the document is placed into a software vault created by
the receiver. InTether Receiver then controls access to the
document and enforces the permissions set by the packaging
operation. The sender has the option of including the InTether
Receiver in case the recipient does not already have it
installed.
There are five types of document permissions that can be given
to a package. First, the amount of time after the package has
been opened; the document is shredded when the timer runs out.
Second, a date after which the document will be shredded; the
date is checked against the recipient's system date. Third, the
number of times the document can be opened after it has been
unpackaged by the Receiver. Fourth, a cut and paste restriction
in Window's clipboard editing features. Fifth, the recipient can
only access the file once the password has been entered.
When the permissions are exhausted, the Receiver automatically
shreds the package and associated files. Permissions can be
applied in combinations, with the first permission that expires
initiating the shredding sequence. When the package is accepted
from a download or from e-mail, InTether Receiver is initiated.
Each package is given a unique identifier, and the Receiver
stores the history of these identifiers in the vault. If an
incoming package has an identifier that already exists, it is
rejected. This stops multiple downloads of the same InTethered
package.
The Receiver unpackages the InTethered file and places it in
its software vault, and the embedded permissions are extracted.
The recipient permissions are first checked, then the InTether ID
or password. Once verified, the document is released for access.
The target application then opens the document and the
permissions are updated. Once the permissions have been
exhausted, the maximum number of reads has been reached or the
access time has been used up, the package is shredded.
Don't even think of saving the package with another filename
or cutting and pasting on the Windows' clipboard, because it will
not work regardless of the application that opens the associated
document. Perhaps, you think you can use repetitive brute force
attacks like copy and paste with Windows Explorer; sorry this
doesn't work either.
In spite of the strong protection features, I have seen an
obvious shortcoming with InTether: any recipient who is
determined to make a copy of a message can simply take a
photograph of the computer screen. For that reason, Infraworks
has focused on building tools that manage the lifetime of e-mail
files instead of tools with bulletproof security. Possibly it
will be used as self-destructing e-mail in MI-3, if Tom Cruise
forgets to take his wristwatch camera with him to the cliff top.
(abbaml@rad.net.id)