Mon, 25 Sep 2000

Self-destructing e-mail, possibly impossible mission

By Lim Tri Santosa

BANDUNG (JP): Several companies are exploring ways to control the copying and dissemination of electronic documents with their own versions of self-destructing e-mail. They aim to make it possible to send a message or document that will become unreadable after a predetermined period, allowing companies and individuals to keep their information on a short leash.

Keeping control of sensitive data in the age of the Internet has been a notoriously difficult job, because computers and their operating systems have been designed to make copying information as easy as possible. The computer manufacturers wanted to make tools for creating many documents, and so they made duplication simple. What's great about the Internet and computers is that you can zap information to anyone in the world in a matter of seconds.

There are a lot of cases where people have gotten in trouble because of their e-mails. One of the many examples is the antitrust lawsuit brought by the U.S. Department of Justice against Microsoft. Another incident took place at Los Alamos National Laboratories in New Mexico, where a U.S. government researcher allegedly e-mailed top-secret data to the Chinese government.

These are the worst case scenarios of sending e-mail without any thoughts for the consequences of what you are saying. Remember, words have a way of coming back and haunting you.

Fans of the television show Mission: Impossible know that at the start of each episode, the show's principals received their top-secret orders from a tape-recorded message, one that would always end with the words, "This tape will self-destruct in five seconds."

Now, anyone who sends e-mail can conceal his tracks in the same way. Infraworks Corp. of Austin, Texas, has a new product that does the same thing to e-mail attachments, but without any mess or noise. The product has attracted some positive attention from the CIA and the U.S. Department of Defense, which already uses other Infraworks data protection products.

Infraworks markets its software products to content and publishing companies, government agencies, financial institutions, lawyers, doctors and general businesses. A free version of InTether is available at www.infraworks.com for a limited time. For companies, it means less worrying about confidential e-mail falling into the hands of competitors, or government regulators.

If the police are knocking on your door and you start shredding, that's destruction of evidence and you will be prosecuted. But it's an accepted and legal business practice to regularly destroy documents, in this case using a timer.

With InTether, users can protect their multimedia, word processing, spreadsheet and presentation files by determining ironclad access permissions that prevent unauthorized use and redistribution. Because the InTether software integrates with the computer's operating system and uses a series of layered defenses, the access permissions cannot be easily overridden. Violations, such as those attempted by hackers, are penalized by self-destruction of the data.

InTether Packager is a standard Windows application that encapsulates the source document. The packaged file that is created contains a set of recipient permissions, reception controls, the InTether Receiver (optional) and the content. This file can be distributed using standard technologies such as e- mail. The 200K receiver can be sent with the message or downloaded by the recipient from Infraworks' web site. The message will operate only with the reader of the intended recipient.

The recipient uses the InTether Receiver to automatically unwrap the package and access the document. When the package is unwrapped the document is placed into a software vault created by the receiver. InTether Receiver then controls access to the document and enforces the permissions set by the packaging operation. The sender has the option of including the InTether Receiver in case the recipient does not already have it installed.

There are five types of document permissions that can be given to a package. First, the amount of time after the package has been opened; the document is shredded when the timer runs out. Second, a date after which the document will be shredded; the date is checked against the recipient's system date. Third, the number of times the document can be opened after it has been unpackaged by the Receiver. Fourth, a cut and paste restriction in Window's clipboard editing features. Fifth, the recipient can only access the file once the password has been entered.

When the permissions are exhausted, the Receiver automatically shreds the package and associated files. Permissions can be applied in combinations, with the first permission that expires initiating the shredding sequence. When the package is accepted from a download or from e-mail, InTether Receiver is initiated. Each package is given a unique identifier, and the Receiver stores the history of these identifiers in the vault. If an incoming package has an identifier that already exists, it is rejected. This stops multiple downloads of the same InTethered package.

The Receiver unpackages the InTethered file and places it in its software vault, and the embedded permissions are extracted. The recipient permissions are first checked, then the InTether ID or password. Once verified, the document is released for access. The target application then opens the document and the permissions are updated. Once the permissions have been exhausted, the maximum number of reads has been reached or the access time has been used up, the package is shredded.

Don't even think of saving the package with another filename or cutting and pasting on the Windows' clipboard, because it will not work regardless of the application that opens the associated document. Perhaps, you think you can use repetitive brute force attacks like copy and paste with Windows Explorer; sorry this doesn't work either.

In spite of the strong protection features, I have seen an obvious shortcoming with InTether: any recipient who is determined to make a copy of a message can simply take a photograph of the computer screen. For that reason, Infraworks has focused on building tools that manage the lifetime of e-mail files instead of tools with bulletproof security. Possibly it will be used as self-destructing e-mail in MI-3, if Tom Cruise forgets to take his wristwatch camera with him to the cliff top. (abbaml@rad.net.id)