Wednesday, July 28, 2010

Virtual E-Mail Shredder 3: The Flaw

Using self-deleting emails via may seem promising for those who wish to ensure privacy and security of their emails. But, the skeptic in me isn’t too sure about it. Hence, this question:

Are self-deleting emails REALLY self-deleting?

A Senior Judicial Education Attorney at the Federal Judicial Center in Washington DC named Kenneth Withers had something to say to this. In his 2000 article, “Self-Deleting E-mail: A Self-Delusion?”, he stated, “All of these ‘self-deleting’ e-mail programs share a fatal technical flaw: they don’t actually delete the messages at all. They encrypt the message, and perhaps avoid the network server in sending the message, but the messages still exist on the senders’, recipients’, and perhaps other peoples’ computers. The only things that are deleted are the encryption keys.”

I am no computer genius. I can’t prove Withers wrong. (Besides, looking into this guy’s credentials, he seems to know what he is talking.) So assuming that he’s right, what happens if the encryption keys are deleted? Wouldn’t this mean that the content of the self-deleting email can no longer be revealed? It seems so. Then, doesn’t this mean that self-deleting emails actually do their job – that is, to delete themselves and bring themselves into inexistence? Not exactly, because these emails leave trails.

Even if the message itself is destroyed, the fact that such message was sent may be established. Also, it may be uncovered who the sender and the recipient were, and when it was sent. It is not far from possible that the sender will be pressured to explain why his message needed to be handled in such a manner and what exactly it contained. These little pieces of information, when put together with other relevant matters, may do harm to the sender and ultimately compromise what was initially sought to be protected: his privacy and security.

In the end, I guess the choice to send self-deleting emails (for hopefully good reasons) is a personal one. We just have to weigh the advantages and the risks of the same, seeing for ourselves if using it will suit our purposes.

No comments: