This Message Will Self Destruct. Or Will It?

Update: Interesting article from NY Mag claiming that SnapChat is, “absolutely blowing up right now” on Wall Street because “the chances of incriminating material ending up in the hands of a boss or a compliance officer – or in a Daily Intelligencer story, for that matter – are low.”

————

This weekend I was finishing up my next opinion piece for the fine Law Technology News. My piece is about how making more and more data “easily accessible” is both essential for Big Data to fulfill its promise and also a huge risk to privacy, intellectual property, and so on. Look for that in the next issue.

Part of what inspired me to write about this was the success of Snapchat, a mobile app that lets users “chat” using photographs instead of text. Neat idea, but the twist is that the images automatically disappear after 1-10 seconds (the time is set by the sender). As  you would imagine, Snapchat has gained a reputation as a teenage sexting tool, despite some indications otherwise. I set it up to see what all the fuss was about, and cajoled my wife to install it as well. Frankly I would say that any service that automatically deletes any self-portrait I have taken after turning 40 is doing me a huge favor. Anyway, Snapchat was quickly copied by Facebook, with its Poke application, although Poke seems to be less popular than Snapchat to date.

I did some more digging around in this space, and it turns out there are a number of startups focused on so-called self-destructing messages. For example:

  • Vaporstream offers “secure recordless messaging” technology aimed at enterprise users
  • A startup involving Phil Zimmerman, crypto-hero and creator of PGP, called Silent Circle offers secure mobile voice and messaging, including “burn notices” for text messages
  • Burn Note: self-destructing email
  • Wickr: self-destructing texts, pictures, video
  • Gryphn: self-destructing text messages, with screenshot capability disabled
  • Privnote: web-based, self-destructing notes
  • Tigertext: enterprise-focused secure texting with message timers
  • Burner: temporary phone numbers for calling and texting (hat tip to Bill Potter at The Cowen Group for pointing me to the last two on this list)

The category of “disappearing email” has been around at least since the late 1990s. In that era, a company called  “Disappearing Inc.” got a lot of attention, but was not successful. A similar company called Hushmail from that era is still around, but suffered from some bad press when email that users thought had been “disappeared” was turned over in the course of a lawsuit. In any case, neither company ushered in a new era where email automagically goes away. However, given this new crop of startups, I wonder: were these 90s companies ahead of their time, poorly managed, or just a bad idea?

On the corporate side, I don’t see a large appetite for this kind of technology. I have had this conversation with clients many times, and although they love the idea in concept, they are very worried that using the technology will create the appearance of evil (just as the first thought we naturally have about Snapchat is that is must really be for sexting). Executives in particular feel that the use of the technology creates the impression of having something to hide. Perhaps if email had had this capability from the beginning, the risk would not be there. Corporate culture is conservative by nature, and no company wants to draw attention to itself in this area.

This fear is not without justification. Many general counsels are fearful of deleting any corporate email messages at all, which is why many of the world’s largest and “well-managed” companies have hundreds of terabytes of old email sticking around.  Remember that in the world we live in, prosecutors sometimes chastise companies for not keeping all their messages forever because, after all, tape storage is “almost free.” There certainly is a case to be made that spoliation fears are generally overblown, given the number of times spoliation actually leads to a a fine or judgement, but the fear of throwing away the wrong thing is not groundless. Getting rid of junk defensibly requires a logical, justifiable process.

Unless an organization is in a highly classified environment, I think most general counsels and their litigation partners would tremble at the thought of explaining why most of the company used “normal” email but their executives/salespeople/take your pick used “special” email that disappears. It does not pass the smell test. Selective use is problematic.

On top of that, you have users who find operational benefit from having records of their business activities in email. You also have the emerging world of Big Data, where email in aggregate potentially has big value if you get it onto Internet-scale infrastructure and point the right tool at it.

In any case, check out the full piece when it runs in the next issue of Law Technology News.

Author: Barclay T. Blair

5 comments

  1. Jason Howe

    Mr. Blair –

    I too am a skeptic!

    In fact, I know that every product you mentioned in your blog is in fact “discoverable” except one … Vaporstream. VS leaves creates no ESI and has no digital footprint, process chain of custody, or IP audit log. Period! So lumping VS into the catagory of defensible destruction is a understandable oversight.

    The reason I know this beyond a shadow of a doubt is that I am the CEO of Vaporstream and have multiple 3rd party audits (PWC, Loyds of London, NSA, and Sensa — just to name a few) that have declared that we are the only true SRMS provider that makes it safe to hit send again. We have over 163 Corporate clients (126 Fortune 1000) that trust in our system every day to discuss their most sensitive information without fear of security breach, uninvented / unintended propagation, or messages used out of context. We actually are the real deal!

    Nevertheless, I would welcome the opportunity to have you and your team scrutinize what we deliver in the terms of recordless messaging.

    Please give me at 303.947.1569 to have an informed dialogue.

    Respectfully,

    Jason Howe
    President & CEO
    Vaporstream

  2. Pingback: New Feature Article & Podcast on Big Data & Information Governance | Barclay T. Blair
  3. Jon

    Very nice article! Unaudited services are of course untrustworthy. While many hold open source review and self-hosting to be the ultimate audit, thank you Jason for greatly raising the bar.

    I realize I am a bit late, but two points:

    1. The statement in the article about hushmail is inaccurate. Hushmail’s intent was NOT to disappear messages – rather to RETAIN old email, but have it be unreadable by the company. The claim was that when they store messages at rest, they were stored encrypted via a key that cannot be accessed except with the aid of a user’s passphrase, and that this secret could not be accessed by the company, since decryption was performed client side. The big controversy was that the automatic download of a modified Java applet allowed the company to capture the secret from the client, and therefore read the old email – which it handed over to the US government. This was not about secure deletion, it was about secure storage.

    2. foreign opinion: In the European Union, data protection laws posit maximum retention periods for most types of data. Never deleting is great for corporate interests, but in our courts’ opinions, violates the rights of the employees.

  4. Pingback: Is self-destruct email possible? - PR Gomez

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s