In February, Facebook attempted to amend its terms of service by deleting a provision that stated a user could remove their content at any time, taking ownership of all user information. After many users commented and complained against the action, Facebook backed off the amendment.

Vanish, a new software program released by UW’s Computer Science and Engineering (CSE) department, addresses this lack of user control over personal data and allows users to set time limits to the data stored on their computers and Web sites such as Facebook.

“The goal of the software is to give people control over the lifetime of [their] data [which includes] personal e-mails, temp files, posts to Facebook pages,” said Hank Levy, professor and chair of CSE department. “If I send ... an e-mail, that message may stay around forever, even if we delete our accounts.”

The idea to develop the software came from the growing use of social network sites like Facebook and Web programs like Google Apps. These types of sites raise questions about who owns the data stored on these sites and how can you ensure deletion of the data.

“[It] came out of the growing tendency, on the Web, to have your data stored on third-party services,” said Amit Levy, an undergraduate student who works on the technology’s development. “There’s a risk there that the data could later be used against you somehow or just be seen by somebody [when] you want it to be seen by [no one].”

Vanish allows users to set a time limit on the life of information being sent or stored. After the prescribed time, the encrypted key will decompose and become irretrievable. The current version works only with text but could someday include other data such as digital photographs.

“You lose control over when that data becomes unavailable,” Levy said. “Vanish is trying to answer that problem by setting an expiration date on your data.”

Levy, along with doctoral student Roxana Geambasu, assistant professor Tadayoshi Kohno and professor Hank Levy were all involved in development with the research system and were co-authors of a paper about their work that will be presented at the Usenix Security Symposium Aug. 10-14 in Montreal. Research was funded by the Alfred P. Sloan Foundation, Intel Corp. and the National Science Foundation.

Levy went on to say that the system uses a “distributed hash table” on a peer-to-peer network, which is a group of computers that make a portion of their resources directly available to their peers without third-party involvement.

“Vanish will encrypt the data you are sending, but instead of storing the encryption key or sharing it indirectly, what it does is breaks it into pieces and kind of sprinkles it around in this peer-to-peer network,” Levy said.

Then anyone specified to view the data can retrieve the encryption key, but only within the time parameters previously set by the user. Normally the service times out at eight to nine hours, but the time limit can be customized. Because the key has been broken into pieces, and given the transient properties of a peer-to-peer network, it will begin to erode. Once time has expired, so does access to the data.

“What happens is that with the churn and certain natural properties in the way that the network changes and morphs, that key slowly disappears. After a certain point, no one will be able to retrieve the encryption key,” Levy said.

Previously, a court-ordered subpoena, a hacker, or anyone with the know-how could retrieve data that had been uploaded through a Web browser, even if it was thought to have been deleted.

“The data is there but encrypted and totally non-decryptable,” said Levy referring to data sent using Vanish.

According to their Web site, “[O]ne could envision it or a derivative being used in corporate settings, when talking with lawyers or when conducting a variety of private matters online. For example, many people pick up the phone instead of sending an e-mail for fear of leaving breadcrumbs of digital forensic trails.”

In order to protect personal files with Vanish, both the sender and recipient need to have downloaded the technology.

“At this point, Vanish and the source code is readily available,” Levy said. “Currently it is not being monetized. Whether bringing it to the next level will happen in a free, open setting or a non free-proprietary setting is beyond the scope of what we know.”

Reach reporter Adam Magnoni at

news@dailyuw.com.