'Vanish'ing Data Might Not Be the Best Policy

Lora Bentley

Wednesday, IT Business Edge blogger Ralph DeFrangesco mentioned a research project he has come across in which participants created a system by which electronic documents (e-mails, blog posts, chat logs and the like) will self-destruct or disappear after a certain amount of time. I have never heard of anything like it, and I was a bit skeptical at first, but Vanish, as it's called, appears to be a real project.


Not that Ralph would write about something that isn't real. I'm just a skeptic. (For instance, nearly every e-mail that comes through my box results in a trip to snopes.com.) He explained how the system works this way:

The product works by encrypting the data using a key that the user does not even know, and then divides the key into many parts and distributes them over a peer-to-peer network. As new systems join the network and older systems leave the network, the key is eventually lost.

Aside from the Web site set up by its creators, I have found very little about Vanish online. The few pieces I have found have been scientific and technical in nature, and very little has been said about the legal implications of such a system. All the creators say on the Web site is that the legal implications are unclear. Frankly, "unclear" is not the word I would use -- especially in a corporate or government environment. In those situations, this whole idea "just doesn't pass the smell test," as one of my law professors used to say.


First, I've written for days on end about e-discovery requirements and how they don't leave much room for error. In fact, Federal Rules for Civil Procedure addressing e-discovery allow the judge to decide against a party, fine the party or, at the very least, issue an adverse inference to the jury if evidence is destroyed or inaccessible. Tech News World writer Peter Vogel explains it this way:

When evidence has been destroyed (spoliated), a judge or arbitration panel can grant a verdict against the destroying party, fine the party, or issue an adverse inference to the jury. An adverse inference directs the jury to assume that the reason the party destroyed the evidence was that it was adverse to its claims in the lawsuit.

How much worse does it look to a jury if the destroying party uses a system like Vanish?


Second, as is mentioned on the Vanish site, government entities and their employees must preserve most everything done in the course of "governing" for the public record. Remember the fuss about the missing White House e-mails? The chatter about a presidential smartphone? That someone in such a position would consider using Vanish suggests that they have something to hide, doesn't it?


Granted, I don't practice technology law and I don't specialize in corporate litigation. I'll leave the final word to people who do. (Keep an eye out for interviews and posts to that end.)


In the meantime, all I can say is something smells funny.

Add Comment      Leave a comment on this blog post
Aug 3, 2009 9:59 AM Bob Gezelter Bob Gezelter  says:

The prospect of automatically destructing data technologies should be a concern. Records can incriminate and they can exonerate, a fact that I noted recently in "Vanishing E-mail and Electronically Stored Information: An E-Discovery Hazard" (available at http://www.rlgsc.com/blog/ruminations/vanishing-electronic-data-ediscovery.html ).

The problem is multifaceted, affecting personal cases and commercial cases. I have consulted on patent and intellectual property cases where I was able to find publications demonstrating a technique by the accused, published by the accused, that the accused had not retained a copy.

It is a complex area and reason for concern.

Aug 19, 2009 10:59 AM Patrick Cunningham Patrick Cunningham  says:

Years ago, there was a company called "Disappearing, Inc.". I though tit was one of the most clever company names ever. Anyway, they had the same technology. The issues, however, have always been the same. While the concept of assigning a retention period to electronic documents is very intriguing, the problem comes in when the document leaves your hands and goes to someone else, your rules impinge upon the other party. Their retention periods may not align with yours and their litigation and audit issues may have a direct bearing on how long they need to keep the document that they have been sent.

We can set aside the more nefarious situations where someone deliberately expires a document to cause the other party problems. Simple "ordinary course of business" records retention using these tools can be very troublesome.

About the only time that I can fathom a defensible use of these tools would be in a due diligence M&A scenario when data is shared between various entities and all entities have agreed to discard the data at the conclusion of due diligence. The owner of the data can maintain master copies of the data, log out who gets it and by agreement, expire the data upon conclusion of the due diligence. But even that has pitfalls.

I think an argument could be made with a good records retention program and a rock solid legal hold program that Vanish could be a good enforcement tool inside the organization, but that assumes proper usage by employees and a program that turns off Vanish when data is needed for legal hold. And I am afraid that is a stretch at best.


Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.