Numerous technical and environmental forces are increasing the importance of data privacy for businesses and individuals alike. These forces include the migration of data to Web services, the permanent archiving of large volumes of data and communications by services and ISPs, and legal actions that are forcing individuals and organizations to reveal private (and even encrypted) data. Traditional encryption is an insufficient solution under these conditions, thereby creating new challenges to preserving our digital privacy in an increasingly inter-connected and digital world. This project tackles these challenges through the creation of a principled framework for protecting the privacy of past data -- such as copies of emails maintained by an email provider -- against accidental, malicious, and legal disclosure, even to entities who have access to the decryption keys. This framework consists of both underlying technical mechanisms and prototype applications; these mechanisms and prototype applications are developed in concert to ensure the broadest applicability of the overall framework. These prototype applications, by themselves, also directly address the privacy needs of broad classes of individuals, ranging from home users wishing to enhance the privacy of their email communications to voting machine manufacturers wishing to improve the privacy of electronic voting audit logs.
CAREER: A Comprehensive Framework for Disappearing Data