Will self-destructing texts protect your sensitive information?
Smart-phone app promises to remove text messages from sender's and reveicer's phones
William Jackson is a senior writer for GCN and the author of the CyberEye column.
A new smart-phone app named TigerText has gotten a lot of attention lately by promising to let a sender put controls on text messages that will automatically delete them from both the sender’s and recipient’s phones.
“It brings safety and peace of mind to anyone who sends messages that are intended to remain private,” Jeffrey Evans, founder of X Sigma Partners, said in announcing that TigerText is available at Apple’s App Store.
However, it turns out that the peace of mind is less than complete. And if you are using your smart phone for work, your IT administrator probably should decide whether you should be using TigerText.
Federal Computer Week: High court to settle 'sexting' at work case
TigerText, whose name apparently is rooted in a certain well-known scandal, is available for the iPhone, iPod Touch and newer BlackBerry devices, and it will be available soon for Android devices, the company said. The app does not work with third-party text messaging systems, and both sender and recipient must have it installed. The sender sets a “time to expire” for a message, which can be as soon as 60 seconds after it is opened. “The message is gone forever!” the company’s promotional material says.
Well, maybe not forever.
“TigerText was designed for casual users who don’t want a record of all their sent messages kept,” the company’s FAQ explains. “But if someone really wanted, they could find a way to video capture your TigerText, take a screen shot or take a photo of their phone. While TigerText does not allow a user to save a message, TigerText cannot promise that your messages will not be copied by some alternative means.”
Despite the company’s claims, the product is more evolutionary than revolutionary, said Mike Wade, chief technology officer of Planet Data, a legal discovery management firm. The app is the latest in a long line of tools, such as anonymous e-mail and chat servers and point-to-point texting, intended to avoid monitoring.
“The technology is not new in its ability not to leave footprints,” Wade said. “This isn’t new except that they’ve integrated it into the smart phone.”
TigerText does not actually remove any data from the user’s phone “because it is never on your phone,” he said. “The data is all resident on the server in their facilities.”
TigerText's service information states that expired messages are removed from its servers every minute. “Is it really forensically gone?” Wade asks. “Who knows?” But digital data is notoriously hard to destroy.
Should you be routinely deleting messages? There is nothing wrong with that in principle, said Planet Data CEO Howard Reissner. “It is proper to have a data retention policy in place” that calls for automatic deletion of messages on a given schedule, he said. Unless, of course, government regulations prohibit that or an organization’s recordkeepers have reason to believe the data is subject to legal discovery.
In the end, organizations, especially federal agencies, should have a policy in place for applications such as TigerText and tools to enforce them.
“For the first time, you have complete control over what happens to your texts after you hit the send button,” TigerText founder Evans said of his new product.
Reissner said he advises clients and employees to exercise control before hitting the send button. “Before you hit the send button, think about what that’s going to look like on a screen in a courtroom. If you don’t want to see it there, don’t send it.”
William Jackson is a senior writer of GCN and the author of the CyberEye blog.