TECH

EU's 'Right To Be Forgotten' Is Technically Impossible Says Leading Security Expert

08/07/2014 16:50 BST | Updated 08/07/2014 16:59 BST

A top security expert has admitted that the EU's 'right to be forgotten' is 'technically impossible' to enforce.

Speaking to the Huffington Post UK, McAfee's EMEA Chief Technology Office Raj Samani described the idea of 'right to be forgotten' as "fantastic" but said he ultimately considers it unworkable in practice.

"There is such a thing as a digital tattoo, and your digital tattoo is any time you tweet, any time you post, any time you email you create a digital tattoo and if you want to remove that digital tattoo it’s painful, it’s expensive and it leaves scars."

"Try to technically implement that. Put a tweet out today, saying something dreadful about me, once it gets picked up, retweeted, how do you remove that?"

READ MORE: Google Removes Robert Peston's BBC Article Because Someone Wanted It 'Forgotten'

Samani's main concerns with 'right to be forgotten' aren't relating to celebrities or large organisations. His worries lie instead with those who are considered vulnerable users like young people.

"That’s what frightens me more than anything else is that you have these children, who are going online, tweeting. When we were younger, I could make mistakes, and everyone would forget, but the internet literally doesn’t forget. There’s no margin for error."

Samani's views are echoed by the European Union Agency for Network and Information Security (ENISA); an agency with whom Samani liases and whose own parent organisation, the European Union, developed the bill in the first place.

In November 2012, ENISA published a paper outlying the pros and cons of a 'right to be forgotten' bill and how, technically it would be enforced. The conclusions weren't exactly rosy.

"Once personal information is published, it is ultimately impossible to prevent, or even observe, by technical means, the creation of unauthorized copies of this information. In an open system like the Internet, the right to be forgotten cannot be enforced by technical means alone."

The solution it recommends has ultimately become the solution we're seeing put in place today, but where it stops short is in describing what qualifies as a legitimate for being forgotten.

"A natural way to “mostly forget” data is thus to prevent its appearance in the results of search engines, and to filter it from sharing services like Twitter. EU member states could require search engine operators and sharing services to filter references to forgotten data. As a result, forgotten data would be very difficult to find, even though copies may survive, for instance, outside the EU jurisdiction."