// 2024-04-03 // by Neon

The Data Lifecycle, aka ‘Becoming Unhackable’

Lawrence Fishburne from the Matrix meme: What if I told you...

What if I told you that there is a way to become unhackable? A security practice that is so powerful, so impenetrable, that it is safe from any known or even theoretically imagined computer for trillions of years.

In this post, we’ll be talking about the Data Lifecycle. For those of you who want just the tl;dr, allow me to give you the single best information security cheat code you will ever hear:

You cannot hack that which no longer exists.

A Brief Context

Data Lifecycle Management (DLM) is an industry buzzword that gets thrown around so much in highly corporatised environments that I’m not even sure where the term originally came from.

I’d love to give you some sources so that you can go read more but unfortunately if you Google for “Data Lifecycle Management (DLM)”, you will find yourself in a hellscape of half-baked SEO-grubbing plagiarised articles from a litany of software enterprises that you may or may not have heard of before.

As much as I’d like to give credit where credit is due, I have absolutely no idea where the term or the idea originally came from. But I digress. To get to the point here, let’s explain what the Data Lifecycle is (in language other than some ChatGPT-influenced dialect of corporatese).

The key thesis of Data Lifecycle Management is that for any given piece of data (literally anything– from files on your hard drive, to papers in a filing cabinet, to the stuff you post on social media), the data will consistently go through a series of steps according to the following flow:

Flow diagram of the Data Lifecycle: Data is created → The newly created information is stored somewhere → The stored information is used for some useful purpose → The data is archived after it is no longer useful just in case → The data is deleted, lost to the void of eternity

It should be self evident that all data is created, recorded, and used.

When you pull our your phone, snap a picture of the beautiful sunset, and then post it to your friend group online, you’re engaging with these three steps of the Data Lifecycle. When you photo edit a silly meme, save it on your computer, and then post it to your timeline, you’re again (like it or not) engaging with the Data Lifecycle.

The step that we tend to hang ourselves up on is archival and deletion.

Data Preservation & The Human Condition

In many ways, the Data Lifecycle is much like the cycle of a human life. Data comes into this world bright and eager, lives an eventful life, and then sunsets at the end of its journey.

Once a piece of data is gone, it’s gone forever. And forever is an incredibly long time– an incomprehensibly long time.

As humans, our first instinct when put up against the prospect of losing something forever is to reject such a notion. Much like how we fear death– the inevitable termination of our existence for the rest of eternity. It is easy to fear the loss of the information for similar reasons.

I’ve gone on record discussing how the information you store digitally is an extension of your limited human brain, like an external set of memories. The contents of our memories make up who we are, and so the idea of losing our memory is horrifying because the loss of memory inherently implies the loss of self at some level.

To reign in the extent to which I wax philosophical about this, I can make my point more concrete and practical:

Data in the modern age is cheap. Cloud storage is cheap. Social media posts are (usually) free. Why in the world would you delete stuff when it costs pennies on the dollar to store your files and posts indefinitely?

After all, what if you might want those files later? Storage is cheap, but deletion is forever. And forever is an awfully long time…

Hitting Delete

You might see where I’m getting with this now. In a world where any computer or software can eventually be outsmarted, circumvented, or otherwise broken– the only winning move is not to play.

Forever is a long time, but “forever” can be our friend rather than our enemy if used responsibly. The best way to prevent your unwanted information from being hacked is to delete it, because you can’t hack that which no longer exists.

This is one of those things that is so simple to say yet so hard to live by. I get it. Forever is a long time. When you commit to deleting a piece of data, you must come to terms with the fact that the data which you have destroyed is gone forever. No matter what. Permanently.

And you really do have to delete every copy of a piece of data for this to work. If you retain any copies whatsoever, then the act of deletion can still be undone sometime in the future.

But, if you can commit to it and make sure a piece of data is gone, then the deleted item will never be accessed by anyone who is not authorised, regardless of whether a malicious actor is capable of compromising your accounts or services.

Once the data no longer exists, it ceases to be hackable.

Conclusions

Over the course of this post, we’ve established that the most foolproof way to prevent unauthorised access to a given set of data is to delete that data. What does that mean for us and how can we incorporate it into our personal privacy and security portfolios?

Well, the primary way you can attain the bulletproof unhackable 420-yolo-noscope Enterprise Grade™ security provided by [checks notes] just deleting shit is to start thinking about information in terms of what you actually care about keeping.

You’ve probably heard of the reverse hanger trick for getting rid of old clothes you don’t wear anymore. Turn all the hangers around in your closet at the start of the year, then at the end of the year look for any hangers that haven’t been turned back around so that you can throw out any clothes you haven’t worn all year.

You can do the same thing with your digital data: come up with a length of time that’s reasonable to keep it and then go full Marie Kondo on that shit. Or even better: automate it.

Further Implications

At the end of the day, you are the only person who can make the call about what parts of your data are still important and which aren’t. I can’t tell you what data you should delete and what you should hold onto because I’m not you.

So, with that in mind, here’s my quick, subjective, and highly incomplete attempt at suggesting a starting point.

For any given set of files, documents, social media posts, etc, which you haven’t looked at in a while ask yourself:

Literally nobody has time to do all this work by hand, so consider using a tool to enforce a retention period and automatically delete stuff after a period of time spent in archival.

Using automated retention periods is super common in large enterprises: stuff like email inboxes, junk file folders, you name it– set that stuff to automatically delete after rotting in its digital hole for a few years!

The great thing about using automation to enforce retention periods on your old data is that it forces you to clean up and package the things that actually matter to prevent them from being deleted.

The end result of automatically deleting all the old shit you don’t need is that you can passively keep yourself tidy and focus on retaining the precious memories that actually matter.

Inspirations for this post

Disclaimer: When you delete things for good, they are gone Forever™, with everything that implies. Except for when they’re not. Just because you hit the delete button in an app or service, doesn’t necessarily mean that the thing you’re looking at is actually gone for good. But that’s a rabbit hole for another time…