in between reading SOSP liveblogging notes, I'm still trying to think up how one might implement a "proof of deletion" service for cloud storage - here's the latest
a user stores data in the cloud - the data is encrypted so cloud provder cannot simply read it, but is amenable to privacy preserving queries on some keys.
the user wants to delete a record, contacts a third party (the grim reaper?), and gives then the keys of records. the third party tells the cloud service to delete the data. and then, using an anonymous service (via TOR etc) queries the record - they should get a 404 response.
of course, the cloud provider can squirrel data away but not in any useful way, as the TTP can do the query at any time
why ot just let the user run the query? well they might want to go away, and rely on the TTP who might also be persistent and might have bigger TOR guns....