Forgetting by Design: Engineered Memory Erasure

• Forgetting by Design is a systematic approach that formally models and specifies data erasure, ensuring measurable privacy and security goals.
• It employs formal models and methodologies such as state annotations, erasure semantics, and detector strength metrics to guide unlearning processes.
• It integrates multi-layer techniques from language to hardware to achieve secure unlearning while balancing performance, privacy, and system trade-offs.

Forgetting by Design is the systematic engineering of digital, algorithmic, or cognitive systems to eliminate, obscure, or render irretrievable information previously present or derived within the system. This paradigm treats forgetting not as incidental or ad hoc, but as a formally specified, measurable, and auditable capability, governed by explicit security, privacy, efficiency, or utility objectives. Motivations span eliminating residual sensitive data in hardware/software stacks, ensuring systems can meet legal right-to-erasure requirements, mitigating negative effects of memory overload and interference, optimizing learning systems via selective unlearning, and restoring trust or power balance in human–AI interactions.

1. Formal Systems for Intentional and Engineered Forgetting

Foundations of forgetting by design are anchored in formal models that specify the semantics and guarantees of erasure or unlearning.

• Abstract System Model: States are annotated as pairs (q, D) where q is a control state and D is a mapping from variable names to values. Each piece of data that might need to be forgotten is explicitly marked (to-be-forgotten/tbf).
• Erasure Semantics and Bisimulation: Implementation-level states M (processor, registers, memory) are related to the abstract, annotated states via a stuttering bisimulation, ensuring the concrete system preserves abstract forgetting intentions.
• Color-Lattice and Forgetting Strength: Each tbf datum carries a “color,” interpreted as a level of forgetting. The erasure operation $\mathit{iforget}(c)$ eliminates all traces of data of color $c$ while leaving others intact.
• Security Guarantee: For every detector $d$ (an adversarial observer) with strength $\leq c$,

$d(\mathit{iforget}(c)(M)) = \perp$

i.e., the detector cannot extract information about erased data of strength $c$ (Shands et al., 2021).

These principles also structure machine unlearning and knowledge-editing methods: models are explicitly required to align their behavior post-unlearning with a specified reference system (model trained with the forget set omitted), typically measured by accuracy, indistinguishability, or more formal DP-like criteria (Kang et al., 13 Nov 2025).

2. Theoretical Models, Adversarial Resistance, and Metrics

• Detector Taxonomy: Detectors are formalized as adversaries with varying computational, physical, or side-channel capacities. Forgetting strength is measured by the minimum detector strength required to recover the erased information.
• Quantitative Metrics: Key evaluation axes include
  • Forgetting Accuracy: Performance on the forget set post-unlearning compared to random guessing or independently trained baselines.
  • Retention Accuracy: Preservation of performance on the retained set or downstream tasks.
  • Membership Inference: Resistance to recovery via inference attacks.
  • Differential Privacy and Statistical Indistinguishability: $(\varepsilon,\delta)$-unlearning guarantees which upper bound information leakage (Kang et al., 13 Nov 2025).
• Information Flow and Side-Channels: Security is as strong as the weakest detector, including observers able to exploit microarchitectural features, caches, timing, power, memory residue, or network artifacts. Proper design must quantify all such avenues and raise the recovery bar accordingly (Shands et al., 2021).

3. Frameworks and Implementation Layers

Forgetting by design is instantiated across multiple levels of abstraction:

• Specification Techniques:
  • Language-level: Type or keyword annotation (e.g., TBF, attribute((tbf))).
  • API-level: prepare_forget(region, class), forget(x), secure_erase(file, level).
  • Memory Tracking: Taint analysis, propagation of tbf-status through derived data.
• Operating System and Hardware Layer:
  • Filesystem/OS: Secure erase, cryptographic erase, explicit page zeroing.
  • Cryptographic Devices: Self-encrypting drives with atomic key destruction.
  • Memory Controllers: Fast-erase for NVRAM, memory scrubbing.
• Layered Contracts: Each subsystem advertises a guarantee at a specific forgetting level; system-level contract is $\min\{\text{provided levels}\}$.
• Machine Learning Context:
  • Gradient-based Unlearning: Formulation with explicit gradient inversion on D_f, as in Curriculum Unlearning Guided by the Forgetting Gradient (CUFG), blending forgetting gradients into fine-tuning (Miao et al., 18 Sep 2025).
  • Structural/Architectural Forgetting: Masking, subspace projection, adapter-based constraint (e.g., Bounded Parameter-Efficient Unlearning, KAN-LoRA adapters) (Garg et al., 29 Sep 2025, Rahman et al., 16 Nov 2025).
• Knowledge and Human-AI Systems:
  • Managed Forgetting: Semantic graphs with dynamically computed “Memory Buoyancy” metrics, triggering hiding, condensation, synchronization, archiving, or deletion as MB crosses defined thresholds (Jilek et al., 2018).
  • Memory Power Asymmetry: Middleware with explicit retention horizons, decay, and user-triggered resets to restore mutual forgetting (Dorri et al., 7 Dec 2025).

4. Conceptual and Engineering Trade-offs

Forgetting by design demands balancing conflicting goals:

Design Axis	Options / Impact	Trade-off Details
Granularity	Fine-grained (per variable/file) vs. coarse (bulk erase)	The finer the granularity, the higher the system overhead
Performance vs Soundness	Eager erasure (immediate) vs. lazy/background	Eager is safer but may introduce latency; lazy exposes residual risk
Implementation Complexity	Pure software (flexible, complex) vs. hardware primitives	Hardware is efficient but less portable; software more generalizable
Side-channel resistance	Cache flushing, fence instructions, disabling speculation	Adds runtime and design complexity
Audit vs. Forget	Need to balance logging (accountability) with data severance	Both must be layer-coordinated
Review and Relearning	Spaced repetition, intentional fading, scheduled retraining	Underpins efficiency vs. robustness in neural systems

5. Application Domains and Case Studies

• Security and Memory Safety: File deletion (directory unlink vs. crypto-erase), rollback in databases (with/without log scrubbing), cache artifacts, and SSD crypto-erase (Shands et al., 2021).
• Machine Unlearning and Model Editing:
  • CUFG: Stable, curriculum-driven unlearning in neural nets, matching scratch-retraining within 1–2% on CIFAR-10, with robust performance under high-proportion forgetting (Miao et al., 18 Sep 2025).
  • Bounded Unlearning in LLMs: Stable unlearning in LoRA-tuned models via bounded sine/tanh adapters, improving forgetting by 3 orders of magnitude on TOFU and TDEC benchmarks (Garg et al., 29 Sep 2025).
  • Token-level SFT Forgetting: Explicit suppression of negative tokens yields up to 16 pp accuracy boost in LLM fine-tuning (Ghahrizjani et al., 6 Aug 2025).
  • KANs and Adapter Design: Spline-based activations provide intrinsic, tunable forgetting with architectural control over support overlap, empirically verified in continual learning and editing tasks (Rahman et al., 16 Nov 2025).
• Adaptive Control: Directional forgetting and exponential resetting in recursive estimation for control of time-varying plants, maintaining estimator robustness without PE, validated on artificial muscle control (Tsuruhara et al., 1 Feb 2024).
• Organizational Memory: Managed Forgetting via Memory Buoyancy in semantic desktops delivers context- and task-sensitive information triage, sustained in seven-year deployments (Jilek et al., 2018).
• Human-AI Power Dynamics: Policies for decay, amnesty, retention horizons, and domain-specific containers restore symmetry in relationships and limit vulnerability accumulation (Dorri et al., 7 Dec 2025).
• Answer Set Programming: Relaxed operator schemes (intersection-, closure-, mixed-based) address impossibility cases for strong-persistence forgetting, with complexity and usage prescription mapped to semantic trade-offs (Gonçalves et al., 2017).

6. Challenges, Open Problems, and Research Frontiers

• Formal Verification: Need to integrate erasure and unlearning definitions into state-machine and program synthesis frameworks for end-to-end proofs (Shands et al., 2021).
• Detector and Adversary Algebra: A calculus of detector strength/capacity to enable modular composition and worst-case assurance.
• Specification and Contract Languages: Portable, cross-stack languages for declaring required and provided forgetting levels, propagation from user-intent to microarchitecture.
• Cross-Layer Coordination: Ensuring that annotations at the application level are soundly compiled, preserved, and enforced in hardware or VM (Shands et al., 2021).
• Efficiency and Scalability: Balancing model or memory overhead, runtime latency, and utility loss in large-scale learning and storage systems.
• Robustness to Advanced Attacks: Designing forgetting that is resistant not just to MIA or basic prompting but to circuit-level resurrection, side channels, and in-context attacks (Kang et al., 13 Nov 2025).
• Measurement and Auditing: Development of benchmarking suites, statistical indistinguishability checks, and regulatory (GDPR, AI Act) attestation requirements.
• Socio-Technical Integration: Harmonizing technical guarantees with user-facing controls, transparency, and institutional governance for right-to-be-forgotten compliance and trust.

7. Theoretical and Practical Significance

Forgetting by design is emerging as an essential systems and algorithmic principle with broad significance extending from privacy-preserving AI and robust cyber-physical systems to organizational memory and social power relationships. By elevating forgetting to a first-class, formally modeled, and implementation-attestable construct—analogous to access control, cryptography, or memory management—system designers can provide explicit guarantees for security, compliance, adaptivity, and human-aligned trust (Shands et al., 2021, Kang et al., 13 Nov 2025, Miao et al., 18 Sep 2025, Garg et al., 29 Sep 2025, Ghahrizjani et al., 6 Aug 2025, Rahman et al., 16 Nov 2025, Jilek et al., 2018, Dorri et al., 7 Dec 2025, Gonçalves et al., 2017).