Reason Magazine
- reason.com
- reason.tv
- reason.org
- Donate
- Site Search:
Reason on Facebook
Reason on Twitter
Reason on YouTube
Reason RSSGet Reason E-mail Updates!
Manage your Reason e-mail list subscriptionsadvertisements
Something Else To Worry About
The office copy machine is spying on you :
...most digital copiers manufactured in the past five years have disk drives -- the same kind of data-storage mechanism found in computers -- to reproduce documents.
As a result, the seemingly innocuous machines that are commonly used to spit out copies of tax returns for millions of Americans can retain the data being scanned.
If the data on the copier's disk aren't protected with encryption or an overwrite mechanism, and if someone with malicious motives gets access to the machine, industry experts say sensitive information from original documents could get into the wrong hands.
Via the always-excellent Bruce Schneier.
|3.22.07 @ 11:47AM|#
copiers are built by private industry, right?
then hey, no problem!
if you don't like it, go to fry's electronics and build your own
disk-drive free copier. nobody's forcing you to buy a copier that
watches your every move.
demand kurv!
|3.22.07 @ 11:49AM|#
"then hey, no problem!"
Who is the bigger dipshit: The dipshit, or the dipshit who responds
to him?
You are a textbook example of making true statements while saying
nothing.
|3.22.07 @ 11:55AM|#
"then hey, no problem!"
Exactly - these types of copiers are not mandated and if consumers
find that these problems are serious enough then the industry will
start to sell them copiers with appropriate protections.
At least until we get a law that says that businesses must take
action to retain the data just in case someone, someday may want ot
sue you or put you in jail - like email is now.
LarryA|3.22.07 @ 11:57AM|#
Actually, I'm a whole lot more worried about the people I send my tax return to than anyone else.
VM|3.22.07 @ 12:12PM|#
Sage - ewwwwww.
Mr. Steven Crane: lol!
(also - they own the machine, grin)
LarryA: that's cuz they can make shit up and nail you for it!
Dan T.|3.22.07 @ 12:18PM|#
Exactly - these types of copiers are not mandated and if
consumers find that these problems are serious enough then the
industry will start to sell them copiers with appropriate
protections.
Just like if enough voters find that the war on drugs is a serious
enough problem then the government will end it.
ed|3.22.07 @ 12:24PM|#
I have no worries. If the copy machine reads my tax return it will die laughing.
|3.22.07 @ 12:32PM|#
I'm waiting for media industry groups to sue the copy machine makers for their enabling of mass copyright infringement. Taxes schmaxes.
|3.22.07 @ 1:02PM|#
easier than stealing information from someone's copier?
Steal it from the IRS directly.
http://www.epic.org/privacy/surveillance/spotlight/0306/
|3.22.07 @ 1:04PM|#
Not so laughable: many copiers are hooked up to outside phone lines so they can double as fax machines. You may not need physical access to the machine to steal the data on it.
|3.22.07 @ 1:04PM|#
Ah, so that's why the copiers at the USAF base where I do
reserve duty have those huge "Not for classified reproduction!"
signs on them.
Next time I make a copy of the super-secret domestic dissidents and
enemies list or the frequency list for the mind-control rays, I'll
use a different machine.
|3.22.07 @ 1:12PM|#
For a second, I read that last line as "via the always excellent Rob Schneider".
|3.22.07 @ 1:40PM|#
Good to know, but... so what? If you photocopy your private
papers at the office, aren't you stealing from your employer?
There's no presumption that they're not keeping data copies for
security or audit purposes.
More important question: those coin-op 5c/copy machines in
libraries and post offices (as they are gov't services...) - do
they have the drives, or do their circa 1990 levels of technology
render them safe?
It'd probably be nice for Kinko's, Ikon, etc to respond to this
with a corporate policy before a major data-loss event.
Nevertheless, Mr. Steven Crane hit the nail on the head in post
1.
|3.22.07 @ 1:41PM|#
So I should take this magnet over to the office copier and just start rubbing it all over, ya?
|3.22.07 @ 2:12PM|#
that was a joke, keith.
this raises questions, and perhaps if i ask them they'll get more
generous treatment than if the illustrious mr. watz did. namely:
why are copier companies including such a feature in the first
place? is it simple cost-cutting (including a disk drive is a cheap
but inferior way to provide functions that would not otherwise be
possible, and the data-saving is just a side effect) or do they
have other motivations?
regardless of what you may think of writers like lawrence lessig
and etc, they make some very good points - the line between
technology increasing freedom and decreasing it is a very thin one,
and the battles over things like intellectual property are integral
to making sure that there ARE alternatives, and code does not
become law.
VM|3.22.07 @ 2:28PM|#
To wit, Mr. Crane (re: "code becomes law") - look at how NTSC vs
PAL has affected the DVD and VHS industries (zones
1,2,3,4,5)!
Open source software vs microsoft, for example could fall into this
arena.
IE used to have a feature where all sites would get saved
elsewhere, not to be removed. "Spider Bite" was a program that was
developed to get rid of those tracking pages. Why have those? Why
have them hidden?
I second Mr. Crane's question: why are those features there? Side
effect, bug, feature, benefit?
Excellent questions. Now perhaps someone with a few moments on
google could present as an expert
[ducks]
|3.22.07 @ 2:44PM|#
Without resorting to Google®, I will suppose that hard drive is needed because the copiers can scan up to 100s of images and print them multiple times, collated, etc. They never built anything into the system as a security feature to delete or encrypt the info because they never thought about it. Someone thought about it and pointed out that it is a security bug, someone else rubbed their hands together gleefully while dreaming of ill-gotten riches, and privacy advocates and other paranoid libertarian types got all sick to their stomachs about it. Circle of life, man.
|3.22.07 @ 3:23PM|#
I'm guessing highnumber is correct. Though I'm sure as this becomes more well known, companies will ask for the feature to clear the memory so that sensitive information can be removed. I don't hink this is that big a deal.
Gabe|3.22.07 @ 3:46PM|#
I've always wondered if anyone at Reason read Schneier's blog.
He writes a lot of compelling posts on privacy, liberty and the
current security failings of governments - especially in regard to
our response to 9/11. He's also a computer security badass.
Then I wonder, contrariwise, if Schneier reads Reason.
|3.22.07 @ 3:55PM|#
"I second Mr. Crane's question: why are those features
there? Side effect, bug, feature, benefit?"
Archiving and retrieval of information was the bit of the sales
pitch I heard from the sales rep.
|3.22.07 @ 3:56PM|#
Highnumber is certainly correct--many of these machines function as printers, fax machines and scanners simultaneously, and, for example, the one near my office can print two pages side by side, and/or back to back. All of this requires massive data handling capacity. No conspiracy theories needed, as is usually the case.
|3.22.07 @ 4:02PM|#
I know Poole and Schneier have interacted--Schneier argued with Poole in a recent blog about screening folks with security clearances.
|3.22.07 @ 5:03PM|#
Something else to think about:
I work at a mortgage company. Other than your medical records, we
ask to see all of your private personal information. Nearly every
piece of paper we see goes through our leased Canon copier/fax at
some point. How many mortgage companies do you think have included
wiping the copier/fax hard drive in their privacy policies?
On the bright side, anyone with nefarious purposes would have to
spend an awful lot of time wading through useless crap like rate
sheets and condition logs.
|3.22.07 @ 7:05PM|#
I write printer driver user guides for a living. Anything on the
hard drive can be deleted.
A. Be sure you install the driver that came on the CD with the
printer. That will give you more control of the printer memory than
the minimal driver that is in Windows Plug n Play.
B. Look at the job storage sections of the driver help or user
guide. Learn how to use the disk and to control what is saved on
the disk. It's not hard. We write the manuals to a 6th grade level,
so I'm sure y'all can handle it. You can probably set your defaults
to "never save jobs on the hard drive."
|3.22.07 @ 7:09PM|#
Also, I don't think they save things that are just copied. The printer/fax/scanners I work on only save things that are scanned or that are sent to the hard drive by the printer driver. Print jobs are only saved on the printer hard drive if you changed the printer driver settings to make that happen.
Paul|3.22.07 @ 7:25PM|#
This is news how?
Oh, and Stephen Crane, you bet your bippy. When you make copies on
office equipment, assume nothing is secret.
In the age of email and tivo (which also contains a hard drive
*gasp*)-- when there are other people smarter than you on the
network (a.k.a. Network Engineers) assume that your mail is being
read, your copies being copied, your packets being sniffed, your
instant messenger traffic being read. You want 100% confidentiality
in your photo copies, buy your own desktop copier, put it in your
living room don't hook it up to a network and have at it.
Paul|3.22.07 @ 7:30PM|#
Ah, so that's why the copiers at the USAF base where I do
reserve duty have those huge "Not for classified reproduction!"
signs on them.
Actually, yes and no. Way back in the olden days before large
hard-drives and computers, they had those same signs on copiers.
That's because in the days of the cold war, copiers that were not
in secure locations could be...compromised-- a small camera with an
electronic shutter could be placed underneath the glass and hooked
to the 'start' button. The camera would take a physical photo of
every document photocopied. It was a much cruder way of spying, but
that was the idea.
So only copiers approved and in secure locations were deemed
appropriate for use with classified documents.
|3.22.07 @ 8:50PM|#
Just like if enough voters find that the war on drugs is a
serious enough problem then the government will end it.
The difference is, that if 20% of copier buyers want a memoryless
copier, such copiers can be made available without forcing everyone
else to buy one.
If 20% of voters want to end the (federal) drug war, they're SOL.
Unfortunately, everyone has to have the same government.
|3.23.07 @ 10:00AM|#
Paul- Actually, I always assumed it was something like that. When I noticed those signs, my first thought was, "What the hell would classified documents be doing in this area anyway?" Where I am, anything more serious than FOUO is kept in a secure area, and moved from that area only under very specific circumstances. If I saw anyone actually carrying classified docs outside those areas, I'd want to know why.
Site comments/questions:
Media Inquiries and Reprint Permissions:
(310) 367-6109
Editorial & Production Offices:
3415 S. Sepulveda Blvd.
Suite 400
Los Angeles, CA 90034
(310) 391-2245