Something Else To Worry About

Radley Balko | 3.22.2007 11:13 AM

The office copy machine is spying on you :

…most digital copiers manufactured in the past five years have disk drives -- the same kind of data-storage mechanism found in computers -- to reproduce documents.

As a result, the seemingly innocuous machines that are commonly used to spit out copies of tax returns for millions of Americans can retain the data being scanned.

If the data on the copier's disk aren't protected with encryption or an overwrite mechanism, and if someone with malicious motives gets access to the machine, industry experts say sensitive information from original documents could get into the wrong hands.

Via the always-excellent Bruce Schneier.

Start your day with Reason. Get a daily brief of the most important stories and trends every weekday morning when you subscribe to Reason Roundup.

NEXT: Free to Choose (Except in D.C., Suckers!)

Hide Comments (39)

Editor's Note: As of February 29, 2024, commenting privileges on reason.com posts are limited to Reason Plus subscribers. Past commenters are grandfathered in for a temporary period. Subscribe here to preserve your ability to comment. Your Reason Plus subscription also gives you an ad-free version of reason.com, along with full access to the digital edition and archives of Reason magazine. We request that comments be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of reason.com or Reason Foundation. We reserve the right to delete any comment and ban commenters for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.

Mr. Steven Crane 18 years ago

copiers are built by private industry, right?

then hey, no problem!

if you don't like it, go to fry's electronics and build your own disk-drive free copier. nobody's forcing you to buy a copier that watches your every move.

demand kurv!
damaged justice 18 years ago

"then hey, no problem!"

Who is the bigger dipshit: The dipshit, or the dipshit who responds to him?

You are a textbook example of making true statements while saying nothing.
Agammamon 18 years ago

"then hey, no problem!"

Exactly - these types of copiers are not mandated and if consumers find that these problems are serious enough then the industry will start to sell them copiers with appropriate protections.

At least until we get a law that says that businesses must take action to retain the data just in case someone, someday may want ot sue you or put you in jail - like email is now.
LarryA 18 years ago

Actually, I'm a whole lot more worried about the people I send my tax return to than anyone else.
sage 18 years ago

I wonder how many picture of "cheeks" reside on said hard drives.
VM 18 years ago

Sage - ewwwwww.

Mr. Steven Crane: lol!

(also - they own the machine, grin)

LarryA: that's cuz they can make shit up and nail you for it!
Demand Curve 18 years ago

Matt Damon!
Dan T. 18 years ago

Exactly - these types of copiers are not mandated and if consumers find that these problems are serious enough then the industry will start to sell them copiers with appropriate protections.

Just like if enough voters find that the war on drugs is a serious enough problem then the government will end it.
ed 18 years ago

I have no worries. If the copy machine reads my tax return it will die laughing.
Austrian \"Economist\" 18 years ago

GOLD STANDARD
Lamar 18 years ago

I'm waiting for media industry groups to sue the copy machine makers for their enabling of mass copyright infringement. Taxes schmaxes.
noumenous 18 years ago

easier than stealing information from someone's copier?

Steal it from the IRS directly.

http://www.epic.org/privacy/surveillance/spotlight/0306/
James 18 years ago

Not so laughable: many copiers are hooked up to outside phone lines so they can double as fax machines. You may not need physical access to the machine to steal the data on it.
Number 6 18 years ago

Ah, so that's why the copiers at the USAF base where I do reserve duty have those huge "Not for classified reproduction!" signs on them.
Next time I make a copy of the super-secret domestic dissidents and enemies list or the frequency list for the mind-control rays, I'll use a different machine.
Daze 18 years ago

For a second, I read that last line as "via the always excellent Rob Schneider".
anonymous cat 18 years ago

I'm in ur copier readin' ur copies.
keith 18 years ago

Good to know, but... so what? If you photocopy your private papers at the office, aren't you stealing from your employer? There's no presumption that they're not keeping data copies for security or audit purposes.

More important question: those coin-op 5c/copy machines in libraries and post offices (as they are gov't services...) - do they have the drives, or do their circa 1990 levels of technology render them safe?

It'd probably be nice for Kinko's, Ikon, etc to respond to this with a corporate policy before a major data-loss event.

Nevertheless, Mr. Steven Crane hit the nail on the head in post 1.
highnumber 18 years ago

So I should take this magnet over to the office copier and just start rubbing it all over, ya?
blogimi Dei 18 years ago

Needs to be big powerful plugin magnet.
Mr. Steven Crane 18 years ago

that was a joke, keith.

this raises questions, and perhaps if i ask them they'll get more generous treatment than if the illustrious mr. watz did. namely: why are copier companies including such a feature in the first place? is it simple cost-cutting (including a disk drive is a cheap but inferior way to provide functions that would not otherwise be possible, and the data-saving is just a side effect) or do they have other motivations?

regardless of what you may think of writers like lawrence lessig and etc, they make some very good points - the line between technology increasing freedom and decreasing it is a very thin one, and the battles over things like intellectual property are integral to making sure that there ARE alternatives, and code does not become law.
VM 18 years ago

To wit, Mr. Crane (re: "code becomes law") - look at how NTSC vs PAL has affected the DVD and VHS industries (zones 1,2,3,4,5)!

Open source software vs microsoft, for example could fall into this arena.

IE used to have a feature where all sites would get saved elsewhere, not to be removed. "Spider Bite" was a program that was developed to get rid of those tracking pages. Why have those? Why have them hidden?

I second Mr. Crane's question: why are those features there? Side effect, bug, feature, benefit?

Excellent questions. Now perhaps someone with a few moments on google could present as an expert

[ducks]
highnumber 18 years ago

Without resorting to Google?, I will suppose that hard drive is needed because the copiers can scan up to 100s of images and print them multiple times, collated, etc. They never built anything into the system as a security feature to delete or encrypt the info because they never thought about it. Someone thought about it and pointed out that it is a security bug, someone else rubbed their hands together gleefully while dreaming of ill-gotten riches, and privacy advocates and other paranoid libertarian types got all sick to their stomachs about it. Circle of life, man.
Mo 18 years ago

I'm guessing highnumber is correct. Though I'm sure as this becomes more well known, companies will ask for the feature to clear the memory so that sensitive information can be removed. I don't hink this is that big a deal.
Gabe 18 years ago

I've always wondered if anyone at Reason read Schneier's blog. He writes a lot of compelling posts on privacy, liberty and the current security failings of governments - especially in regard to our response to 9/11. He's also a computer security badass.

Then I wonder, contrariwise, if Schneier reads Reason.
mediageek 18 years ago

"I second Mr. Crane's question: why are those features there? Side effect, bug, feature, benefit?"

Archiving and retrieval of information was the bit of the sales pitch I heard from the sales rep.
Geoff Nathan 18 years ago

Highnumber is certainly correct--many of these machines function as printers, fax machines and scanners simultaneously, and, for example, the one near my office can print two pages side by side, and/or back to back. All of this requires massive data handling capacity. No conspiracy theories needed, as is usually the case.
mediageek 18 years ago

I mean, really, this is a surprise?
Geoff Nathan 18 years ago

I know Poole and Schneier have interacted--Schneier argued with Poole in a recent blog about screening folks with security clearances.
VM 18 years ago

Media - good call.

Thanks High#!
highnumber 18 years ago

Something else to think about:
I work at a mortgage company. Other than your medical records, we ask to see all of your private personal information. Nearly every piece of paper we see goes through our leased Canon copier/fax at some point. How many mortgage companies do you think have included wiping the copier/fax hard drive in their privacy policies?

On the bright side, anyone with nefarious purposes would have to spend an awful lot of time wading through useless crap like rate sheets and condition logs.
Penny 18 years ago

I write printer driver user guides for a living. Anything on the hard drive can be deleted.

A. Be sure you install the driver that came on the CD with the printer. That will give you more control of the printer memory than the minimal driver that is in Windows Plug n Play.

B. Look at the job storage sections of the driver help or user guide. Learn how to use the disk and to control what is saved on the disk. It's not hard. We write the manuals to a 6th grade level, so I'm sure y'all can handle it. You can probably set your defaults to "never save jobs on the hard drive."
Penny 18 years ago

Also, I don't think they save things that are just copied. The printer/fax/scanners I work on only save things that are scanned or that are sent to the hard drive by the printer driver. Print jobs are only saved on the printer hard drive if you changed the printer driver settings to make that happen.
Paul 18 years ago

This is news how?

Oh, and Stephen Crane, you bet your bippy. When you make copies on office equipment, assume nothing is secret.

In the age of email and tivo (which also contains a hard drive *gasp*)-- when there are other people smarter than you on the network (a.k.a. Network Engineers) assume that your mail is being read, your copies being copied, your packets being sniffed, your instant messenger traffic being read. You want 100% confidentiality in your photo copies, buy your own desktop copier, put it in your living room don't hook it up to a network and have at it.
Paul 18 years ago

Ah, so that's why the copiers at the USAF base where I do reserve duty have those huge "Not for classified reproduction!" signs on them.

Actually, yes and no. Way back in the olden days before large hard-drives and computers, they had those same signs on copiers. That's because in the days of the cold war, copiers that were not in secure locations could be...compromised-- a small camera with an electronic shutter could be placed underneath the glass and hooked to the 'start' button. The camera would take a physical photo of every document photocopied. It was a much cruder way of spying, but that was the idea.

So only copiers approved and in secure locations were deemed appropriate for use with classified documents.
crimethink 18 years ago

Just like if enough voters find that the war on drugs is a serious enough problem then the government will end it.

The difference is, that if 20% of copier buyers want a memoryless copier, such copiers can be made available without forcing everyone else to buy one.

If 20% of voters want to end the (federal) drug war, they're SOL. Unfortunately, everyone has to have the same government.
Anonymous 18 years ago

SOL?

http://www.google.com/search?q=define%3A+SOL&hl=en
same guy 18 years ago

Ah. SOL.

http://www.urbandictionary.com/define.php?term=S.O.L.
Number 6 18 years ago

Paul- Actually, I always assumed it was something like that. When I noticed those signs, my first thought was, "What the hell would classified documents be doing in this area anyway?" Where I am, anything more serious than FOUO is kept in a secure area, and moved from that area only under very specific circumstances. If I saw anyone actually carrying classified docs outside those areas, I'd want to know why.
Joe 18 years ago

Who benefits?

Please log in to post comments

Something Else To Worry About

Latest

The Morning After

Donald Trump's Energy Department Saved Your Appliances

The Alien Enemies Act Is an Unconstitutional Affront to Civil Liberties

All Trade is Reciprocal. Trump's Tariffs Interfere With That Reciprocity.

Review: Is the New Captain America Movie an Allegory for Donald Trump?

Recommended

Login Form