Slashdot Mirror

← Back to Stories (view on slashdot.org)

FTC Targets Copy Machine Privacy Concerns

Posted by kdawson on from the hotting-up dept.

itwbennett writes "In a letter to US Representative Ed Markey, FTC Chairman Jon Leibowitz said that the FTC has begun contacting copy machine makers, resellers, and office supply stores to inform them about privacy concerns over the images that can be stored on the machines' hard drives and trying to 'determine whether they are warning their customers about these risks ... and whether manufacturers and resellers are providing options for secure copying.'"

89 comments

  1. Eleventy... by Anonymous Coward · · Score: -1, Offtopic

    But this one goes to eleven...

    1. Re:Eleventy... by the_fat_kid · · Score: 0, Offtopic

      couldn't you just make ten louder?

      --
      -- Sig under construction...
    2. Re:Eleventy... by Arancaytar · · Score: 2, Informative

      For $2000, I'll build you one that goes to twelve. That's less than $200 per.

    3. Re:Eleventy... by FatdogHaiku · · Score: 1

      couldn't you just make ten louder?

      That would then just make 11 even louder still...

      --
      You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
    4. Re:Eleventy... by the_fat_kid · · Score: 1

      woooosh...

      --
      -- Sig under construction...
    5. Re:Eleventy... by FatdogHaiku · · Score: 1

      woooosh...

      You'd like to think so, but in the context of the meme there is always an 11, so making 10 louder automatically makes 11 better yet and even greater still, because that's the point of that whole meme.

      Rob Reiner (Marty) was asking the same thing... and missed the same point that to the artists mind 11 is simply BETTER than 10... how could it not be.... It's fucking 11 man!

      --
      You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
  2. Just so you know it by Anonymous Coward · · Score: -1, Offtopic

    Goatse was actually me, I just couldn't afford a regular colonoscopy

  3. There machines don't need hard drives. by Anonymous Coward · · Score: -1

    There's absolutely no reason for these machines to have hard drives or any sort of non-volatile storage, beyond what it takes to store the machine's basic configuration settings. We're talking at most 1 MB.

    All memory should be volatile, and should be completely erased as soon as the copying is complete.

    1. Re:There machines don't need hard drives. by Mordok-DestroyerOfWo · · Score: 2, Insightful

      There's plenty of reasons. We use them to store oft-printed forms, scanned images, and a pretty staggering array of things in between. Maybe what you meant is that there is no reason to store an image in non-volatile memory if it has not been specified by the user.

      --
      "Never let your sense of morals prevent you from doing what is right" - Salvor Hardin
    2. Re:There machines don't need hard drives. by Anonymous Coward · · Score: 2, Informative

      There's absolutely no reason for these machines to have hard drives or any sort of non-volatile storage, beyond what it takes to store the machine's basic configuration settings. We're talking at most 1 MB.

      Either you don't work in an office of any considerable size or you have no idea what you're talking about. I'm voting for the latter. And FWIW, they're using the term 'copy machine' to refer to the super copier/printer/scanner/fax/do-everything boxes that offices have these days.

    3. Re:There machines don't need hard drives. by Itninja · · Score: 2, Interesting

      I spent 10 years in the reprographics industry and I agree, we don't need hard drives on the copiers.My boss always paid extra for this 'feature' on every machine, and within 2 weeks we never used it again. That's what file servers are for. None of these machine were stand-alone; they all had Ethernet connectivity. I plugged them into the network and, if large jobs needed to be stored for longer than the time needed to make a copy, we stored the files on the server. All the one-off jobs just used the volatile memory on the machine.

      --
      I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
    4. Re:There machines don't need hard drives. by Chyeld · · Score: 2, Informative

      You obviously haven't used many modern copiers. Of the three on my floor, all of them are more computers with heavy duty printers attached than dumb scanner/printer combos. All have hard drives which store frequently printed documents, the 'OS' (which in some cases is a customized version of Windows), and the temp files necessary to do their 'job'.

      The problem is that your average paper pusher still thinks of a copier as a low tech mimeograph rather than realize exactly how complicated and 'multi-featured' the modern copier has become and don't realize they need to treat their copier the same way they would treat their other computers.

    5. Re:There machines don't need hard drives. by stewbacca · · Score: 1

      Maybe I want a copy of what I'm copying to remain on the hard drive for easy retrieval and reuse later?

    6. Re:There machines don't need hard drives. by sopssa · · Score: 0

      But just because you can do some thing the hard and geeky way, doesn't mean you should. There are good reasons to store them on a file server, but having that same storage on the copier easies off many people that don't really need external file storage just for saving the copiers queue.

    7. Re:There machines don't need hard drives. by ArundelCastle · · Score: 3, Interesting

      Maybe I want a copy of what I'm copying to remain on the hard drive for easy retrieval and reuse later?

      Missing the point. The copier's hard drive is basically a black box in most cases.
      A) The copier probably already has a save to network, and send via e-mail function. Why wouldn't you choose that?
      B) In most cases the copier's hard drive is by default completely inaccessible to the end user. There's no browse feature.
      C) To access the data, you need to purchase a support package and use a proprietary tool.
      D) To delete the data, you need to purchase a support package and use a proprietary tool.

      This is a cash grab for the copier manufacturers. A safety net that most people don't know existed unless they place a frantic support call.
      The reporting expose proved that there is no promise that the manufacturer will wipe drives after their lease is up, and if you do not know it exists, how can you plan to wipe it yourself if you re-sell it?

    8. Re:There machines don't need hard drives. by Itninja · · Score: 2, Interesting

      But using the copier is the hard way. With the exception of really big ones (i.e. Docutech) these things don't have keyboards or mice. The only input they have is a clunky letter-scroll or, if you're lucky, a touchscreen. It was hell using those to search for a file or document. Easier to step 2 feet over to the PC, open the PDF (or whatever) and print it to the copier. Took about 10 minutes to setup and only seconds per job to use. Compared to wading thru the copier UI, that was the easiest way in the world.

      --
      I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
    9. Re:There machines don't need hard drives. by L3370 · · Score: 1

      They do this so they can keep you under a maintenance contract. And there are other things to be weary of as well.

      Companies like Xerox and Ikon also provide copier leasing services. We have about 10 of them on site here; all of them leased. When our contract is done, they take the copiers. Who knows what they do with the hard drives from there...

      There are benefits tho. Not our property, not on our list of assets, which is a huge tax savings. The lease agreement includes no-charge service calls and all the toner and consumable supplies we need at no additional cost. When they get old, we don't have to throw anything out. Just renew the contract and get another set of copiers delivered.

    10. Re:There machines don't need hard drives. by GIL_Dude · · Score: 3, Insightful

      Well, we use them with HP printers all the time. Any confidential document is "printed" to the printer with a code selected by the user. The job won't print until the user is standing at the printer and enters the code. With current technology on the print servers, this requires the printer to manage it and have a hard drive. We also use Smart Cards on the HP printers for some functions (such as scanning and sending to email). That function either requires it store to RAM (might be a lot of RAM required) or to a hard drive as well. Both of these are functions used on our office printers at least weekly if not more. They certainly aren't used for every job, but they definitely are used.

      I was at a conference three weeks ago where the subject of "self encrypting drives" (the ones with encryption in the drive firmware) came up and one of the other people representing a large business there mentioned that he buys those drives for his printers and that they use them. So there are use cases where it makes sense.

    11. Re:There machines don't need hard drives. by Anonymous Coward · · Score: 0

      A) Because maybe my copy machine isn't on a network?

      C&D) All embedded machines require some sort of proprietary tool. They aren't computers, they are photocopiers.

    12. Re:There machines don't need hard drives. by Hylandr · · Score: 1

      /signed.

      We do the same thing, even though ours has several gigabytes worth of storage, including incoming faxes. Most of the clueless will rave over this feature until the first time the machine is serviced and the tech blindly wipes everything out. Can't kill em, can't fire em, screaming does no good...

      - Dan.

      --
      ~ People that think they are better than anyone else for any reason are the cause of all the strife in the world.
    13. Re:There machines don't need hard drives. by pavon · · Score: 1

      Yes a shitty-ass computer with a horrible interface. I want to treat them like dumb input/output devices because that is what they are good at.

  4. ...And in unrelated news.... by r_jensen11 · · Score: 2, Funny

    FTC discovers that there are, on average, 42 scans of people's bottoms per Copy Machine.

    Now back to you, Jim!

  5. About time... by FaxeTheCat · · Score: 5, Interesting

    When I was involved in a tender for MFCs five years ago, this was one of the issues raised... by the vendors. Some claimed they were the only ones that had it, but they were wrong. All the major ones had it. At that time they offered both encryption of all userdata on the local hard drive, and also automatic overwriting of all user data after it was printed.
    At the time these were options that one needed to pay extra for, but for anybody concerned with privacy issues, it was available.

    One can, of course, ask why the above options are not standard. After all, it is just a question of enabling some software options.

    1. Re:About time... by ducomputergeek · · Score: 3, Interesting

      Why leave money on the table? If you can charge more for those features, do so. If they really are just a configuration change, then you can offer those modules "free" or at a "substantial discount" if you need to make the sale else never take less than what the customer is willing to give you.

      --
      "The problem with socialism is eventually you run out of other people's money" - Thatcher.
    2. Re:About time... by laughingcoyote · · Score: 3, Insightful

      And this kind of rent seeking behavior for things that should be getting done anyway, is the exact type of thing that leads to the regulations that will shortly be forthcoming here (hopefully, in this and many other scenarios).

      It's amazing to me how many corporations fail to act with a fundamental level of decency and do the absolute minimum possible in terms of customer service and quality (or sell reasonable levels of those as a "premium service"), then howl and scream when people find that unacceptable and put regulations in place that require them to do what they should've been doing anyway. It amazes me more that anyone would defend that type of behavior.

      If companies really want to stop hostility and regulation toward them, they should open a dialogue (a real one) with their customers, in terms of what they want, what they will pay to get it, what is negotiable, and what is not. Especially as choices become fewer and fewer, a lot of larger companies seem to think they can get away with anything and shrug off the loss of a few customers. At that point, the only option left is regulation. One way or another, the customer's going to be king, and you better treat him accordingly. Squeezing every nickel out you can is anything but.

      --
      To fight the war on terror, stop being afraid.
    3. Re:About time... by swb · · Score: 3, Insightful

      A conversation about what they want?

      The vendor wants what everyone *wants* -- a new Mercedes every 2 years, not flying coach, a boob job for his wife AND mistress, and you to pay for it.

      How hard is that to understand?

    4. Re:About time... by laughingcoyote · · Score: 1

      You really thought I meant what the "vendor" wants? I don't care. I mean what the -customer- wants.

      And please don't presume to think your personal desires apply to everything. I really don't give two shits about what you put forth, and I don't think I'm at all the only one. Give me something interesting to work at and something new to learn over those anyday. I don't even like driving anymore that well. Give me a new Mercedes every two years, and I'll still generally ride my bike. Mercedes get caught in traffic jams as nicely as anything else.

      If the "vendor's" highest priority isn't to deal fairly and ethically with other people, but rather to grab everything they can from everyone they can, I hope they get strung with every type of regulation you can imagine. I sure wouldn't want to deal with them on those terms without a great deal of regulation. Me, I prefer my life to be about more than hoarding crap.

      --
      To fight the war on terror, stop being afraid.
    5. Re:About time... by ducomputergeek · · Score: 1

      Customer wants a pony, a unicorn, and about a dozen flying monkeys. Oh, and for nothing. If you ask them. Already we're about 10% cheaper than our competitor. Sometimes even more when we're going in and installing on existing hardware. But we also offer merchant accounts (Credit Card Processing) and will discount our "on-premise implementation consulting" fees if needed to land a deal. However, those costs are on par with our competition and if a client doesn't object, we don't discount. Again, why leave money on the table.

      --
      "The problem with socialism is eventually you run out of other people's money" - Thatcher.
    6. Re:About time... by noidentity · · Score: 2, Interesting

      It makes sense to avoid using the same area of the hard disk for each copy, because you'd otherwise wear it out quickly. So you use different areas for temporary storage each copy. But this leaves a history of the last N copies. So in secure mode, you could just encrypt the temporary file with a key generated on-the-fly and only kept in memory. Once you're done, you erase the key, leaving the files inaccessible. Just be sure you aren't the owner of the copy machine, or else you could get arrested for having encrypted files that you claim to have no key for.

    7. Re:About time... by Anonymous Coward · · Score: 0

      One can, of course, ask why the above options are not standard.

      As someone who has worked with these options enabled, I can tell you exactly why they're not enabled by default: performance.

  6. Just how stupid by jmerlin · · Score: 1

    were those who were tasked with writing the software powering these copiers?

    Gee, this software may be used in a government office where highly sensitive documents may be scanned. I won't really "delete" any files though, because they might want to recover them, but that's advanced stuff, so I shouldn't inform them that I'm making that copy, it should be a surprise when they call in for support! And in our models where we do allow deleting, we'll just quietly move them to another directory, again for the same purpose.

    Perhaps there was some miscommunication when their bosses told them to "shred the files when you're done with them." I can see how that might be somewhat vague in this industry.

    1. Re:Just how stupid by Anonymous Coward · · Score: 3, Informative

      I DO work for a printer company that makes multi-function printers that can, in fact, make copies AND write data to an internal hard drive. Except, the conditions for it to do so, at least on the printers we make, require you to be doing a job that you are specifically saving to disk to be printed at a later time (that is, you or the admin set it up that way, as that is not the default that we ship) or you have temporarily locked the machine from making ANY printouts until an unlock code is entered. In both cases, the data is deleted when the print jobs are released, though not to government standards on-the-fly. For that, there's a setting to do a government-standard multiple-reformat of the hard drive entirely.

      So when I was first hearing about this, it sounded to me like one of two things are happening:

      One, these government agencies have incompetent admins who absolutely refuse to read any manuals or documentation about things that are printing potentially sensitive data. And what's more, they specifically configure the printer in a non-default way that forces print jobs to go to the hard drive, and what's even more, they don't even bother following their own guidelines and standards to format the hard drive before getting rid of the printer.

      Or two, the printer company I work for (name withheld, of course) is the one and only sane software developer in the printer world. Or at least the most sane. I can assure you, having worked here, if we're the most sane, the printer world has far, far worse problems ahead of it besides "everyone does everything online without the need to print anything" and "incompetent IT admins didn't bother to learn how to use their own equipment and blame the manufacturer when something goes wrong".

    2. Re:Just how stupid by DavidTC · · Score: 1

      Why don't you suggest that your company just go ahead and secure-wipe all files all the time?

      I mean, it's a frickin copier. It's not like it's pinning the CPU.

      You don't even have to 'secure' wipe. That's for suckers. No one has ever demonstrated the ability to reconstruct data on a modern hard drive that's been overwritten just once. (All those studies about multi-pass were a) hypothetical, and b) based on old MFM encoding and much wasteful hard drives.)

      Hell, there's probably a shared library you can link in and do a search and replace for 'unlink()' in your code with a wipe function.

      --
      If corporations are people, aren't stockholders guilty of slavery?
  7. That's nothing. by Anonymous Coward · · Score: 5, Interesting

    That's nothing.

    Lots of places still use old brother fax / copy / print machines which utilize "ribbons" instead of ink or toner. This is what they look like

    PC-301

    It's basically a big carbon transfer sheet. You find these old machines in doctors offices. law offices. etc. Where the owner is too lazy to upgrade their hardware.

    They throw out the used ribbon. Guess what? Its literally hundreds of feet of perfect, inverted copies of faxed information. Forms with medical information. SSN numbers. Private legal information. ETC.

    All it requires is someone to be lazy enough to throw it away, and someone else bored enough to go dumpster dive.

    1. Re:That's nothing. by Anonymous Coward · · Score: 0

      To go a bit further back there was this device called a typewriter that used ribbons to print the letters. The older cloth ribbons were harder to decypher, but the mylar ribbons such as on selectrics where easier to decyper. Of course after the ribbon had run back and forth a number of times, how much could be recovered is unclear.

  8. Yes they do need hard drives. by Colin+Smith · · Score: 4, Insightful

    You put a stack of papers into them, hit the copy 10 times button. It has to print 10 stacks of papers. You want to stand there shoving the paper through 10 times while it does it?

     

    --
    Deleted
    1. Re:Yes they do need hard drives. by Anonymous Coward · · Score: 0

      The OP's point still stands. Why does that have to be stored on a non-volatile medium, like a hard drive, rather than in volatile memory?

      1 GB of RAM alone can store a huge number of scanned pages. Given the cost of commercial copiers, having them contain 16 or even 32 GB of RAM wouldn't affect the cost very much.

    2. Re:Yes they do need hard drives. by selven · · Score: 1

      I'm pretty sure RAM does that job just fine. You don't need permanent memory.

    3. Re:Yes they do need hard drives. by Anonymous Coward · · Score: 0

      1 GB of RAM alone can store a huge number of scanned pages. Given the cost of commercial copiers, having them contain 16 or even 32 GB of RAM wouldn't affect the cost very much.

      Not really. Files that get sent to the printer are actually quite large, especially if you're dealing with images (everything basically gets rasterized/bitmapped when printed). To find out how big some things can be, save everything you print as raw postscript files

      As for the "16 or even 32 GB of RAM wouldn't affect the cost very much", I'm assuming that having 16 or 32GB of RAM in you computer doesn't affect the price very much either, right? Look up the prices on those and let me know how little they'll affect the cost.

    4. Re:Yes they do need hard drives. by tepples · · Score: 1

      1 GB of RAM alone can store a huge number of scanned pages. Given the cost of commercial copiers, having them contain 16 or even 32 GB of RAM wouldn't affect the cost very much.

      Copiers also tend to have a longer service life than, say, a gaming PC. How long has 16 GB of RAM been as affordable as you claim?

    5. Re:Yes they do need hard drives. by Anonymous Coward · · Score: 0

      Here in Japan, a typical office copier will cost the equivalent of about US$13,000 for a low end model. 32 GB of RAM (8 sticks at 4 GB per stick) costs only the equivalent of about US$1,000. That is less than 10% of the total copier's cost. And do not forget that most copiers will be higher end models that cost US$20,000 or more, so the price of 32 GB of RAM becomes an even smaller percentage of the cost of the copier.

    6. Re:Yes they do need hard drives. by mollog · · Score: 2, Informative

      Some devices have character recognition, fonts, and other similar data. Some have localization information. New features and functionality are frequently added. The device will want to permanently store information about numbers of copies made, consumables used, logs of errors. The list goes on and on.

      Short answer, yes they do need nonvolatile, writable storage.

      --
      Best regards.
    7. Re:Yes they do need hard drives. by Urkki · · Score: 1

      RAM isn't cheap. Take the cheapest hard drive you can find. See how much memory you can get for the same price. Is that amount of memory enough to store, say, a few hunderd 1200 dpi full color A4/letter sized scans? I bet it isn't, so you'll need to spend more if you want to use RAM, for no observable benefit (except privacy of course).

      HD is cheaper, plenty fast enough (sequential access), and even the cheapest $40 HD has so much capacity it's not worth even calculating how many pages it can store... But if that isn't enough, spend like $5 more to about quadruple the capacity, then it should be enough for anybody... It's not like an existing photocopier will be upgraded to use x-ray scanning, continuous spectrum, nanoscale printing technologies later, so there's no worry the capacity of an existing machine will not be enough in the future.

      Possible cheapish privacy solution: generate random "session key" in RAM for every new job, and use it to strongly encrypt everything written to HD. Once the key is forgotten, encrypted data in HD becomes unrecoverable random noise.

    8. Re:Yes they do need hard drives. by Anonymous Coward · · Score: 0

      It seems to me that the bulk of these "they don't need storage" posts are coming from people who have NO IDEA how these things really work, and they have these wild ideas of how things "should be" based on their limited, and often faulty, knowledge.

    9. Re:Yes they do need hard drives. by pclminion · · Score: 2, Insightful

      1 GB of RAM alone can store a huge number of scanned pages. Given the cost of commercial copiers, having them contain 16 or even 32 GB of RAM wouldn't affect the cost very much.

      For black and white documents, definitely true. Supposing 600 DPI, an 8.5x11" page of bitonal data (1 bit per pixel) takes up 4207500 bytes. If you just stopped there, you could store 255 pages per gig, which isn't a terribly impressive capacity... But using a compression method like JBIG2 which can give upwards of 50x reduction for single pages and even more than that for multiple pages, you're now talking about 15000, 20000 or more pages per gig.

      However, pointing to the price of RAM at the present time is a bit dishonest, since copiers have been around since earlier than a few months ago... I don't remember the price points from five years ago, but I bet if in 2005 you went to a manufacturer and said "Why don't you just stick a gig of RAM in there" they'd fall over and die laughing. Yes, it's a possible solution NOW, but we're not talking about NOW.

    10. Re:Yes they do need hard drives. by L3370 · · Score: 1

      Some also permanently store other sets of information such as email addresses, fax numbers, etc..

    11. Re:Yes they do need hard drives. by ZorbaTHut · · Score: 1

      And 1tb of hard drive space costs only about $100, less than 1% of the total copier's cost.

      Yes, if they wanted to spend more to do less, that would certainly be an option!

      --
      Breaking Into the Industry - A development log about starting a game studio.
    12. Re:Yes they do need hard drives. by afidel · · Score: 1

      Not sure why an MFP from 2005 couldn't have had a gig of ram since an HP 8000 from 2000 could have 512MB fairly inexpensively (about 10% of the system price), of course when you talk about 11x17 32bpp images even 1GB doesn't go very far. Since our units can scan at 30-50 pages per minute and print at 55-70 pages per minute you'd need a ton of ram to keep up with big jobs, which is exactly why they have HDD's. We've also confirmed with Xerox that they securely wipe all units returned from lease before releasing or selling them so it's not an issue for us.

      --
      There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
    13. Re:Yes they do need hard drives. by SydShamino · · Score: 1

      We've also confirmed with Xerox that they securely wipe all units returned from lease before releasing or selling them so it's not an issue for us.

      They securely wipe? So you let a few guys from the local service company load it on a truck and take it away, hoping that it's kept securely until it gets back to Xerox's factory, makes it through their receiving queue, and gets an inter-lease refurb?

      Seems like, if you really cared, you'd rather have it wiped before it leaves your sight.

      --
      It doesn't hurt to be nice.
    14. Re:Yes they do need hard drives. by SydShamino · · Score: 1

      Some also permanently store other sets of information such as the contents of every file copied, etc. ;p

      --
      It doesn't hurt to be nice.
    15. Re:Yes they do need hard drives. by pavon · · Score: 1

      Even discounting large inexpensive RAM, this feature still wouldn't require you to manually feed paper, like Colin_Smith suggested. The copy machine at my elementary school back in the early nineties had the ability to put a stack of papers on it, and it could make as many copies as you wanted purely mechanically. The only copier features that I have seen that needed a hard drive, are ones that no one uses because the interface is far too complicated for what should be a simple to use device.

    16. Re:Yes they do need hard drives. by Anonymous Coward · · Score: 0

      Copiers also tend to have a longer service life than, say, a gaming PC. How long has 16 GB of RAM been as affordable as you claim?

      Most are leased on a 3-year cycle.

    17. Re:Yes they do need hard drives. by tepples · · Score: 1

      Most are leased on a 3-year cycle.

      But are they lease-to-own, or does a used off-lease copier go to the next lessee?

    18. Re:Yes they do need hard drives. by JustNilt · · Score: 1

      It seems to me that the bulk of these "they don't need storage" posts are coming from people who have NO IDEA how these things really work, and they have these wild ideas of how things "should be" based on their limited, and often faulty, knowledge.

      Slightly OT here but it's my experience that this applies to the overwhelming majority of "X doesn't need Y because ..." arguments.

      --
      Nilt

      --
      You know the thing about UDP jokes? I don't care if you get it or not.
  9. That was a fun $250k audit by netsavior · · Score: 3, Informative

    My business users did not think to ask IT when they selected a model of fax/scan/copier

    It had really cool features like the ability to scan tons of documents all at once, then you go back to your computer and download them from a network share!! such a productivity booster!

    So this nice $250k device, which they bought, with no security... which of course did not pass standard security audit...

    Scanning confidential documents happens every day... and at the bank for which I work, we take it pretty seriously.
    Even disabling the network interface wasn't enough, because users could *accidentally* scan/copy a document and set it to store, which could be accessed by non-permitted individuals. In the end they ended up taking a bath on the whole device.

  10. You're kidding? by U8MyData · · Score: 2, Insightful

    This has been an issue ever since they started pasting PC's on the backs and sides of copiers. What is that now? Something in excess of 10 years?

    1. Re:You're kidding? by uncqual · · Score: 1

      Actually, for perhaps 35 years :)

      I recall the early laser printers in use internally at Xerox - the ones I saw were a standard copier modified/altered to be a printer. From a distance, the biggest hint that it was a printer and not a copier was an extra box stuck on the end and, behold, an Alto nearby.

      Of course, IIRC, they wouldn't function as a copier anymore, so maybe it doesn't count.

      Now get off my lawn.

      --
      Why is there an "insightful" mod and why isn't it "-1"? If I wanted insight, I wouldn't be reading /.
  11. Windows by bcrowell · · Score: 3, Informative

    It's apparently pretty common for these machines to run an embedded copy of Windows these days. I know someone who was a sysadmin at UC Berkeley a few years back, and she had to clean up the mess when their photocopier picked up a Windows virus and became a spam zombie. This seems similar to the kind of situation we're seeing with people's home routers and cable modems getting owned. The basic problem seems to be that the end user buys something that is a general-purpose computer, but the manufacturer doesn't present it to them as a general-purpose computer that needs maintenance, security patches, etc., and the manufacturer may also choose an initial configuration that is designed for ease of use rather than security (e.g., having passwords that the user doesn't set).

    If the only problem was getting your images read out by someone else when the machine is resold, that would seem pretty minor to me. Can't they just design the machine so that the memory used for temporary storage of images is volatile? Then as soon as you unplug the machine that you're going to resell, the memory is wiped.

    But if your copier is getting owned by hackers while you're still using it, then the presence of the left-over images seems like it becomes a bigger issue, and harder to secure yourself against.

    --
    Find free books.
    1. Re:Windows by tepples · · Score: 1

      Can't they just design the machine so that the memory used for temporary storage of images is volatile?

      RAM is not free, especially RAM to store scans of a 40-page document. So they store the scans on a hard drive. I guess one workaround for the cost of RAM would be to encrypt the scans on disk and keep the keys in RAM.

    2. Re:Windows by Lehk228 · · Score: 1

      the easier workaround is to have the drive be removable and have the buyer install their own drive

      --
      Snowden and Manning are heroes.
    3. Re:Windows by Todd+Knarr · · Score: 3, Insightful

      Easier option: the copier deletes the files from the hard drive after the copy run's completed and the images aren't needed anymore. Ditto when documents are scanned and delivered elsewhere (eg. e-mailed to the user). Only store them permanently when the user scans them in and deliberately stores them in the copier. It's not that hard to make it behave that way.

    4. Re:Windows by swb · · Score: 1

      Then they lose the opportunity to charge you $1500 for a 20 gig hard disk.

    5. Re:Windows by fat_mike · · Score: 1

      Are you kidding me? So all I have to do is put Windows or Microsoft in the title and spew a bunch of BS and its rated informative?

      Can you prove any of your claims other than you knew a Systems Administrator at Berkley (that has lots of them) telling you that their copiers used Windows?

      Our Canon imageRunner's 5000 and 5070 don't use Windows nor do our Dell's or our HP's for that matter.

      Or our color copier "a few years back" that used a Silicon Graphics Toaster.

      I've been doing this for 18.5 years and I have never, ever heard about a copier getting a virus. You suck more than its possible to suck yet the lemmings rated you informative.

      Does this site even have editors anymore or do they just go "Ooh, kdawson posted a bunch of bullshit again guaranteed to bring out more people posting more bullshit HEAD IN THE SAND! HEAD IN THE SAND!"

    6. Re:Windows by fuzzyfuzzyfungus · · Score: 1

      From a security perspective, making the user affirm that they are, in fact, super-double sure that they want to save something makes perfect sense.

      From a UI/human interaction perspective, it is kind of a walking disaster. Humans are lazy, clueless, and easily distracted(even the smart ones, if you catch them at a bad moment, which everybody has).

      Unless you make copiers for Spook HQ(and possibly even then), you'll get far more flack for "the copier lost my document" than you will praise for "the copier protected my document from disclosure". Having something you wanted to access vanish is highly visible, and highly annoying. Having something you wanted to vanish silently lurk in the background is bad; but largely invisible.

  12. Sooner or later by shadowbearer · · Score: -1, Offtopic

      we'll have to accept the fact that anything that is created by a human being can be reproduced, copied and distributed by a human being.

      Technology just makes it easier, that's all. The printing press certainly did.

      Boo hoo, whine, whine, whine.

      And yes, I've produced copyrighted works that I've made money off of. I don't get in a fluff if I don't get rich off of them, tho.

      0.0

      SB

    --
    It's old. The more humans I meet, the more I like my cats. At least they are honest.
  13. Is there a law? by EmagGeek · · Score: 1, Troll

    Is there a constitutional law that was properly added to "the books" that requires copiers have "secure option," that sellers notify buyers of privacy concerns, and so on? Or, is Obama's administration just legislating by decree again?

    1. Re:Is there a law? by Anonymous Coward · · Score: -1, Flamebait

      Did Ron Paul's cock fall out of your mouth again?

    2. Re:Is there a law? by DerekLyons · · Score: 1

      Funny. The typical Slashdotter foams at the mouth about how the government is supposed to protect privacy - his privacy. But when it's not his privacy directly at stake, the government is held to be the villain.

    3. Re:Is there a law? by Lehk228 · · Score: 3, Insightful

      regulation of interstate commerce.

      unless you would like to suggest that copy machines are in fact manufactured and sold all within a single state.

      --
      Snowden and Manning are heroes.
    4. Re:Is there a law? by Anonymous Coward · · Score: 0

      Is there a constitutional law that was properly added to "the books" that requires copiers have "secure option," that sellers notify buyers of privacy concerns, and so on? Or, is Obama's administration just legislating by decree again?

      Why are you wasting time with a joke question? You know there is no amendment for such a trivial issue. That said, given that the FTC does collect tax revenue for these purposes, they damn well ought to do their job. There is an inherent 'unfit for purposeness' in a device that indefinitely stores copied documents - due to the size of the hard drive and lack of overwrite of non-explicitly saved items. From a libertarian perspective, I would prefer vigilance and private watchdog groups followed by court action if needed. The FTC approach appears tame compared to what a class-action lawsuit might look like. Given that governemnt has its fingers to deep in the pie with the liberal use of SSN and legal indemnity for credit reporting agencies (try to sue them for being wrong - go ahead), I would say there is not much choice in this matter but for them to be vigilante on personal data. Misregulation is worse than no regulation.

    5. Re:Is there a law? by Anonymous Coward · · Score: 0

      "Unfit for purposeness" is usually covered by a disclaimer of implied warranty. Besides, if a copier makes copies, then it is fit for that particular purpose. The purpose of a copier is to make copies, and if it does that, you would have no claim under "unfit for the particular purpose."

      Copiers are not sold as privacy devices.

  14. I was wondering about that by Presto+Vivace · · Score: 1

    why would you need memory on a copy machine?

    1. Re:I was wondering about that by afidel · · Score: 1

      Make N copies function which is essentially a scan and print, or to print 20 collated copies of a 500 page document (which is fairly common on our multifunction devices). Another VERY common one is to scan a few dozen to a couple hundred pages and have it emailed or sent to a file server as a single PDF.

      --
      There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
  15. Stories like this... by stewbacca · · Score: -1, Flamebait

    ...nearly drive me away from slashdot forever.

    When did this become Alex Jones' personal tinfoil-hat blog site?

    1. Re:Stories like this... by Anonymous Coward · · Score: 0

      Later, gator.

  16. in another growing concern... by nimbius · · Score: 1

    I cant remember the last time ive had to use a copier for any non-gluteus-maximus related graphics...

    --
    Good people go to bed earlier.
  17. Their machines require hard disk drives by mollog · · Score: 2, Informative

    Most modern digital electronics have a pretty complete operating system on them, including copiers, printers, fax machines. Data storage, especially for very large data sets such as a high resolution digitally scanned image, is pretty much required. Disk storage is the currently used technique for that storage.

    Most copiers do more than copy. They can accept a job over the network, they can use forms or other co-created information, and they can be used to adjust an image after it has been accepted. All this requires RAM and mass storage.

    This issue is not new, but as we all become more sophisticated, it does become easier to compromise a device holding your data. I don't have a good answer for the problem.

    --
    Best regards.
  18. Naughty bits by sxedog · · Score: 1

    All that would be stored on these HDD in the machines are pictures of peoples naughty bits anyways. Isn't that what people use copiers for?

    --
    If it ain't broke, DON'T fix it.
  19. What about the dots? by Jah-Wren+Ryel · · Score: 4, Insightful

    Of course they don't give a damn about the serial numbers that each copier embeds in every page they print.

    --
    When information is power, privacy is freedom.
  20. deleted as in fat delete? or fake deleted? by Joe+The+Dragon · · Score: 2, Interesting

    deleted as in fat delete? or fake deleted?

    fat delete can be some times be undeleted.

    But some boxes / tivos do a fake delete that just removes that data from the list but it's still there likely in some temp file.

    1. Re:deleted as in fat delete? or fake deleted? by Anonymous Coward · · Score: 0

      Actually, in our company's case, ext3 deleted. We run Linux under the hood of our multi-function printers. Thank you.

      (I would have said "we proudly run Linux under the hood", but we don't mention it in official literature, it seems)

      However, that's largely irrelevant; when the time comes to get rid of the printer, there's also the option to perform a full multi-pass format on the hard drive to nuke the data to government specifications (whether or not that's absolutely ultimately perfect doesn't matter, what matters is that it keeps the government happy). If the IT admin in charge of disposal didn't bother looking that up or using it, it's hardly our fault.

  21. as for leased copiers how much is locked out / not by Joe+The+Dragon · · Score: 1

    as for leased copiers how much is locked out / not allowed to be done by on site stuff?

    and I think may off lease copyeea just get sold and how many leasing companies do a full reset? they may just do a factory reset that does not do a full data nuke.

  22. Re:as for leased copiers how much is locked out / by Anonymous Coward · · Score: 0

    Hm, point taken. I wish I could answer that, but I'm afraid we don't do our own leasing. But, locking those features out at the leaser's end and not doing a nuke when the device is returned is more than a bit negligent on their part (and completely unnecessary; the ONLY use of the hard drive is temporary printout storage, as we don't put any firmware or updates in there).

  23. This is nothing new or secret by Anonymous Coward · · Score: 2, Interesting

    I work for a copier manufacturer and can shed a little info for those that are interested.

    Small office multifunction devices (MFD's) typically don't have hard drives and run embedded real-time operating systems. Some of the newest models DO have SATA hard drives, but the ability to enable "Immediate Image Overwrite" is well documented in the manual and is free.

    Mid-sized copier-only configuration machines use Electronic Page Collation RAM to store scanned images and there is no hard drive.

    Mid-sized multifunction devices have a drive in the network controller which runs Linux. There is a separate non-user accessible, encrypted partition used for temporary image storage. The "Immediate Image Overwrite" software option has been available for purchase for these products for at least the last 6 years and as of '08 it is being included free of charge.

    Large departmental/light production copiers often have two hard drives, one which is the OS drive and one dedicated scratch drive. This drive is often in a cage which is easily removed. Many of our government customers have a "secure" scratch drive which they purchase and retain/destroy, and a non-secure drive which stays with the machine when it is off lease or sold.

    Production equipment often has multiple hard drives both in the machine as well as in the raster image processor (RIP). The RIP's run either SunOS or Windows XP Embedded. In either case, these customers are well informed about where and how image data is stored as well as the procedure to erase that data and/or purchase a replacement drive so that they may retain the old drive.

    I can remember five years ago removing hard drives from classified machines and handing them directly over to customers to be destroyed. The process was well documented and understood by everyone and it was certainly no secret. Go into any government contractor (Boeing, Lockheed, Jacobs, etc) and the copiers are all clearly marked as to which ones are for classified documents and which ones aren't. And it's been that way for awhile.

    1. Re:This is nothing new or secret by swb · · Score: 1

      I suspect that this is more of an "issue" farther down the food chain.

      Large entities and/or especially those with security experience (banks, defense contractors, law enforcement) are probably naturally suspicious of any duplication technology and ask a ton of questions. They're also used to dealing with vendors who have experience selling to this field and understand that a low-level how-it-works transparency is necessary, probably both to win the business AND avoid some kind of Federal investigation in case something slips through the cracks.

      Small businesses don't ask these questions. They lack the expertise and they often deal with smaller resellers/lessors who service the small market. My experience as both a customer and a network engineer consultant for the last 5 years is that these smaller resellers generally have very poor IT-type technical support for their devices. They have a lot of guys who can fix mechanical problems with xerography but when it comes to networking features, at best they have "a guy" who understands them and often has to defer to the manufacturer.

      I suspect its at the bottom of the food chain (so to speak) where you find the bigger problems.

  24. Undeletion by tepples · · Score: 1

    the copier deletes the files from the hard drive after the copy run's completed and the images aren't needed anymore.

    Files that aren't encrypted can be undeleted.

  25. encryption by default by p51d007 · · Score: 1

    Been in the business 30 years (AS A TECH, NOT A SALESMAN). This is just another red herring that give the government something else to do. Unless the I.T. department where the machine is located is completely STUPID they have to know these new "MFP's" have a hard drive. Most of these boxes in the last couple years have encryption, data scramblers, or DoD wipe built in, but, as with OTHER SECURITY measures, it is the END USERS responsiblity, NOT the dealer to turn these features on. 99.9% of the time, the only thing the end user asks is how fast is it, and how much does it cost. My policy, and that of the other techs I deal with (mid size dealer, 6 locations scattered across four states) is that at the end of a lease, or trade in, the copier comes back to our office, and if the machine is in resale condition for an overhaul, the drive is WIPED before taken back to the lease company or resale. If the machine is to be disposed of, the drive is removed, & destroyed. In the field, if a drive fails, the I.T. department is given the option of taking the old drive and disposing of it on their own, or, if the end use does not care for the old drive is pulled apart, platters removed and destroyed (all documented on the service work order). This CBS video story just stirred up the masses like Chicken Little "the sky is falling". Unless you STORE information on the drive, the copier "deletes" the file (copy, print scan, non stored ). Yes, just like the old DOS days, the first letter is deleted, the remaining file is there, but overwritten like any other hard drive. Data encryption, when turned on, uses 128 bit to encrypt/decrypt the information on the fly (now reduction in speed). With data overwrite, after a copy job is finished, the area where the file remained is overwritten (DoD L3 or 5). Using a combination of encryption & overwrite, the data is secure. Personally, I've gone into office that have OPEN DESKTOP COMPUTERS that are easier to access than trying to rip out the drive of a copy machine, plus, so many I.T. departments have such lack security, that I can if I wanted, just unhook the copier from the network, plug it into my laptop and with no passwords or other security measures, be right on their network, so, everyone just calm down. You don't have to worry about those "innocent" photos from the office party of your butt, or the "the boss is a jerk" email showing up on the internet. Just google the guy in the CBS video and you'll see that he is SELLING a service to wipe out hard drives on computers, printers & copiers, which is about as pointless as the Best Buy "new computer tuneup" service they offer. It's like wiping your ass before you take a dump...it's not needed!

  26. Yep by Anonymous Coward · · Score: 0

    To do all those functions, it's a computer........... they have been since the first digital copier a long time ago.
    This is just weird that it's big news now.

  27. gee wiz here we go again by WeeBit · · Score: 1

    Like the copy machine makers will openly admit they did not tell their customers about the hard drive feature in their copy machines.

    What's with the size of those hard drives? They don't need to be so large. Seems as though a small flash drive could be just as efficient.

    Also look at the money they will be getting just to supply a app to erase that data. Total rip off.

    I am crying foul over the whole deal. Just give it a little time, and someone will create a free app to clean those hard drives. I bet it will be Open Source too!