Slashdot Mirror
FTC Targets Copy Machine Privacy Concerns
itwbennett writes "In a letter to US Representative Ed Markey, FTC Chairman Jon Leibowitz said that the FTC has begun contacting copy machine makers, resellers, and office supply stores to inform them about privacy concerns over the images that can be stored on the machines' hard drives and trying to 'determine whether they are warning their customers about these risks ... and whether manufacturers and resellers are providing options for secure copying.'"
FTC discovers that there are, on average, 42 scans of people's bottoms per Copy Machine.
Now back to you, Jim!
There's plenty of reasons. We use them to store oft-printed forms, scanned images, and a pretty staggering array of things in between. Maybe what you meant is that there is no reason to store an image in non-volatile memory if it has not been specified by the user.
"Never let your sense of morals prevent you from doing what is right" - Salvor Hardin
When I was involved in a tender for MFCs five years ago, this was one of the issues raised... by the vendors. Some claimed they were the only ones that had it, but they were wrong. All the major ones had it. At that time they offered both encryption of all userdata on the local hard drive, and also automatic overwriting of all user data after it was printed.
At the time these were options that one needed to pay extra for, but for anybody concerned with privacy issues, it was available.
One can, of course, ask why the above options are not standard. After all, it is just a question of enabling some software options.
There's absolutely no reason for these machines to have hard drives or any sort of non-volatile storage, beyond what it takes to store the machine's basic configuration settings. We're talking at most 1 MB.
Either you don't work in an office of any considerable size or you have no idea what you're talking about. I'm voting for the latter. And FWIW, they're using the term 'copy machine' to refer to the super copier/printer/scanner/fax/do-everything boxes that offices have these days.
For $2000, I'll build you one that goes to twelve. That's less than $200 per.
That's nothing.
Lots of places still use old brother fax / copy / print machines which utilize "ribbons" instead of ink or toner. This is what they look like
PC-301
It's basically a big carbon transfer sheet. You find these old machines in doctors offices. law offices. etc. Where the owner is too lazy to upgrade their hardware.
They throw out the used ribbon. Guess what? Its literally hundreds of feet of perfect, inverted copies of faxed information. Forms with medical information. SSN numbers. Private legal information. ETC.
All it requires is someone to be lazy enough to throw it away, and someone else bored enough to go dumpster dive.
You put a stack of papers into them, hit the copy 10 times button. It has to print 10 stacks of papers. You want to stand there shoving the paper through 10 times while it does it?
Deleted
My business users did not think to ask IT when they selected a model of fax/scan/copier
It had really cool features like the ability to scan tons of documents all at once, then you go back to your computer and download them from a network share!! such a productivity booster!
So this nice $250k device, which they bought, with no security... which of course did not pass standard security audit...
Scanning confidential documents happens every day... and at the bank for which I work, we take it pretty seriously.
Even disabling the network interface wasn't enough, because users could *accidentally* scan/copy a document and set it to store, which could be accessed by non-permitted individuals. In the end they ended up taking a bath on the whole device.
This has been an issue ever since they started pasting PC's on the backs and sides of copiers. What is that now? Something in excess of 10 years?
It's apparently pretty common for these machines to run an embedded copy of Windows these days. I know someone who was a sysadmin at UC Berkeley a few years back, and she had to clean up the mess when their photocopier picked up a Windows virus and became a spam zombie. This seems similar to the kind of situation we're seeing with people's home routers and cable modems getting owned. The basic problem seems to be that the end user buys something that is a general-purpose computer, but the manufacturer doesn't present it to them as a general-purpose computer that needs maintenance, security patches, etc., and the manufacturer may also choose an initial configuration that is designed for ease of use rather than security (e.g., having passwords that the user doesn't set).
If the only problem was getting your images read out by someone else when the machine is resold, that would seem pretty minor to me. Can't they just design the machine so that the memory used for temporary storage of images is volatile? Then as soon as you unplug the machine that you're going to resell, the memory is wiped.
But if your copier is getting owned by hackers while you're still using it, then the presence of the left-over images seems like it becomes a bigger issue, and harder to secure yourself against.
Find free books.
I spent 10 years in the reprographics industry and I agree, we don't need hard drives on the copiers.My boss always paid extra for this 'feature' on every machine, and within 2 weeks we never used it again. That's what file servers are for. None of these machine were stand-alone; they all had Ethernet connectivity. I plugged them into the network and, if large jobs needed to be stored for longer than the time needed to make a copy, we stored the files on the server. All the one-off jobs just used the volatile memory on the machine.
I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
You obviously haven't used many modern copiers. Of the three on my floor, all of them are more computers with heavy duty printers attached than dumb scanner/printer combos. All have hard drives which store frequently printed documents, the 'OS' (which in some cases is a customized version of Windows), and the temp files necessary to do their 'job'.
The problem is that your average paper pusher still thinks of a copier as a low tech mimeograph rather than realize exactly how complicated and 'multi-featured' the modern copier has become and don't realize they need to treat their copier the same way they would treat their other computers.
I DO work for a printer company that makes multi-function printers that can, in fact, make copies AND write data to an internal hard drive. Except, the conditions for it to do so, at least on the printers we make, require you to be doing a job that you are specifically saving to disk to be printed at a later time (that is, you or the admin set it up that way, as that is not the default that we ship) or you have temporarily locked the machine from making ANY printouts until an unlock code is entered. In both cases, the data is deleted when the print jobs are released, though not to government standards on-the-fly. For that, there's a setting to do a government-standard multiple-reformat of the hard drive entirely.
So when I was first hearing about this, it sounded to me like one of two things are happening:
One, these government agencies have incompetent admins who absolutely refuse to read any manuals or documentation about things that are printing potentially sensitive data. And what's more, they specifically configure the printer in a non-default way that forces print jobs to go to the hard drive, and what's even more, they don't even bother following their own guidelines and standards to format the hard drive before getting rid of the printer.
Or two, the printer company I work for (name withheld, of course) is the one and only sane software developer in the printer world. Or at least the most sane. I can assure you, having worked here, if we're the most sane, the printer world has far, far worse problems ahead of it besides "everyone does everything online without the need to print anything" and "incompetent IT admins didn't bother to learn how to use their own equipment and blame the manufacturer when something goes wrong".
Maybe I want a copy of what I'm copying to remain on the hard drive for easy retrieval and reuse later?
Missing the point. The copier's hard drive is basically a black box in most cases.
A) The copier probably already has a save to network, and send via e-mail function. Why wouldn't you choose that?
B) In most cases the copier's hard drive is by default completely inaccessible to the end user. There's no browse feature.
C) To access the data, you need to purchase a support package and use a proprietary tool.
D) To delete the data, you need to purchase a support package and use a proprietary tool.
This is a cash grab for the copier manufacturers. A safety net that most people don't know existed unless they place a frantic support call.
The reporting expose proved that there is no promise that the manufacturer will wipe drives after their lease is up, and if you do not know it exists, how can you plan to wipe it yourself if you re-sell it?
Most modern digital electronics have a pretty complete operating system on them, including copiers, printers, fax machines. Data storage, especially for very large data sets such as a high resolution digitally scanned image, is pretty much required. Disk storage is the currently used technique for that storage.
Most copiers do more than copy. They can accept a job over the network, they can use forms or other co-created information, and they can be used to adjust an image after it has been accepted. All this requires RAM and mass storage.
This issue is not new, but as we all become more sophisticated, it does become easier to compromise a device holding your data. I don't have a good answer for the problem.
Best regards.
regulation of interstate commerce.
unless you would like to suggest that copy machines are in fact manufactured and sold all within a single state.
Snowden and Manning are heroes.
Of course they don't give a damn about the serial numbers that each copier embeds in every page they print.
When information is power, privacy is freedom.
deleted as in fat delete? or fake deleted?
fat delete can be some times be undeleted.
But some boxes / tivos do a fake delete that just removes that data from the list but it's still there likely in some temp file.
But using the copier is the hard way. With the exception of really big ones (i.e. Docutech) these things don't have keyboards or mice. The only input they have is a clunky letter-scroll or, if you're lucky, a touchscreen. It was hell using those to search for a file or document. Easier to step 2 feet over to the PC, open the PDF (or whatever) and print it to the copier. Took about 10 minutes to setup and only seconds per job to use. Compared to wading thru the copier UI, that was the easiest way in the world.
I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
I work for a copier manufacturer and can shed a little info for those that are interested.
Small office multifunction devices (MFD's) typically don't have hard drives and run embedded real-time operating systems. Some of the newest models DO have SATA hard drives, but the ability to enable "Immediate Image Overwrite" is well documented in the manual and is free.
Mid-sized copier-only configuration machines use Electronic Page Collation RAM to store scanned images and there is no hard drive.
Mid-sized multifunction devices have a drive in the network controller which runs Linux. There is a separate non-user accessible, encrypted partition used for temporary image storage. The "Immediate Image Overwrite" software option has been available for purchase for these products for at least the last 6 years and as of '08 it is being included free of charge.
Large departmental/light production copiers often have two hard drives, one which is the OS drive and one dedicated scratch drive. This drive is often in a cage which is easily removed. Many of our government customers have a "secure" scratch drive which they purchase and retain/destroy, and a non-secure drive which stays with the machine when it is off lease or sold.
Production equipment often has multiple hard drives both in the machine as well as in the raster image processor (RIP). The RIP's run either SunOS or Windows XP Embedded. In either case, these customers are well informed about where and how image data is stored as well as the procedure to erase that data and/or purchase a replacement drive so that they may retain the old drive.
I can remember five years ago removing hard drives from classified machines and handing them directly over to customers to be destroyed. The process was well documented and understood by everyone and it was certainly no secret. Go into any government contractor (Boeing, Lockheed, Jacobs, etc) and the copiers are all clearly marked as to which ones are for classified documents and which ones aren't. And it's been that way for awhile.
Well, we use them with HP printers all the time. Any confidential document is "printed" to the printer with a code selected by the user. The job won't print until the user is standing at the printer and enters the code. With current technology on the print servers, this requires the printer to manage it and have a hard drive. We also use Smart Cards on the HP printers for some functions (such as scanning and sending to email). That function either requires it store to RAM (might be a lot of RAM required) or to a hard drive as well. Both of these are functions used on our office printers at least weekly if not more. They certainly aren't used for every job, but they definitely are used.
I was at a conference three weeks ago where the subject of "self encrypting drives" (the ones with encryption in the drive firmware) came up and one of the other people representing a large business there mentioned that he buys those drives for his printers and that they use them. So there are use cases where it makes sense.