Slashdot Mirror
Researcher Wants To Protect Whistleblowers Against Hidden Printer Dots (bleepingcomputer.com)
An anonymous reader writes: "Gabor Szathmari, a security researcher for CryptoAUSTRALIA, is working on a method of improving the security of leaked documents by removing hidden dots left behind by laser printers, which are usually used to watermark documents and track down leakers," reports Bleeping Computer. "Szathmari's work was inspired by the case of a 25-year-old woman, Reality Leigh Winner, who was recently charged with leaking top-secret NSA documents to a news outlet." According to several researchers, Winner might have been caught after The Intercept had shared some of the leaked documents with the NSA. These documents had the invisible markings left behind by laser printers, which included the printer's serial number and the date and time when the document was printed. This allowed the NSA to track down Winner and arrest her even before she was able to publish the leaked documents. Now, Szatmari has submitted a pull request to the PDF Redact Tools, a project for securely redacting and stripping metadata from documents before publishing. Szathmari's pull request adds a code routine to the PDF Redact Tools project that would allow app operators to convert documents to black and white before publishing. "The black and white conversion will convert colors like the faded yellow dots to white," Szathmari said in an interview. Ironically, the project is managed by First Look Media, the parent company behind The Intercept news outlet.
Long before laser printers, investigators were tying people to typewriters based on unique per-unit imperfections and wear patterns. You can do something similar based on drum and toner distribution variances even on a monochrome non-watermarked printer.
Granted, the judas dots also report the date and time, which helps nail a culprit on a shared resource, but the safest thing to do would be to OCR the printed documents rather than photocopy them.
by removing hidden dots left behind by laser printers, which are usually used to watermark documents and track down leakers,
This is incorrect. The purpose of the dots and why they are limited to color printouts is because they are intended to be used to identify currency counterfeiters.
wiki
During the 1990s Xerox and other companies sought to reassure governments that their printers would not be used for forgery.
Anons need not reply. Questions end with a question mark.
Every agency office should install a special "whistleblowers only" printer in a prominent location near the office entrance.
Just use a copier in a public place. I have even paid for copies made in a bookstore once of a document I had.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
No, it doesn't allow it to be "traced back" because there is no registry of analog copiers. Color laser printers are special because you need no other detective work for finding the printer: the yellow dots are designed to make that identification trivial.
For other printing technologies (inkjet, black and white printers, etc.), you can only prove that a document came from a particular printer once you have "traced it back" via some other means.
Look, just throw the stupid document on a copier and they're gone.
This isn't rocket science. What sort of a moron would print a document IN THE NSA and then hand that original to a reporter?
She needs to go to prison for the maximum span.
I personally believe Snowden should be pardoned, and they should stop pursuing Assange, but not every leak is sacrosanct, nor is every leaker a saint.
She clearly did this as a political act, despite signing documents affirming she would keep information confidential.
Basically, leaking info is like using a legally-carried handgun: you should do it only if you accept that the consequences of not using it are worse than the punishment you'll receive, and be perfectly ok with that result.
-Styopa
So the solution is to either scan/OCR the smuggled-out document and destroy the printed-copy original before presenting to the third-party source, or else to utilize a third-party source that's smart enough to do this themselves.
The dot-pattern in the printer is not meaningful if it doesn't exist, and since it takes a forensic examination of the printout to identify the dot pattern it's not something that a security guard is going to be able to routinely check at a building security point.
Fundamentally it comes down to understanding the technology one is using, and to mitigate the pitfalls. If you're ignorant or stupid then you'll probably get caught.
Do not look into laser with remaining eye.
There is kind of a conundrum here.
The best way to prove authenticity is to reveal as much metadata as possible. This is also how you get caught.
In fact getting caught is a great proof of authenticity. And we now know that all documents with the same printer dots as the ones that got the guy caught are likely to be authentic.