Photocopier Security: We Gave Away Our Privacy to Digital Photocopiers

Question? How many times have you done the following:

• Copied personal information at Kinko's
• Used a lawyer who copies documents on a leased copier.
• Have a healthcare institution that uses photocopiers to copy vital patient information and records.
• Copied personal information like drivers licenses, social security cards, birth certificates at your place of work.
• Copied personal document at the public library and stores like OfficeMax, Staples, etc.
  

How certain are you that the photocopier used to copy your information will be properly cleansed to avoid unauthorized access to your very private information?


CBS New conducted and investigative report into concerns regarding privacy exposure from digital photocopiers.


Summary of CBS Investigative Report

• Digital photocopiers built since 2002 essentially are computers that scan and print documents. The copiers have a hard drives contain stored scanned images; often of your very personal information.
• The investigators were able to retrieve tens of thousands of images containing confidential information.
  
• The photocopiers never delete the scanned images and the average hard drive size of 30Gig can store hundred of thousand of images containing your personal information.
  
• Some copier don't encrypt the images on the hard drive.
• When the copier lease is up, the images are not necessarily erased returned to the leasing company; the next person that buys the used copier could possibly retrieve these images!
• You can download free hard drive forensics software from the Internet that easily retrieve the scanned private documents from the hard drive.

This problem is so serious that Massachusetts Representative, Ed Marky sent an open letter to the Federal Trade Commission seeking a government involvement to prevent millions of people from having their personal and confidential information compromised by someone who would get access to a used photocopier.

• http://markey.house.gov/docs/ftccopier_security4-29-10.pdf

See actual investigative report


Watch CBS News Videos Online

Consumer Reports Recommendations Lower Risk Due To Photo Copier Hard Drives

Make all copiers securely self-erase files
This threat results from copier manufacturers erring by designing copiers to retain the data they copy. The image of a copied page is needed only temporarily—so users can order additional copies of it without rescanning—and should be automatically erased by the machine when the next copying job is initiated. Dean Gallea, our lead computer tester here at Consumer Reports, emphasizes that the process needs to involve complete and secure erasure that wipes all traces of files from the hard drive. Still, he describes the necessary programming for such auto-erasure as “trivial and minimal” for manufacturers to implement.

Indeed, some copiers are already designed this way. But as an industry spokesman admits in the CBS video, they’re less popular because they cost more—an additional $500 in the case of Sharp copiers, the spokesman says—than regular models. The FTC needs to ensure that all copiers are designed to automatically erase the last file scanned whenever a new copying job is initiated.

Post warnings of the security risk of non-erasing copiers
Since it’s highly unlikely that all such copiers will soon be replaced, copiers that do not provide the security of erasure should be identified, and the risks of using them be identified.

Safeguards are needed when older copiers change hands
Industry and regulators must ensure that hard drives of non-erasing copiers are wiped clean before the copiers change hands. That’s easily done, by requiring the use of erasing software like that we recommend you use before you sell or recycle an old computer. Such programs digitally scrub the hard drive to remove the lingering traces of deleted files. An example is Eraser, a free program.

Copy sensitive documents at home
The copiers that are built into all-in-one printers hold copied data in a buffer, and only long enough to print it once. They offer the best option if you’re leery about copying sensitive data on a commercial machine, especially if and until the copying industry widely distributes more secure machines and better guidelines to protect copied data.

My Suggestions

• Make copies of your private information when possible at home under your own control.
• Ask the company, hospital, attorneys office, etc if you can see their policy regarding protecting the privacy of information.
• Ask if they have a policy to erase or destroy the information on photocopiers after they are returned after the lease is up.
• Stop using photocopies in public places and at the office to make copies of your personal information; you don't know who else may get access to it via a returned photocopier.
• Businesses you are at risk for lawsuits if a digital photocopier you leased results in personal information to be compromised and used in nefarious ways; practice your due diligence and guarantee that the copier's hard drives get properly erased or destroyed.
  

References:

Consumer Reports

• http://blogs.consumerreports.org/electronics/2010/05/photocopier-privacy-hard-drive-personal-sensitive-information-ftc-inquiry-markey-hackers-identiy-theft.html

CBS News Investigates

• http://www.cbsnews.com/8301-31727_162-20002992-10391695.html