FTC Targets Copy Machine Privacy Concerns

itwbennett writes "In a letter to US Representative Ed Markey, FTC Chairman Jon Leibowitz said that the FTC has begun contacting copy machine makers, resellers, and office supply stores to inform them about privacy concerns over the images that can be stored on the machines' hard drives and trying to 'determine whether they are warning their customers about these risks ... and whether manufacturers and resellers are providing options for secure copying.'"

About time...

[FaxeTheCat]

When I was involved in a tender for MFCs five years ago, this was one of the issues raised... by the vendors. Some claimed they were the only ones that had it, but they were wrong. All the major ones had it. At that time they offered both encryption of all userdata on the local hard drive, and also automatic overwriting of all user data after it was printed.
At the time these were options that one needed to pay extra for, but for anybody concerned with privacy issues, it was available.

One can, of course, ask why the above options are not standard. After all, it is just a question of enabling some software options.

That's nothing.

[Anonymous Coward]

That's nothing.

Lots of places still use old brother fax / copy / print machines which utilize "ribbons" instead of ink or toner. This is what they look like

PC-301 [images-amazon.com]

It's basically a big carbon transfer sheet. You find these old machines in doctors offices. law offices. etc. Where the owner is too lazy to upgrade their hardware.

They throw out the used ribbon. Guess what? Its literally hundreds of feet of perfect, inverted copies of faxed information. Forms with medical information. SSN numbers. Private legal information. ETC.

All it requires is someone to be lazy enough to throw it away, and someone else bored enough to go dumpster dive.

Re:There machines don't need hard drives.

[Itninja]

I spent 10 years in the reprographics industry and I agree, we don't need hard drives on the copiers.My boss always paid extra for this 'feature' on every machine, and within 2 weeks we never used it again. That's what file servers are for. None of these machine were stand-alone; they all had Ethernet connectivity. I plugged them into the network and, if large jobs needed to be stored for longer than the time needed to make a copy, we stored the files on the server. All the one-off jobs just used the volatile memory on the machine.

Re:About time...

[ducomputergeek]

Why leave money on the table? If you can charge more for those features, do so. If they really are just a configuration change, then you can offer those modules "free" or at a "substantial discount" if you need to make the sale else never take less than what the customer is willing to give you.

Re:There machines don't need hard drives.

[ArundelCastle]

Maybe I want a copy of what I'm copying to remain on the hard drive for easy retrieval and reuse later?

Missing the point. The copier's hard drive is basically a black box in most cases.
A) The copier probably already has a save to network, and send via e-mail function. Why wouldn't you choose that?
B) In most cases the copier's hard drive is by default completely inaccessible to the end user. There's no browse feature.
C) To access the data, you need to purchase a support package and use a proprietary tool.
D) To delete the data, you need to purchase a support package and use a proprietary tool.

This is a cash grab for the copier manufacturers. A safety net that most people don't know existed unless they place a frantic support call.
The reporting expose proved that there is no promise that the manufacturer will wipe drives after their lease is up, and if you do not know it exists, how can you plan to wipe it yourself if you re-sell it?

deleted as in fat delete? or fake deleted?

[Joe The Dragon]

deleted as in fat delete? or fake deleted?

fat delete can be some times be undeleted.

But some boxes / tivos do a fake delete that just removes that data from the list but it's still there likely in some temp file.

Re:There machines don't need hard drives.

[Itninja]

But using the copier is the hard way. With the exception of really big ones (i.e. Docutech) these things don't have keyboards or mice. The only input they have is a clunky letter-scroll or, if you're lucky, a touchscreen. It was hell using those to search for a file or document. Easier to step 2 feet over to the PC, open the PDF (or whatever) and print it to the copier. Took about 10 minutes to setup and only seconds per job to use. Compared to wading thru the copier UI, that was the easiest way in the world.

This is nothing new or secret

[Anonymous Coward]

I work for a copier manufacturer and can shed a little info for those that are interested.

Small office multifunction devices (MFD's) typically don't have hard drives and run embedded real-time operating systems. Some of the newest models DO have SATA hard drives, but the ability to enable "Immediate Image Overwrite" is well documented in the manual and is free.

Mid-sized copier-only configuration machines use Electronic Page Collation RAM to store scanned images and there is no hard drive.

Mid-sized multifunction devices have a drive in the network controller which runs Linux. There is a separate non-user accessible, encrypted partition used for temporary image storage. The "Immediate Image Overwrite" software option has been available for purchase for these products for at least the last 6 years and as of '08 it is being included free of charge.

Large departmental/light production copiers often have two hard drives, one which is the OS drive and one dedicated scratch drive. This drive is often in a cage which is easily removed. Many of our government customers have a "secure" scratch drive which they purchase and retain/destroy, and a non-secure drive which stays with the machine when it is off lease or sold.

Production equipment often has multiple hard drives both in the machine as well as in the raster image processor (RIP). The RIP's run either SunOS or Windows XP Embedded. In either case, these customers are well informed about where and how image data is stored as well as the procedure to erase that data and/or purchase a replacement drive so that they may retain the old drive.

I can remember five years ago removing hard drives from classified machines and handing them directly over to customers to be destroyed. The process was well documented and understood by everyone and it was certainly no secret. Go into any government contractor (Boeing, Lockheed, Jacobs, etc) and the copiers are all clearly marked as to which ones are for classified documents and which ones aren't. And it's been that way for awhile.

Re:About time...

[noidentity]

It makes sense to avoid using the same area of the hard disk for each copy, because you'd otherwise wear it out quickly. So you use different areas for temporary storage each copy. But this leaves a history of the last N copies. So in secure mode, you could just encrypt the temporary file with a key generated on-the-fly and only kept in memory. Once you're done, you erase the key, leaving the files inaccessible. Just be sure you aren't the owner of the copy machine, or else you could get arrested for having encrypted files that you claim to have no key for.