(April 21, 2010: If you're looking for my commentary on the CBS photocopier expose, click here.) Photocopiers--those machines that spit out, again and again, duplicate documents to your heart's desire, and only limited by the reams of paper you have in your possession--can lead to a data security risk, in more ways than one. One could argue that hard drive encryption could be employed to gain protection from one of those ways; but it would be.
(April 21, 2010: If you're looking for my commentary on the CBS photocopier expose, click here.)
Photocopiers--those machines that spit out, again and again, duplicate documents to your heart's desire, and only limited by the reams of paper you have in your possession--can lead to a data security risk, in more ways than one. One could argue that hard drive encryption could be employed to gain protection from one of those ways; but it would be.
As a side note, one of the ways a photocopier can lead to a data breach is simply by copying documents. If a company stores printouts--say a list of SSNs, account numbers, and names--as a backup for an (improbable) enterprise-wide computer and network failure, a person could break-in to the room holding the documents; copy the pages; and replace the originals while taking the copies. No one's he wiser. However, there is another way that a breach can occur with photocopiers: the hard disk. If you've stopped using a photocopier in the mid-1990s, you may be a bit baffled. Photocopiers don't have hard disk drives...do they? Remember, though, that technological progress is made in many areas, and this includes the lowly Xerox machine.
As a side note, one of the ways a photocopier can lead to a data breach is simply by copying documents. If a company stores printouts--say a list of SSNs, account numbers, and names--as a backup for an (improbable) enterprise-wide computer and network failure, a person could break-in to the room holding the documents; copy the pages; and replace the originals while taking the copies. No one's he wiser.
However, there is another way that a breach can occur with photocopiers: the hard disk. If you've stopped using a photocopier in the mid-1990s, you may be a bit baffled. Photocopiers don't have hard disk drives...do they? Remember, though, that technological progress is made in many areas, and this includes the lowly Xerox machine.
Yes, modern photocopiers have hard disk drives (if manufactured in the late 90's onward). This is what allows them to customize how you want your copies to be spitted out: do you want them collated and ready to be stapled? (Many machines automatically staple these things as well.) How about a stack of even pages only and another stack of the odd pages? Spit them out in reverse? Printed on both sides of the page? It can do this because the modern photocopier is basically a computer with an integrated scanner (and phone...these things fax stuff as well as send e-mail) feigning to be a traditional photocopier. This "computer" requires a hard drive just like any computer: it will scan the image to be photocopied then make as many high-speed printouts as necessary. That scanned image--an exact, digital replica of the original paper document--is stored on that hard drive. And, it doesn't get erased once the job is done. It stays there until it's essentially "pushed off" by newer copy jobs (or, in computer parlance, the old files are overwritten by new files). The larger the hard drive's capacity the longer it takes for documents to get overwritten.
Yes, modern photocopiers have hard disk drives (if manufactured in the late 90's onward). This is what allows them to customize how you want your copies to be spitted out: do you want them collated and ready to be stapled? (Many machines automatically staple these things as well.) How about a stack of even pages only and another stack of the odd pages? Spit them out in reverse? Printed on both sides of the page?
It can do this because the modern photocopier is basically a computer with an integrated scanner (and phone...these things fax stuff as well as send e-mail) feigning to be a traditional photocopier. This "computer" requires a hard drive just like any computer: it will scan the image to be photocopied then make as many high-speed printouts as necessary.
That scanned image--an exact, digital replica of the original paper document--is stored on that hard drive. And, it doesn't get erased once the job is done. It stays there until it's essentially "pushed off" by newer copy jobs (or, in computer parlance, the old files are overwritten by new files).
The larger the hard drive's capacity the longer it takes for documents to get overwritten.
What's prompting this post? Well, winknews.com is following up on previous report involving the purchase of use hard disk drives on eBay. Analysis of those drives has shown personal information such as bank account and credit cards numbers and SSNs were saved on them. And, they were easily accessed--to wit, it means encryption was not used. Sears and Giant Foods, two of the companies affected, even sent technicians to examine the drives. Neither could figure out how the information ended up in the drives. However, winknews.com has found hints within the drive's files that these drives may have been part of a photocopier. The thing is, this is not really news. Foxnews--of all places--has an article dating from March 2007 warning readers on the threat posed by photocopiers. And, as it points out, if the disk drive in the photocopier is not protected with encryption software (or an overwrite mechanism), it means that the data is not secure. Because of the preponderance of ID theft and digital data, photocopier manufacturers have been adding--and to some extent, offering retrofitting kits--that will increase the security of the photocopier hard disks, so machines manufactured in the past year or so are probably secure. There is one problem with this approach though. I imagine that, in most cases, a password doesn't have to be entered to make copies. If that's true, then encryption solutions like AlertBoot won't make a difference in those instances where the entire photocopier goes missing--either due to theft or because it was returned after the office lease was over.
What's prompting this post? Well, winknews.com is following up on previous report involving the purchase of use hard disk drives on eBay. Analysis of those drives has shown personal information such as bank account and credit cards numbers and SSNs were saved on them. And, they were easily accessed--to wit, it means encryption was not used.
Sears and Giant Foods, two of the companies affected, even sent technicians to examine the drives. Neither could figure out how the information ended up in the drives. However, winknews.com has found hints within the drive's files that these drives may have been part of a photocopier.
The thing is, this is not really news. Foxnews--of all places--has an article dating from March 2007 warning readers on the threat posed by photocopiers. And, as it points out, if the disk drive in the photocopier is not protected with encryption software (or an overwrite mechanism), it means that the data is not secure.
Because of the preponderance of ID theft and digital data, photocopier manufacturers have been adding--and to some extent, offering retrofitting kits--that will increase the security of the photocopier hard disks, so machines manufactured in the past year or so are probably secure.
There is one problem with this approach though. I imagine that, in most cases, a password doesn't have to be entered to make copies. If that's true, then encryption solutions like AlertBoot won't make a difference in those instances where the entire photocopier goes missing--either due to theft or because it was returned after the office lease was over.
Related Articles and Sites:http://www.winknews.com/news/local/69890307.htmlhttp://www.foxnews.com/story/0,2933,258707,00.htmlhttp://www.identitytheft.com/index.php/article/are_photocopiers_a_riskhttp://www.silverplanet.com/scams/identity-theft/photocopiers-identity-theft/733