I had already covered the need for disk encryption software on modern photocopiers here, so didn't feel the need to cover a CBS news report on the possibility of data breaches via xerox machines. However, great interest has been expressed, so here are some of the salient things to note.
I had already covered the need for disk encryption software on modern photocopiers here, so didn't feel the need to cover a CBS news report on the possibility of data breaches via xerox machines.
However, great interest has been expressed, so here are some of the salient things to note.
A CBS reporter and an expert with the Digital Copier Security company visited a used warehouse full of copiers. They picked four machines based on price and number of pages copied. One of the copiers belonged to the Sex Crimes Division of the Buffalo (NY) Police Department. A second belonged to the same police but to the narcotics unit. The third was from a construction company. The fourth belonged to an insurance company. Overall, the information that could be gleaned included domestic violence reports, wanted, sex offenders, drug raid targets, design plans, checks, SSNs, medical records, etc.
A CBS reporter and an expert with the Digital Copier Security company visited a used warehouse full of copiers. They picked four machines based on price and number of pages copied.
One of the copiers belonged to the Sex Crimes Division of the Buffalo (NY) Police Department. A second belonged to the same police but to the narcotics unit. The third was from a construction company. The fourth belonged to an insurance company.
Overall, the information that could be gleaned included domestic violence reports, wanted, sex offenders, drug raid targets, design plans, checks, SSNs, medical records, etc.
It should be noted that the problem only affects digital photocopiers. This is because digital photocopiers essentially scan a page, store the image on an internal computer hard disk, and produce copies off of that image. I think the argument is that there is less parts failure by doing this: if you need 100 copies of a page, the copier doesn't need to move that light-bar-thingy 100 times. The problem though, is that now the photocopier can be breached in the same way that laptop computers can. The answer is to erase the information after the photocopier has become useful, or to use an encryption solution (not AlertBoot, unfortunately, in this case, as described below). The only problem I see is that plenty of companies lease their machines. In such a case, one wonders on whom the responsibility falls for protecting or deleting any sensitive data. As per the law, the owner of the data--the lessee--is responsible. But, any servicing and maintenance is usually done by the lessor, and the lessee messing around with the hard drive could void the contract and whatnot. I guess the latter could give the former the option to use encryption, or add a service to delete information after the copier is returned. Make it cheap enough and it could be a great vertical to the photocopy leasing business. After all, over 40 states now have a law regarding data breaches.
It should be noted that the problem only affects digital photocopiers.
This is because digital photocopiers essentially scan a page, store the image on an internal computer hard disk, and produce copies off of that image. I think the argument is that there is less parts failure by doing this: if you need 100 copies of a page, the copier doesn't need to move that light-bar-thingy 100 times.
The problem though, is that now the photocopier can be breached in the same way that laptop computers can.
The answer is to erase the information after the photocopier has become useful, or to use an encryption solution (not AlertBoot, unfortunately, in this case, as described below).
The only problem I see is that plenty of companies lease their machines. In such a case, one wonders on whom the responsibility falls for protecting or deleting any sensitive data. As per the law, the owner of the data--the lessee--is responsible. But, any servicing and maintenance is usually done by the lessor, and the lessee messing around with the hard drive could void the contract and whatnot.
I guess the latter could give the former the option to use encryption, or add a service to delete information after the copier is returned. Make it cheap enough and it could be a great vertical to the photocopy leasing business.
After all, over 40 states now have a law regarding data breaches.
Related Articles and Sites:http://www.cbsnews.com/stories/2010/04/19/eveningnews/main6412439.shtmlhttp://www.buffalonews.com/2010/04/21/1025945/police-data-on-copiers-causes.html