Data Leak! Data Leak! … Copy

There was an interesting May 18, 2010 article by the CBS Interactive staff with the title “Photocopier fallout: Congress, FTC ‘concerned’” available at;title  The article describes how electronic versions of all documents copied on certain copier machines are stored on internal disk storage devices and that, when the machines are scrapped, someone could access the disks and read their contents. Who knew?

Apparently, from the comments on the article, there are many (IT folks) who have been aware of this phenomenon for years. I am not one of those. Sure, I realized that modern copiers scan original documents and print from an electronic image on to the paper, since copies are printed well after the last page has been scanned. I just assumed that the pages were stored in memory and discarded once the pages had been printed. But saving the images to disk! Why would anyone even want to do that?  I can only imagine that the same folks who delight in scanning telephone logs so that they can charge employees for “personal calls” might be scanning the contents of the disks for “personal copies” so that they can charge back the cost to the employees. I have always believed that the cost of monitoring personal use of phone calls, copies, and the like often exceeds any monies retrieved and that the lowering of morale of such oversight only adds to the cost of such surveillance.

On the other hand, a high security establishment, such as a government research institute, might want to check that no copies were made of highly secret documents. But by the time such unauthorized copying were caught, the copies would probably have been sent on their way to their designated recipients, although nowadays electronic copies are more likely to be shared, as with WikiLeaks, say.

And of course, there have been privacy and security issues relating to the newer network-attached scanner-copier-printer devices, where one can scan and send documents without having to print them. These are really of greater concern, since scanned documents can be sent off-site in a heartbeat.

I have to believe that for many, the fact that images are being stored on copier storage devices came as a revelation. Seemingly Congress and the FTC were not aware. This falls into a category of unknown-unknowns similar to those that I covered in my May 10, 2010 column “Insider Threat – Not Knowing That You Don’t Know What You Don’t Know.” Clearly it is in the interest of those bent on theft and fraud (as well as perhaps blackmail and other crimes) not to have the knowledge of such data-leak mechanisms made public. So much data are regularly discarded on electromagnetic media residing in discarded PCs, cell phones, and the like. Increasingly, electronic copies of data flow uncontrolled throughout the cloud.

Making the public aware that copies of personal information and intellectual property might be so compromised could have some deterrent effect and make people more circumspect. However, it is unlikely that such awareness will have much impact. If the need or reward is great enough, and the chances of getting caught are thought to be small, then the convenience of making those unpermitted copies will most likely prevail, whether or not the person doing the copying is aware that the content is being stored within the machine.

Post a Comment

Your email is never published nor shared. Required fields are marked *