Analysis: Printing's secret service

Posted on 28 Nov 2005 at 12:01

According to US counterfeiting experts: 'Globalisation of counterfeiting is the biggest problem we face today,' but does that justify technology that enables secret snooping on just about every colour laser printer owner in the world?

The digital rights campaigner Electronic Freedom Frontier (EFF) recently cracked a secret code embedded in pages printed on Xerox's high-end DocuColor laser printer, confirming the suspicion that technology companies were working alongside governments to track the way we use technology.

'We've found that the dots from at least one line of printers encode the date and time your document was printed, as well as the serial number of the printer,' said EFF technologist Seth David Schoen. 'So far, we've only broken the code for Xerox DocuColor printers, but we believe that other models from other manufacturers include the same personally identifiable information in their tracking dots.'
According to the EEF, the dots are printed on pages produced by virtually every major colour laser printer manufacturer, including HP and Canon.

The almost invisible marks are yellow, formed into a grid less than 1mm across, and are typically repeated on each page of a document.

Eric Zahren of the US Secret Service asserts: 'the technology is simply designed to make it more difficult to use computing equipment for illegally reproducing US currency,' and stresses that it doesn't track the use of a computer's hardware or software.

But this overlooks the obvious fact that print-outs record users' actions.

If a government agency, or anyone else with knowledge of the code, knows who printed a document, they most certainly know what a user has been doing with the software on their PC - it's there in black and white.

What concerns privacy lawyers is the underhand nature of the tracking technology, which has certainly not been publicised - to see the pattern, you need a blue light and a magnifying glass, or a microscope - and is not apparently covered by any sort of investigatory laws.

'There seems to be no assurance that governments will only use the information for tracing counterfeit money,' said a spokesperson for the Centre for Democracy and Technology. 'Consumers haven't been told this technology exists in machines they are buying. At the very least there should be a notice to consumers.'

Of course, governments have a responsibility to curb counterfeiting, but civil liberties campaigners say this embedded coding removes anonymity from people who might have a legitimate reason for concealing their identity.

'Underground democracy movements that produce political or religious pamphlets and flyers, like the Russian Samizdat of the 1980s, will always need the anonymity of simple paper documents, but this technology makes it easier for governments to find dissenters,' said EFF lawyer Lee Tien.

'Even worse, it shows how the government and private industry make back-room deals to weaken our privacy by compromising everyday equipment such as printers. The logical next question is: what other deals have been or are being made to ensure that our technology rats on us?'

And if these codes are known outside the government departments they were designed for, they could be very useful to corporate snoopers too.

'I'd love to have been able to find out who printed some documents, especially when they were released to the press,' one former chief executive told PC Pro. 'I wouldn't be surprised if this news boosted sales for Xerox.