PRIVACY Forum Archive Document
PRIVACY Forum Digest Monday, 6 December 1999 Volume 08 : Issue 18 (http://www.vortex.com/privacy/priv.08.18) Moderated by Lauren Weinstein (email@example.com) Vortex Technology, Woodland Hills, CA, U.S.A. http://www.vortex.com ===== PRIVACY FORUM ===== ------------------------------------------------------------------- The PRIVACY Forum is supported in part by the ACM (Association for Computing Machinery) Committee on Computers and Public Policy, Cable & Wireless USA, Cisco Systems, Inc., and Telos Systems. - - - These organizations do not operate or control the PRIVACY Forum in any manner, and their support does not imply agreement on their part with nor responsibility for any materials posted on or related to the PRIVACY Forum. ------------------------------------------------------------------- CONTENTS IDs in Color Copies--A PRIVACY Forum Special Report (Lauren Weinstein; PRIVACY Forum Moderator) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "firstname.lastname@example.org" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are via an automatic list server system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "email@example.com". Mailing list problems should be reported to "firstname.lastname@example.org". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the list server system. Please follow the instructions above for getting the list server "help" information, which includes details regarding the "index" and "get" list server commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com/". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "http://www.vortex.com"; full keyword searching of all PRIVACY Forum files is available via WWW access. ----------------------------------------------------------------------------- VOLUME 08, ISSUE 18 Quote for the day: "It's not the heat, it's the humanity!" -- Jeff Douglas (Van Johnson) "Brigadoon" (MGM; 1954) ---------------------------------------------------------------------- Date: Mon, 6 Dec 99 13:31 PST From: email@example.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: IDs in Color Copies--A PRIVACY Forum Special Report Greetings. We've recently seen a tirade of stories about "hidden" identification codes and what many would consider to be surreptitious centralized information flowing from various popular Internet products and packages. These have tended to highlight an important truth--whether or not users really would be concerned about the particular identifiers or data involved, they tend to get the most upset when they feel that an effort was made to perform such functions "behind their backs." While it can be argued how routine, intrusive, or even mundane and innocent a particular case may be, it's certainly true that people feel a lot better when they know what's going on. This issue isn't restricted only to the Internet world. A case in point-- the recurring rumors floating around regarding the presence or absence of identification codes in color copies (or color prints xerographically generated from computer output systems). A recent story involved a customer who was refused permission to make a color copy of his driver's license (to deal with an identification problem with his local telephone company). A Kinko's (copying center) worker reportedly told him that such a copy was "illegal," and could be traced back to the store through a "hidden ID." Regardless of whether or not the Kinko's employee was being overzealous in his interpretation of the rules, what's really going on here regarding a so-called hidden ID code? In fact, rumors about this, often chalked up as an "urban legend," have been circulating for a long time. This is a bit ironic, given that in the copier/printer industry it's been well known for years--no secret--that "invisible" IDs are imprinted on virtually all color xerographic output, from (apparently) all of the manufacturers. But for persons outside of "the trade," this hasn't been as widely known (even though the issue goes back to the early 90's, and the topic has appeared in publications such as the Wall Street Journal). However, it does not appear that the privacy-related aspects of this technology have ever been subject to significant public discussion. In an effort to pin down the current state of the art in this area, I had a long and pleasant chat with one of Xerox's anti-counterfeiting experts, who is the technical product manager for several of their color-copying products. The conversation was quite illuminating. Please note that the details apply only to Xerox products, though we can safely assume similar systems from competing manufacturers, although their specific policies may differ. Years ago, when the potential for counterfeiting of valuable documents on color copiers/xerographic printers became apparent in Japan (where such machines first appeared) manufacturers were concerned about negative governmental reaction to such technology. In an effort to stave off legislative efforts to restrict such devices, various ID systems began being implemented at that point. At one stage for at least one U.S. manufacturer, this was as crude as a serial number etched on the underside of the imaging area glass! Modern systems, which are now reportedly implemented universally, use much more sophisticated methods, encoding the ID effectively as "noise" repeatedly throughout the image, making it impossible to circumvent the system through copying or printing over a small portion of the image area, or by cutting off portions of printed documents. Effectively, I'd term this as sort of the printing equivalent of "spread spectrum" in radio technology. To read these IDs, the document in question is scanned and the "noise" decoded via a secret and proprietary algorithm. In the case of Xerox-manufactured equipment, only Xerox has the means to do this, and they require a court order to do so (except for some specific government agencies, for whom they no longer require court authorizations). I'm told that the number of requests Xerox receives for this service is on the order of a couple a week from within the U.S. The ID is encoded in all color copies/prints from the Xerox color copier/printer line. It does not appear in black and white copies. The technology has continued to evolve, and it is possible that it might be implemented within other printing technologies as well (e.g. inkjet). At one time there were efforts made to also include date/time stamps within the encoded data, but these were dropped by Xerox (at least for now) due to inconsistencies such as the printer clocks not being set properly by their operators, rendering their value questionable. It's interesting to note that these machines also include other anti-counterfeiting measures, such as dumping extra cyan toner onto images when the unit believes it has detected an attempt to specifically copy currency. These techniques have all apparently been fairly successful--the Secret Service has reported something on the order of a 30% drop in color copying counterfeiting attempts since word of such measures has been circulating in the industry. The average person might wonder who the blazes would ever accept a xerographic copy of money in any case... but apparently many persons are not very discerning. I'm told that the Secret Service has examples in their files of counterfeit currency successfully passed that was printed on dot matrix printers. So counterfeiting is certainly a genuine problem. OK, so now you know--the IDs are there. The next question is, what does this really mean? Obviously the vast majority of uses for color copies are completely innocuous or even directly beneficial to the public good (e.g. whistleblowers attempting to expose a fraud against the public). Is it acceptable for an ID to be embedded in all color copies just to catch those cases? The answer seems to be, it depends. In some cases, even having an ID number doesn't necessarily tell you who currently owns the machine. While some countries (e.g. China) do keep tight reign on the ownership and transfer of such equipment, there is no "registration" requirement for such devices in the U.S. (though the routine servicing realities of large units might well create something of a de-facto registration in many situations). Xerox points out that non-color copies (at least on their machines) have no IDs, and that most copying applications don't need color. It is however also true that as the prices of color copiers and printers continue to fall, it seems only a matter of time before they become the "standard" even for home copying, at which time the presence of IDs could cover a much vaster range of documents and become increasingly significant from a routine privacy standpoint. It's also the case that we need to be watchful for the "spread" of this technology, intended for one purpose, into other areas or broader applications (what I call "technology creep"). We've seen this effect repeatedly with other technologies over the years, from automated toll collection to cell phone location tracking. While there is currently no U.S. legislative requirement that manufacturers of copier technology include IDs on color copies, it is also the case that these manufacturers have the clear impression that if they do not include such IDs, legislation to require them would be immediately forthcoming. It is important to be vigilant to avoid such perceived or real pressures from causing possibly intrusive technology creep in this area. In the copier case, that ID technology being used for color copies could be adapted to black and white copies and prints as well. The addition of cheap GPS units to copiers could provide not only valid date/time stamps, but also the physical locations of the units, all of which could be invisibly encoded within the printed images. Pressures to extend the surveillance of commercial copyright enforcement take such concepts out of the realm of science-fiction, and into the range of actual future possibilities. What many would consider to be currently acceptable anti-counterfeiting technology could be easily extended into the realm of serious privacy invasions. It would only require, as Dr. Strangelove once said, "The will to do so." Perhaps the most important point is that unless we as a society actively stay aware of these technologies, however laudable their initial applications may often be, we will be unable to participate in the debate that is crucial to determining their future evolution. And it's in the vacuum of technology evolving without meaningful input from society that the most serious abuses, be they related to the Internet or that copy machine over on your desk, are the most likely to occur. --Lauren-- firstname.lastname@example.org Lauren Weinstein Moderator, PRIVACY Forum - http://www.vortex.com Co-Founder, PFIR: People For Internet Responsibility - http://www.pfir.org Member, ACM Committee on Computers and Public Policy ------------------------------ End of PRIVACY Forum Digest 08.18 ************************
Vortex Technology Home Page
Copyright © 2005 Vortex Technology. All Rights Reserved.