

Canon blocks copy jobs by keyword - bensummers
http://www.itnews.com.au/News/235047,canon-blocks-copy-jobs-by-keyword.aspx

======
mcculley
I was surprised a few years ago to find that a similar thing was already
happening for big company email servers. My small company was working a joint
proposal with a division of a big company. Every time the teammate at BigCo
sent me his copy of the Word document containing the proposal, it would
mysteriously disappear en route through his Exchange server.

Once he removed the "Confidential Property of BigCo" footer from the document
it went through just fine. He was hitherto unaware that such a restriction
existed.

It was a violation of his company's policy that he send a document with that
footer outside of his network. It was also a violation of policy for him to
remove that footer from a proposal for which his company would be the prime
contractor. There's a lesson in there somewhere about centralized automatic
enforcement of policy.

~~~
sxdfvgbnhjhgbv
Happened in the UK parliament - their email system was quietly deleting emails
about child pornography, from the committee debating the rules for censorship
of child pornography.

------
jws
The more accurate and less alarming title should be: _Canon provides
capability for administrators to block copy jobs by keyword_.

~~~
qjz
Better yet: _Canon provides capability for low tier support technicians to
obtain copies of sensitive documents._

"The server will email the administrator a PDF copy of the document in
question if a user attempts to do so."

Seriously, WTF? Aren't they just replacing one security leak with another? Why
would you want a printer technician to get a complete copy of a blocked
document? A simple, nondescript notification/log entry should suffice.

------
billybob
Essentially, this is a form of secret, artificial intelligence that frustrates
your plans. As such, I predict epic fails.

You know, like when the publication has a rule that all references to "the
queen" should be changed to "Queen Elizabeth." Then they publish an article on
bees, which states "Queen Elizabeth can lay thousands of eggs at a time..."

Similar crap will happen. Some keyword will silently block the copying or
printing of an innocent but important document and cause hilarity and/or a
major problem. "We lost the contract! We couldn't fax in the proposal by the
deadline because it wouldn't print!"

~~~
sxdfvgbnhjhgbv
Or writing about the US sprinter "Tyson Homosexual" -
[http://voices.washingtonpost.com/sleuth/2008/07/christian_si...](http://voices.washingtonpost.com/sleuth/2008/07/christian_sites_ban_on_g_word.html)

------
ShabbyDoo
This is an interesting way to plug an "analog hole" in secure environments
(or, more accurately, environments where information security is desired). It
reminds me of stories of financial institutions filling the USB ports on
desktop computers with epoxy.

Here's my question....It seems that the confidential information with the
highest value is small and qualitative. "Company X is considering the purchase
of Company Y." Obviously, the value of that information for insider trading is
huge. But, if I've read that memo in the law firm's office, I don't need to
make a photocopy to profit.

Perhaps the next tier down is where such hole plugging makes sense: A customer
list is valuable, but I couldn't remember 10K names and email addresses, so
I'd have to make a copy (digital or analog). One headhunter at a local office
of a national firm told me that their client/resume system was Citrix-hosed
and had copy/paste disabled to make it harder for employees to harvest data
before leaving. Of course, access was logged at the record-level as well.

What about cases where a needle might be found in a haystack? Copy all 10TB of
a law firm's documents, take them home, and look for deals which might happen
in the future. In either the digital (thumbdrive) or analog (copymachine)
cases, it seems easy to figure out retrospectively that a breech occurred --
Look, Bob copied 5K documents and then quit!. However, the horse is already
out of the stable at that point. Perhaps the preventative nature of this copy
machine technology is what makes it attractive?

Restaurant POS systems have all sorts of rules in place to prevent employee
fraud. One scheme involves a server's friend making a purchase and leaving a
HUGE tip on a credit card. The server gets his paycheck, and then the friend
disputes the charge. To prevent this, POS systems can be configured to require
a manager's approval for a tip larger than X%. I wonder if similar schemes
could be employed to force collusion in data theft. Let's say that any user
could print 100 pages without manager (or even peer?) approval, but someone
else would have to vouch for the legitimacy of the request after that point? I
wonder what percentage of breeches that would prevent. The same could be done
with accessing documents from a law firm's document management system -- You
can see N documents not related to your own clients before somebody else has
get involved.

------
DanLivesHere
Having worked at a law firm and in the legal department of a large Wall Street
bank, I don't think this is as huge of a freedom issue than you'd think. I
don't expect this to get used outside that environment.

~~~
mikeryan
I agree - I'd think the most common words on the list would be "Confidential",
"Private" or a phrase like "Do not copy"

~~~
billybob
"Well, Bob, the programmers are ticked because they can't print their training
handout on public and private variables..."

------
timmaah
>>The server will email the administrator a PDF copy of the document in
question if a user attempts to do so.<<

The document is important enough to not allow to print, yet lets make a few
extra copies and store them on the mail server.

~~~
jasonlotito
I think the assumption here is that you'd know about the copy on your mail
server, that is also hopefully locked down. After all, free access on the mail
server is probably much worse than a single PDF.

------
Luyt
This reminds me of the banknote copy protection which is builtin in many
scanners and copiers, the so-called 'EURion Constellation'.

It consists of a number of circles in a specific configuration. For a picture
and more info, see <http://en.wikipedia.org/wiki/Eurion> and/or
<http://www.grimes.demon.co.uk/security/currency.htm>

------
learner4life
Would it not be slow? Binarizing and OCR'ing documents is not cheap. I would
hate it if I had to wait for 2 minutes before I could pick the printout.

