
Most Digital Photocopiers Save Every Page Ever Scanned - dpritchett
http://www.cbsnews.com/stories/2010/04/19/eveningnews/main6412439.shtml
======
randombit
What I am finding really absurd about this whole thing is, the photocopier
companies knew about this (obviously), and a number actually had
services/software available to wipe the drives - but failed utterly in
actually telling anyone who might care about them.

My gf works at a hospital and there are many panties in a twist about this
right now. She contacted one of their major photocopier providers and asked
about what happened to the ones they had on lease that were returned in the
last few years. "Oh, they were sold, or scrapped, or given away... couldn't
really tell you for certain though." So the obvious question: "Did you wipe
the drives first?" "A: No, that wasn't included in our contract with you." -
because nobody knew about this 'feature' when the contracts were written!

Massive fail both security wise and from the sales side on missing easy
upselling. Very likely any hospital or police dept would gladly have paid for
these services had they know it was necessary.

------
blahedo
_"In 2008, Sharp commissioned a survey on copier security that found 60
percent of Americans "don't know" that copiers store images on a hard drive.
Sharp tried to warn consumers about the simple act of copying."_

Does anyone remember this warning? I certainly heard nothing about this; and
while I knew there had to be a hard drive in there to temporarily store the
image, there was no reason to expect that it would store images permanently.
Of _course_ Americans "don't know" that copiers store images like that; how
would we? Who had ever, EVER told us?

~~~
jim_dot
I'm surprised it's only 60%!

~~~
brown9-2
Depends on how the survey question was structured. I can imagine

 _Do you know that photocopiers store image on a hard drive?_

would get very different response rates than

 _Do you know that photocopiers store image on a hard drive permanently until
manually wiped?_

~~~
pbhjpbhj
>Do you know that photocopiers store image on a hard drive?

Is still pretty leading. People would say yes because they don't want to
appear naive.

"Do photocopiers keep any records of copies made?"

~~~
hugh3
Ah, but in that case you'd get fifty-fifty since people who had no idea would
just guess.

~~~
pbhjpbhj
I was considering it as an open question not a yes/no. If they say yes you ask
them how. That way they are demonstrating their knowledge rather than claiming
it.

Like if you wanted to find out if people know that bacon flavour crisps are
vegetarian you'd ask something like "do any crisps contain meat or animal
products?" and be prepared with follow on questions. So if the response is
"no" you go back with "not even BBQ beef or bacon flavour?". If they answer
"yes" you ask "out of these, which are suitable for vegetarians: ..." or
somesuch.

------
pasbesoin
At my last "office" job, the new machines they brought in were fully
networkable. (The next time you're using a newer generation copier, check
whether there's some cat5/6 plugged into the back.)

So, if you copied something personal during your lunch break (considered a de
facto perk, as long as exercised in restraint, e.g. that tax form before
dropping same in the mail), would it remain on the copier hard drive? Worse,
would it be deliberately archived in a company datastore?

This place was big enough and sophisticated enough to have some technologists
dedicated to managing the machines (in conjunction with a service contract).
Yet I ended up having to help them with some configuration difficulties. Which
led and leads me to consider the implications also raised by this story. Any
organization with a halfway decent security policy should understand and
address these problems when first deciding the bring the machines in. Yet they
apparently don't. And manufacturers should have addressed them up front in the
feature set and use/management guidelines (e.g. a setting to wipe images on
job completion, whether user controlled or in overall systems settings; a
clear machine management feature to securely wipe (e.g. to a clearly defined
and understood DoD standard) all drive data storage). Yet they apparently
haven't. Or they don't clearly steer customers to knowledge and use of those
features.

The reasons for the technological features are obvious. Their mis-management,
unfortunately, seems all too familiar. I'm sure there were people arguing for
better, but that would have been _hard_.

------
sili
Can someone explain the need for a copier to do that? Which engineer in his
right mind thought that this would be a good idea without some routine clean
up procedure?

~~~
oiuytfgvbhjnk
You need it to do multiple copies, double sided copies, collated etc. All the
major maker's built-in software does overwrites of the data to various levels
of security. Otherwise the government wouldn't buy them.

They also have fairly small drives - the companies are out to make money - so
at somewhere like kinkos your job would be overwritten multiple times by the
end of the day. It's only an issue if the system fails and the drive needs to
be replaced - but anywhere operating under any sort of security regs would
destroy the drive before it went off site.

We used to destroy them along with any waste explosive/munitions. Then health
and safety stopped us and we had to buy a super monster shredder - which is a
lot scarier than explosives but it can shred drives/entire files/interns etc.

~~~
randrews
Why would you need nonvolatile storage for that? Why not just store it in RAM
temporarily?

~~~
tedunangst
A hard drive could be cheaper than the amount of RAM required to store 20
pages of uncompressed scans.

~~~
randrews
If it's only 20 pages, I'd actually guess not. HDD + controller, for a minimum
of (say) a 20 gig drive (I couldn't find any smaller ones), I'd guess would be
a lot more than the extra hundred megs (tops) in the RAM that it already needs
to have anyway. So it only makes sense to have a drive if you want to store a
LOT more images than 20.

Maybe it needs a drive anyway for some other reason (like the software that
runs it lives there instead of on a CF card or something), so it ends up being
cheaper and easier that way?

~~~
Daniel_Newby
100 megs? A single letter-size sheet is 30 megs at 600 ppi.

~~~
randrews
Okay, so 600 megs. An extra gig of RAM has to be cheaper than a hard drive +
controller you wouldn't otherwise need, right?

~~~
Daniel_Newby
Many people occasionally copy/print multi-hundred page documents. That runs to
many gigs of RAM, $30 just for the DRAM chips. And then you need to design
what amounts to a custom PC motherboard to talk to them. The price could
easily run to $75, not counting the enormous engineering costs.

Or you buy a $40 ATA drive and connect it to your embedded processor's built-
in interface.

------
chc
Unexpected conclusion: Photocopying your rear end counts as pro-privacy
activism.

~~~
arvinjoar
If done properly, this could be part of an awesome XKCD.

~~~
Groxx
What would a stick-person's scanned butt look like?

V?

------
halostatue
From the article: "All the major manufacturers told us they offer security or
encryption packages on their products. One product from Sharp automatically
erases an image from the hard drive. It costs $500."

This should not cost extra. It should be included in every single hard-drive-
based copier.

~~~
pyre
It would be a shame if your business were to 'happen' to catch fire, but
luckily we can prevent that from happening... for a fee.

~~~
Groxx
... says the insurance company, who installed char cloth in your walls as
"insulation".

------
Alex63
Isn't it ethically questionable for the manufacturers to know about the issue
(as they admit in the article), but to charge extra for software to address
it? At the very least, shouldn't encryption or the mentioned erase utility be
sold with the machine, with the buyer having the option to opt out if they
don't want it?

~~~
Kadin
Lots of manufacturers charge extra for various security options, on all sorts
of hardware and software. We can go back and forth all day on the "ethics" of
it, but it's pretty standard practice.

And Sharp's add-on module might not be required if the copiers were treated
like the computers that they are; it would be perfectly fine to just remove
the hard drives when the units are being sold at their EOL, as I suspect most
healthcare and government facilities do with their old PCs.

------
maukdaddy
From an Infosec perspective this is terrifying, not simply because of the
amount of data, but how difficult it is to scrub. Most people/businesses know
that they need to scrub the hard drives from computers before
donating/surplussing. Doing the same with copiers is a nightmare.

This is why I'd recommend all businesses use some kind of secure disposal
service to get rid of old equipment. Hopefully the businesses that specialize
in this field will add copiers to the list of items they scrub.

~~~
Kadin
It's not just copiers. Most office printers these days contain their own
servers, with hard drives for the spool. It would be just as simple to analyze
the drive from one of them and grab whatever's left.

And there you'd just be dealing with PS and PCL, probably, rather than some
weird proprietary image format that you might get on a copier's drive.

------
Tichy
"All the major manufacturers told us they offer security or encryption
packages on their products. One product from Sharp automatically erases an
image from the hard drive. It costs $500."

That's just outrageous. I can't think of a reason why copiers need to store
images to begin with. It's a huge fail from the producers, and they shouldn't
charge for cleaning up the mess.

Instead this should evoke a scandal like the Toyota braking thing and make
producers have to recall their copiers, with millions or billions of losses.

------
jfmiller28
Any Idea how to extract these stored images. There has been more then one
occasion where I would have likes copy of an accentually shredded original.

~~~
ErrantX
You'll need to get the drive out. The connector needed is the only
complication; it could be anything but is probably one of the mini IDE style
connections.

Once out and connected to a computer you can recover data using any manner of
tools.

I think FTK 1.8 still has a free trial you can use
(<http://accessdata.com/downloads.html>). It's a bit of overkill for such a
simple job but it will recover files fine. Otherwise just Google for programs
to use on your OS of choice.

~~~
Sidnicious
I'd try Foremost: <http://foremost.sourceforge.net/>

------
giardini
This reminds me of the hidden identifying markers put on all printed color
pages for later possible "forensic" investigation by FBI/spook types:

"Government Uses Color Laser Printer Technology to Track Documents"

[http://www.pcworld.com/article/118664/government_uses_color_...](http://www.pcworld.com/article/118664/government_uses_color_laser_printer_technology_to_track_documents.html)

------
mambodog
Copiers saving potentially (very) sensitive information to enable features
most people don't use. Seems like a poor choice of default...

------
pg
<http://lab.arc90.com/experiments/readability/>

~~~
dpritchett
I've found the Readability Redux Chrome extension to be just as good and
significantly faster!
[https://chrome.google.com/extensions/detail/jggheggpdocamnea...](https://chrome.google.com/extensions/detail/jggheggpdocamneaacmfoipeehedigia)

In re: the article - Do you think arc90 is logging every document that is
passed through Readability? Is this body of information worthwhile? I suppose
it is good ammo for them to use to approach large media properties about the
possibility of a paid site redesign project.

------
grk
So, wait, when I push "Print + Delete" it deletes the page from the job queue,
but still stores it on the hard drive? Now _that's_ misleading.

------
zitterbewegung
I wish I had enough money to buy some digital photocopiers from interesting
places. Government surplus sales would probably be the most fun.

------
lr
In general, you can't really scrub a hard drive. No company in their right
mind should ever let an old computer go out the door with a hard drive in it.
Hard drives should be destroyed. I recommend something like this:
<http://www.youtube.com/watch?v=sQYPCPB1g3o>

~~~
shizcakes
Not true. A single pass of 0's is sufficient to make a magnetic drive
unrecoverable. Anything more is FUD.

~~~
ErrantX
Yeh agreed. It's a much argued situation in the Forensic world - but this
paper pretty much agrees that it is impossible:
<http://www.springerlink.com/content/408263ql11460147/>

~~~
lr
Given that our government requires the destruction of storage devices to
protect their secretes from seeing the light of day, I have to wonder why
anyone would ever want to risk it:
[http://www.nsa.gov/ia/guidance/media_destruction_guidance/in...](http://www.nsa.gov/ia/guidance/media_destruction_guidance/index.shtml)

Seriously, how expensive are hard drives these days?!

~~~
ErrantX
Yeh it' sensible if you have, say, confidential/classified information (we
have to destroy most of our dead drives).

But I think that's mostly just overkill. I'm fairly sure that it is completely
infeasible to recover data even for the mighty government. :P

I suspect the theory is that wiping a drive is prone to accidental
failure/mistakes. Destruction is pretty unequivocally permanent :)

~~~
jacquesm
Wipe the drive, _then_ destroy it.

After all, simply destroying a drive would allow you to magnetically scan the
bits and pieces of the platters left over.

~~~
ErrantX
meh, I don't imagine anyone could do that - the positioning of the platters is
important and with a load of it munched you're screwed :)

~~~
jacquesm
Hm... two steppers geared down quite a bit, a hard drive head. Striping
between platters really is a problem, but given enough time...

That would be an interesting challenge, now to find someone to pay for it.

I don't think it would be easy, but if the information is still on the
platters you should be able to recover at least some of it.

Especially if it is email or other textual information it would not take a
very large fragment to contain a large chunk of text.

On a single platter drive you'd have a better chance than on a multi-platter
one, the synchronization tracks would help in figuring out what went were.
It's a bit like puzzling together shredded documents.

------
maeon3
EVERY page? That could finally solve all my hard drive space problem. Store
the images on a photocopier!

~~~
e1ven
20GB Hard Drive (Cheap) / 100KB / Jpg stored = 200,000 pages.

Effectively infinite, when considering the copier lifetime. Certainly falls
within most people's definition of Every.

~~~
CWuestefeld
At 300dpi (which is pretty minimally low), an 8.5x11 image is 8.4 Mpixels. At
any decent compression, that's going to be more like 1MB/page, or 20,000
pages.

Maybe we're talking monochrome? That reduces image size, but I'm not sure how
to calculate that.

~~~
e1ven
Don't worry, it's not "every" page like the journalist sId, it's only the last
20,000. Somehow, I don't think that will make anyone feel better.

It's "every" by any normal definition, particularly in this context.

~~~
whatusername
So the answer is to have the work-experience kid press the copy/scan button
20,000 times! :P

------
hackermom
Another interesting, related fact, that not many people know of: the small
photo booths you find on airports, train stations, malls etc., the ones often
used to take that classic, romantic strip of pictures with your loved one, or
your passport photo and so on, exposes each frame on a special type of
transparent, photographic film laid flat onto a strip of photographic paper.
The directly exposed paper is the copy you get in the slot, but the reel of
film is kept in the machine for "governmental bodies' reference".

~~~
smallblacksun
reference?

