Wednesday, October 7, 2020

Printed Document Tracking

The Electronic Frontier Foundation has an interesting document about color laser printers. It seems that all the manufacturers of color laser printers have entered a secret agreement with the government to add invisible or near invisible markers to all documents. These markers include such information as the date and time the document was printed and the serial number of the printer.

The use of embedded information is printed documents or pictures is not new. It has been used at least since WWII, although it usually involved interested parties that were trying to smuggle information hidden in plain sight. 

 The use of codes in printers is for the purpose of tracking and finding people who created a print. This might be because the document contained plans or a threat. Or it might be to find someone who had printed a classified document and then leaked it, as was the case of a contractor that printed a document at an NSA facility and delivered to a news website in 2017. She had taken a document concerning Russian cyber attacks on U.S. voting software during the last election. 

The document included barely visible dots in a pattern that carried information. That information was enough to track the document to the building and then to her.  


In the right lighting, the dots become visible information. It is unlikely that all printers use a system that is so easily detected but every modern printer should be assumed to be embedding information of this type.

You are not paranoid enough. Thus ends your security lesson for today.


libertyman said...

Intersting, someone actually going to jail for breaking the law. This from April of this year:

"A federal judge on Friday rejected a request made by jailed National Security Agency leaker Reality Leigh Winner to be released early from prison due to the coronavirus pandemic."

Reality Winner sounds like the name of a horse that came in third at the Kentucky Derby.

B said...

So how can one counter this?

Copy machine afterwards? Get a list of printers that don't do this? Have things printed at Staples or the like?

Asking for a friend....

Coyote Hubbard III said...

I wonder if they have it figured out if you take such a coded print, and made a low quality photocopy, then took a picture of that with a burner phone camera, then printed it out, if you could be traced.


The Freeholder said...

This has been going on for quite a while. It's why every color printer I know of won't print, even b&w, if one of the colors runs out.

Coyote Hubbard III said...


Thinking about it, i recall at one time some printers/copiers had a copy of every single thing ever printed. I can see nowadays it could possibly be on a secure cloud somewhere, so you print at Staples, they trace it back to Staples, they know when it was printed, they pull security tape...

this is kind of a fun thought experiment to figure out how to circumvent this stuff.

By now, there is probably some tracking mode that tracks everytime a document is read/printed, and who was logged in for that.

Horatio Lust said...

Been going on a long time

Old NFO said...

Yep, old news. And security 'knows' those tricks.

Feral Ferret said...

Horatio, Not exactly what I was expecting at your link, but quite worthwhile. I haven't gone to the movies in many years, mostly because I didn't see much worth my time and money. This looks like it may be worthwhile. Loved Mel Gibson in "Conspiracy Theory".

And yes, any copier that scans has a hard drive that stores everything copied. Been that way for many years. Most of those are now network interfaced, so the info is technically accessible remotely. My employers always remove the internal hard drive before disposing of the copier when it dies or is retired.

Jonathan H said...

Note that the article only mentions color printers. It mentions color laser printers, but I would assume color inkjet printers do it too.

If you want to avoid it, use a black and white printer - or buy a printer (and cartridges) with cash locally (hard to do these days).

But you don't have to worry about it much - The tracking can only be done by National Security types - and if they have their eye on you, you're pretty much screwed anyway!
I know from Grand Jury duty that local cops & prosecutors in many places don't even try to get information from big companies, so even something as simple as Google Voice or a Yahoo email address are hard for locals to get into.

Richard said...

If things get really sporty, we will lose a lot of people to poor OpSec.

Aesop said...

We read of this news some number of months back.

But it always bears repeating.

Big Brother IS watching you, and your devices and tech are his minions.