Printers

The truth about copier hard drives: Tips for securing your data

After watching the recent CBS News report on the data security risks of office copiers, I decided to learn more about these multi-function peripherals for myself. Here are some tips for securing MFPs in your organization.

Watching the CBS report on how documents are being stored on copier hard drives was confusing to me. I decided to investigate the state of security on these multi-function peripherals for myself.

----------------------------------------------------------------------------------------

I recently read an article by Bill Detwiler, Head Technology Editor for TechRepublic. It was an interesting piece about a CBS News report by chief investigative correspondent Armen Keteyian titled: "Digital Photocopiers Loaded with Secrets." The CBS article also had the following tag line: "Your office copy machine might digitally store thousands of documents that get passed on at resale." What immediately caught my eye was the word might. Well, do they store information or not?

According to the video and John Juntunen of Digital Copier Security:

"Nearly every digital copier built since 2002 contains one of these, a hard drive. Like the one in your personal computer; it stores an image of every document scanned, copied, or emailed by the machine."

My multi-function peripherals (MFPs)

I am responsible for several networked Multi-Function Peripherals (MFP). So, I started doing my homework and, needless to say, it was harder than I thought to get to the bottom of this. It was time to bring in the experts. I called Marco, Inc., the company we lease our MFPs from, to see if I could learn anything. I talked to Dale Evens, Marco's veteran DS service manager.

Evens explained that the brands of MFPs they sell or lease do not store images by default. He pointed me to a Konica Minolta document where Kevin Kern, Senior VP of Marketing for Konica Minolta Business Solutions USA, responds to the CBS News broadcast:

"A recent CBS News broadcast raised the issue of security of hard drive data in digital multifunction products. Konica Minolta would like to assure you that we are a leader in the area of MFP security. Our MFPs can ensure documents that are copied, scanned, faxed or otherwise transmitted do not remain stored on the hard drive or in DRAM memory as a standard feature."

Data security kits

In my research, I noticed that several other MFP brands had similar statements. But, they still offer an optional data security kit that provides the following services:

  • Encrypts all data prior to being stored in DRAM
  • Encrypts all data stored on the hard drive
  • DRAM is cleared after copy, scan, and print use
  • Runs automatically without user initiation
  • Provides overwriting routines to make deleted data irretrievable

Why would you need data security kits if no digitized data is retained?

Sensitive information

I asked Mr. Evens about this. He mentioned that businesses typically enter sensitive information into the MFP's address book. Names, email addresses, and fax numbers are some examples. Also, MFPs have the ability to create document servers where employees can save printed, scanned, or copied documents.

Other concerns

I asked Mr. Evens if there were any other concerns that we should be aware of. He provided some interesting insight that I would like to share:

  • Physical access: Think about who has access to the copier; employees, customers, and service technicians (genuine and imposters). If sensitive information is stored, it needs to be protected.
  • Network access: Mr. Evens mentioned that most MFPs use proprietary operating systems, which makes them fairly immune to exploitation. But, it is a good idea to check the National Vulnerability Database for any problems with your specific brand of MFP.
  • Web-based configuration: Most MFPs have a web interface for configuration and access to the address book. It is usually pass-word protected. Make sure it's not the default password.
  • Public MFPs: Mr. Evens advises against using any public MFP or copy services like FedEx Office if the document to be printed or copied contains sensitive information. It is impossible to know how the MFP is configured and whether it is saving a copy of each digitized document.

Best practices for securing MFPs

One thing became clear as I looked at what the various MFP manufacturers considered appropriate security. MFP physical and digital security should be folded into the company's IT security policy. To that end, let's look at what manufacturers consider important:

  • Meet industry certification: When deciding what brand and model to lease or buy, make sure the device meets industry security standards. Two prominent certifications are ISO 15408 Level 3 Certification and IEEE-2600-2008.
  • Ease-of-use versus security: Company management must decide what access controls to use if any. Access controls typically consist of user authentication, account codes, and password protection.
  • Data security kits: As mentioned in the CBS News video, MFP distributors need to inform customers about data security packages and their importance. If there are any security concerns, using a data security kit will address them.
  • End-of-Life considerations: When buying or signing a lease for MFPs, determine what should happen to the hard drive at end-of-life. Typical options are; destroy the hard drive, keep it on-site, or have the MFP distributor scrub the hard drive using an approved process.
Final thoughts

Whether a particular MFP saves every digitized document or not appears to depend on the brand and how it is configured.  It took some effort, but I found out the MFPs I'm responsible for do not retain images by default. That's good; now I am going to make sure management understands what information is readily available on the MFPs and how to protect it.

A special thanks to Marco's Dave Evens for answering my questions.

About

Information is my field...Writing is my passion...Coupling the two is my mission.

99 comments
gonzalezmar
gonzalezmar

How can I retrieve a copy form, not scan, copied.

Lotec
Lotec

And it is the responsibility of the supplier/tech to wipe the disk drives before it is sold to others, or being sendt for recycling.

gtpillsdotcom
gtpillsdotcom

Sounds like another scam to make money by fear mongering. Now every time I make a photocopy of my butt, I have the fear that copies will be distributed far and wide.

ErnstStavroBlofeld
ErnstStavroBlofeld

DOES THIS mean that every copy i've made lately at the UPS Store or Staples Copy Center, e.g., of my tax returns, or whatever, is in fact on a HDD there? i've been a lawyer for more than 30 years, and have spent so much time in front of copy machines in that time that i can verify that's it's true, you can get a tan from a copy machine - of course, it's sort of greenish, as far from a sunshine tan as the orangeish chemical tans are, but hey! it's a tan. anyway, i know copying and paper. so, lately, probably last 5-6 years, all machines i now use quickly process the paper into memory, before printing out. this is, i presume, because that way they can make multiple copies, and if only one is desired, no big loss. but to do this, they need memory, and i presume it's a HDD, which if you've followed computers over the decades, have gotten so large, and slipped the surly bonds of DOS, that there's no practical limit on size, as there would be with a memory chip. indeed, the HDD makers ability in this regard led, if you remember, to the total disintegration of a whole business in digitalworld, namely that of hard drive compaction, so as to fit ever more data onto a fixed (by DOS limits, among other boundaries) disk. but once those limits dissolved, so did the need for the compacting business. i don't even remember the names of these companies, one was located in carlsbad, CA, but they were big at the time, ie significant stock market capitalization. now, dust. anyway, thank you michael for shedding light on this issue, this has many ramifications.

lazerous200
lazerous200

I work in the IT department of a large corporation as a repair tec. All of the machines come through our department to either be repaired, scrapped, or otherwise prepared for selling or end of lease packaging. I pull all of the hard drives from these machines and either reformat them or destroy them, what ever the case may be. I also default them and wipe the memory clean before any of them leave my area. I have seen some of the MFPs that quit working for one reason or another, spit out up to 65 pages of incoming and out going faxes, one machine in particular had 120 pages of employee information still in it. All MFP machines will store a multitude of incoming faxes and put them in que until they can be printed out orotherwise processed. It is always a good practice to unload their information before doing anything with the machines. If the machine has outlived it's life and is to be scrapped, it is a good idea to pull the Main PCB and destroy it along with any storage perifreals such as hard drives or memory cards. It is better spend the extra time and be on the safe side than to pay the piper later.

mukababi
mukababi

Thanks, this was not something I was sweating too much because of other priorities and now after reviewing our devices against your article we know we don't need to. We're secured for our environment. Thanks for sharing your research and work with us. It's saved us time and effort.

rondadams
rondadams

I am a software developer with more than 20 years experience, and I have to ask how do these devices clean or maintain themselves? I haven't seen it mentioned anywherem, but I would assume they have built-in automatic routines to remove old documents if the hard drive starts running low, right? Or, does a hard drive full condition prompt a service call where the tech has to perform the task manually? If this doesn't exist, it should. And, it should be a user/administrator setting to how often the process runs and what kind of retention stored documents should have. This would seem to be a solution that would solve a lot of the problems pretty easily. Or, is it a more difficult task than what I understand?

delphi9_1971
delphi9_1971

...the truth probably lies somewhere in the middle. It seems to me that that CBS report made it seem that this data was stored and rather easy to retrieve. I'd suspect that the US Media's penchant for dramatization added a bit of hype and it's probably not as easy to retrieve that data as they made it seem. That said, that piece was not very flattering to the copier manufacturers and it would be in their best interest to downplay this story as much as possible. So I'm not buying the statement that the only reason to by the encryption features are for the address books. Lets face it the Secret Service forced Manufacturers to digitally watermark all photocopier prints to catch counterfeiters, why wouldn't they or another agency ask the manufacturers to store copies of all the documents just like the watermarks? It's easy to see why it would be in the best interest of the government to want to keep this hidden (can you say "non-disclosure agreement?" I'll bet you could...). Either way, I suspect that there is some truth to the CBS story, while I'd also suspect that CBS blew it a bit out of proportion too. The key take away here is, research the technology you provide your users and secure it as best you can.

Craig_B
Craig_B

You never know what you'll find on these devices. A number of years ago, I was working late one night and went to make a copy of a document. I pressed Copy and a message displayed "clearing previous job". A large job (many pages) comes out that contains confidential financial data of the company. I quickly put the document in the shredder, as ignorance is bliss.

papafarmer
papafarmer

Last week I rented a car through Budget at the airport in Vegas. As a FastBreak member, I skipped the checkout and went directly to the booth. They asked for both my driver's license and credit card and photocopied them both on one piece of paper. I observed them doing it to everyone. I'm probably less worried about the copier as I am with what they did with the paper. This was clearly in violation of the new PCI compliance laws effective the first of July. How do you suggest handling that type of transaction. The attendant was obviously clueless and was just following directions. It was late at night and I just wanted to get the car and go to my hotel room, so I let it go.

jjuntunen
jjuntunen

Most copiers have firmware also on the hard drive. If you are sending the machine back to the leasing company and you just cleaned the hard drive, expect to get a hefty bill from the leasing company when you return a non working copier. This happen to a major university that returned the copiers after the IT dept cleared the drives. $20,000 bill ouch!

Michael Kassner
Michael Kassner

I have setup a few systems for clients and the traffic from the reader to the server on those systems was encrypted. That said, it was not a hard drive. It was DRAM.

SgtPappy
SgtPappy

I might as well walk around with my name, birthdate, ssn, address, phone number, place of employment and while I'm at it all my credit card information on a 3x5 inch index card and hand them out to everyone I see.

david.hunt
david.hunt

PCs spool print files and even provide "virtual memory". There's a "delete" function for deleting files and for spool files this is automatic. By the way, I take "proprietary OS" with a grain of salt. Why would each company write its own OS from scratch including FTP, HTTP, SMB, SMTP, SNMP.... Get real! They have surely taken either a Linux, RTOS or WinCE base and made some proprietary mods. Unfortunately, the delete in PC OS' often do not actually delete the actual file data, or at the very least not in accordance with an *authoritative* "approved process". By the way, when the MFP vendor says they have a "security Kit" that deletes in accordance with an "approved process". What does that mean? Is it DoD approved for commercial grade documents (non-classified). Please provide the DoD approval certificate, Mr vendor! Obviously if you deal with classified material, then the hard drive isn't going to leave the building in one piece.

dan
dan

Just as on computers when a file is deleted just the address is deleted. If the space needs to be reused the info is overwritten. Most of the info on an MFP is data that was written to it temporarily and the deleted. With the right forensic tools it can be recovered but doesn't interfere with the disk usage.

Michael Kassner
Michael Kassner

That there are so many different brands and very little standardization. The MFPs I work with have the ability to set retention limits. As for what happens when the hard drive gets full, I will have to look into that. At my location, the MFPs do not save copies and we do not have user folders, just an address book. I will try and find out some more information for you.

SgtPappy
SgtPappy

It is a hard drive - probably a standard 3.5 or 2.5 inch SATA drive. If it isn't encrypted you can pull it out, put it in another computer as a slave and viola - access to data. If it is like the hard drive in my company's MFP, it is that simple. Don't let the Paranoia get to you man. The Government is not forcing companies to keep copies of everything ever copied on every copier in the world. I think that would be a serious violation of several Constitutional rights. You can trust me on this one....I used to be a government employee and now I play one on TV. Besides if they were really forcing manufactures to retain a copy of everything then that would mean that tax payers would have to be paying someone to review all those documents. Which would mean someone is getting paid to look at a copy of my digitally stored, unencrypted, non-password protected, a$$ all day. Wait...maybe that's where all the stimulus money went. Either people must be lining up around the block to get a crack at me or you have to pay one person a helluva a lot of money to study my smile. Finally, I would say it is in the Manufactures best interest to fix the problem not to down play it. Configuring the MFP to save everything you copy or scan to an obscure place such as a copier hard drive by default without the knowledge of the user, shows total disregard for customer privacy, protection of intelectual propertery and overall data security. What is the purpose of doing something like that by default? As an option that is set by the Admin for specific purposes I can understand but by default? No way.

Michael Kassner
Michael Kassner

Folders or mailboxes can be created and copied documents can be stored. That is another possibility.

Craig_B
Craig_B

During the Cold War, the Russian embassy used Xerox copiers. The US had Xerox add a camera to the copier so every copy was also photographed. Then Xerox would swap out the camera when doing maintenance. Nowadays the data could easily be stored on a HD or even be sent over the internet.

kevaburg
kevaburg

And what is with credit agencies that photocopy bank statments for example as part of the credit agreement process? I have thought very little about digital copying but the points are very valid as far as the ability to read a previous print job is concerned. When you consider some types of personal data are not allowed to be kept past a certain time limit, certain types of copier "might" have the capability to exceed that. I'm curious about what the data protection act (or it's local equivalent) has to say about this.

david.hunt
david.hunt

At least in Australia, a new development in licenced gambling establishments is automated visitor sign-in. [Background for non-Oz readers. In Australia a licenced club may only admit members, however the law allows anyone to be accepted as a non-voting temporary member on a single visit basis. If you live within the local area, you are limited to about 6 such visits per annum before having to sign up as a full member. Needless to say, this process is used to allow any member of the public to enter the club] The old paper system in which you simply had to provide your name, address and signature has been replaced by a machine that scans a colur copy of your driver's licence. There's no information about how this is stored or retention / protection and the people administering the process are also "clueless". Fortunately there is still a little publiscised "manual" option where you use a stylus to write your name and address, and then sign rather than using your driver's licence.

Ron_007
Ron_007

It's those "casual" inappropriate requests that are hardest to deal with. The photocopy is an old response to corporate request for that information. With changing PII laws it is probably illegal, ie they can properly secure the info in their computer system, but not in paper form. Since you "joined FastBreak" it sounds like you'll be renting again, so invest a little time. Read your "Fastbreak" agreement/contract and your paper copy of the rental agreement. Find the place where driver license is mentioned. I bet there is no wording about photocopy, just something along the lines that you have to show your license. Email (or phone) the corporate help desk and ask about official corporate policy about photocopy of those IDs. When you get the typical ignorant "I dunno" response, ask to be passed to a supervisor. Continue until you get a good answer. Ask them to mail you a copy of the official policy. Next time you rent, stand up for your rights! When they go for the photocopy, insist they don't! Odds are you will have to talk to a manager, waving the corporate policy under their noses. They will resist, you will probably have to be loud and obnoxious, and waste a lot of time (losing the advantage of the membership), but things won't change until we take back our privacy. A related "privacy" issue that is a pet peeve of mine. I refuse to shop in stores that insist on taking my backpack without locked storage. Women may walk into any store carrying a suitcase sized "purse" with no problem. First, I ignore the sign and just walk in. Then when they "ask" to take my bag I complain about discrimination, make my point and tell them I'll be spending my money elsewhere. I object on 2 points: First, the assumption that I am a potential shoplifter because I have a backpack because some previous shoplifter used a backpack. They say "it's nothing personal, it's policy" but I disagree. Apply the policy equally to all potential shoplifting bags/purses, or not at all. Second, they insist on taking my property without securely storing it, yet claiming "absolution" if they lose my insecurely stored property. I often have expensive prior purchases in my bag. Funny thing, after a while I notice that they stop enforcing that policy. You want my bag, lock it up and give me the key and don't force me to pay for a locker to satisfy your discriminatory "policy".

Michael Kassner
Michael Kassner

That is one instance that I forgot about. I've had that happen as well. The paper copy is a worry.

ErnstStavroBlofeld
ErnstStavroBlofeld

the legal solution: spell it out in an addendum to the printed copy machine lease (it'll have to be an addendum, as i guarantee you that it ain't covered in the lease, other than the general "returned in working order" clause. but for specifics, either put in that they will encrypt, or clean, or whatever, or that you can do so, but it would be wise, as implied here, to only remove or overwrite the data, not the system. still, how much BS could it be for the maker to reinstall the OS onto the drives? not much. apparently the system just isn't set up for it. yet. here's another rub: the resale market for used copiers is amazingly low. i had a client who just decided to send back a brand new canon copier, big one, for the hell of it, after being in use about three weeks. the lease cost of the machine, without regard to present value, was about $30,000. the leasor retook it and resold it for about $2,000, and sought the difference from my client in a lawsuit. i thought this was a sweetheart deal, or in legal terms, the resale was not commercially reasonable (see the UCC (Uniform Commercial Code, as enacted in your state), and thus the difference was not owed. turns out, that IS the resale market for used machines, which means that the buyer of this particular machine got a great deal, brand new machine at used prices. so the point is, if the resale market is so low, no one wants to spend anything reinstalling OS into machine to render it operable. they just want to plug it in, see it works, and sell it for peanuts. there is a solution here, probably at the maker lever, either to require overwrite upon returning machine, ie build it into the system, so whether it goes back to a lessor or a bulk buyer from a lessor, it's clean when it leaves the original user, not later, but still operable. and then, to address these things openly in the manual and indeed make a sales point of them. or pass a federal law requiring such.

Ocie3
Ocie3

then how can it be called "firmware"?? The BIOS on my computer is stored on its own chip and not on the HDD. What you describe sounds more like an OS is stored on the HDD, even if it doesn't have a typical partition structure, Master Boot Record, and/or file system. But I would bet that the HDD does, and the equivalent of the MFP BIOS loads the OS into DRAM from the HDD.

tracy.walters
tracy.walters

PCI/DSS standards dictate that Credit Card data MUST be encrypted. It's safe to say every US financial institution uses terminals and software that encrypt the data during transmission. I've only run across one organization in the past two years of IT audits that was not encrypting the data on their servers, and they had gone completely outside the normal process. I dinged them on the audit and they modified their software. If an organization does not encrypt that data during transmission and storage, they risk losing the ability to process credit cards at all. I also frown on sending PCI/DSS information via wireless...the risk is high enough that the data could be captured and decrypted that it's not worth it. I realized after posting that not everyone would understand PCI/DSS..it's Payment Card Industy/Data Security Standard. Check here for more info: https://www.pcisecuritystandards.org/

Michael Kassner
Michael Kassner

I still don't quite see the point of writing to the hard drive unless it is to save the file for later. Wouldn't the latency of writing to a hard drive in every instance make it extremely slow?

Michael Kassner
Michael Kassner

Businesses and financial institutions are using encryption and disk wiping procedures.

AbsolutelyNot
AbsolutelyNot

I understand the PATRIOT act requires a hard copy of your information for some murky reasoning having to do with possible renting of vehicles to put no-nos in. At least that is what I was told last time I rented a car. Sucks, doesn't it?

jjuntunen
jjuntunen

Most leasing companies have now changed their contracts to address the copier hard drive(s). Many have multiple drives. The leasing company put this responsibility on the customer. The contract informs them the copier may have a hard drive and it is the sole responsibility of the leasee to clear the infomation at end of lease. Don't forget the operating system/firmware must re reinstalled on the drives after clearing, other wise the leasing company will send out a bill for the full buyout value of the machine(s), in many cases thousands of dollars. The leasing companies now also include a paragraph in their return instructions related to the hard drive, but most refer the customer to their dealer for more information. The dealers are still working on a full solution that includes documentation and not just handing the customer a drive. End users are not in the hard drive business and usually have no procedure on how to handle this drive. The copiers also story "IT" information that should also be cleared.

Glenn from Iowa
Glenn from Iowa

Except in the case of recurring print jobs or templates specifically saved on the copier, there is *no reason* why the data should be kept on the hard drives after a print job is finished. But it does cost manufacturers money to have someone program a wiping program to delete that data. I am not a big fan of government involvement in something that should be common sense to include. When you write your next contract for a copier/MFP lease, make sure you put a clause in there for wiping all the non-volatile storage before disposal. I would hope you could negotiate the cost of this to be minimal-to-nothing above the lease cost without the clause. But that may have to wait until enough people have put this clause in there and you can legitimately say, "Vendor X will include this in their lease cost" and vendor X is a viable competitor to your current vendor. But manufacturers probably won't do this unless there is a sustained uproar, and topics like this tend to die down fairly quickly. Regardless, I would think the smart manufacturers would just build wiping into the operating system that could just be spread across all products sold. Or perhaps write tools that could allow admins to see and wipe what data is on the hard drives, since most IT depts have people that would be more than willing to ensure the drive was wiped if given the tools to do it properly. I can see the vendors' increased costs in providing "wiping kits" as that also implies vendor liability if the data is improperly wiped. But either way, we as customers need to be demanding the built-in ability to wipe data as needed.

seanferd
seanferd

how hard could it be to re-load the OS? That bill is just a bit ridiculous.

tracy.walters
tracy.walters

You probably already know this, but sensitive data generally has three states ... In Transit (moving between physical devices or applications), At Rest (in storage, either hard drives or in a lot of POS devices, some solid state memory device), and In Use (whether the transaction is being authorized or data mining/analysis is being performed). Data encryption should be performed at the earliest possible point in the environment. Few magnetic stripe readers that are used to read the card have encryption built in unless they communicate directly with the financial institution. If you read the card into your POS application from the Magnetic Stripe Reader, the encryption should be performed by the POS app and forwarded to the clearinghouse. Here's a pretty good explanation (pages 8,9 & 10 are the most germane): http://www.firstdata.com/downloads/thought-leadership/fd_encrypt_token_pci_whitepaper.pdf

Michael Kassner
Michael Kassner

Just to make sure, does that mean from the reader to the in-store gateway device as well?

Glenn from Iowa
Glenn from Iowa

I'm not sure how to take the tone of your reply. If you had not started out with the subject line of "as a lawyer.....," I would have been sure you were using sarcasm. But surely you are not disparaging foresight! Some people dislike smiley's, but on a post like this, it helps clarify the tone. I believe TR at least converts colon+hyphen+rightparenthesis to :-) and semicolon+hyphen+rightparenthesis to ;-) .

ErnstStavroBlofeld
ErnstStavroBlofeld

which of course only illustrates the balloon theory, push it here, it pops out over there. that is, security in one area, ie physical security of a stack of copied papers which anyone could grab whilst you sit on your arse elsewhere, leads to insecurity in another area, namely, that to do this, it has to be held on the HDD.

ErnstStavroBlofeld
ErnstStavroBlofeld

not to mention civil litigation discovery, although no doubt various severe burdens would be asserted to the court, but ultimately, if the discovering party were to pay for it, ie hire a tech to invade the HDD and retrieve the info on site, with appropriate protections for the data (a concern in all discovery, not just this), it could and would be done. and then they would have squads of minions review it all, looking for whatever. this is great, i had no idea of the possibilities....

ErnstStavroBlofeld
ErnstStavroBlofeld

i must take severe umbrage at your unwarranted, indeed unpatriotic and irrational, desire to avoid modest lawsuit costs. what would happen if such foresight as you suggest were to take hold throughout our great land? massive mistakes avoided, e.g., tiger woods would not have, well, you know..., etc., etc. and fewer lawsuits. i'm appalled you would even imagine it, the thin end of the wedge, the end of civilization as we know it. shame! judas!

tracy.walters
tracy.walters

We generally only have available what the proprietary system has built in. It's probably not germane as most of the jobs can be printed by entering a four digit code anyway. My biggest worry is always the cleaning staff. If I wanted to do a penetration on a facility, I'd either get myself hired as part of a cleaning crew, pay one of the existing cleaning crew to let me in or teach one of them how to get the information I need.

Ocie3
Ocie3

Quote: [i]"Finally, at least in a large organization, assume that the internal auditors and/or information security folks can see all those MFP images should they so desire." (italicization added)[/i] And the HDD can be seized by law enforcement personnel who obtain a search warrant for the data which is stored on it.

Michael Kassner
Michael Kassner

I have clients who use secure printing. I did convince them to add encryption as well.

Michael Kassner
Michael Kassner

Do you use encryption? Sounds like you don't though. Is there a reason?

Michael Kassner
Michael Kassner

A few years ago, I had to work hard at a few clients, getting them to only send scans to internal mail boxes. Now it's a bunch easier.

tracy.walters
tracy.walters

One area of caution...many of the high end copier/printer/scanner devices have job queues, batching, and preprogrammed jobs. As an auditing firm, we do a lot of preparation of bound audit results for our clients. We have several different types of these devices throughout multiple offices from several vendors - Xerox, Ricoh & Canon, predominently. We use them for many tasks, including scanning, sending via email or storing on the file server receipts for our expense reports, faxes, client documents and these include sensitive documents. We have several preprogrammed jobs that include inserts, multiple paper types, and other features. Some of these jobs sit on the machines for two or three days while they are in progress, so much of the data remains there while that job is completed. I suspect it is never COMPLETELY deleted, and consequently any time one of these machines leaves our environment, we have the technician pull out the disk, which is sent to me for destruction. We replace 2 or 3 machines each year, and the few hundred dollars this costs us is way cheaper than hundreds of thousands in lawsuits.

Glenn from Iowa
Glenn from Iowa

Many offices today have shared print devices with "secure print" solutions. For those who aren't familiar with that term, it basically means the printer (which is usually in a common area shared with several users) will store confidential (or all) documents until the user physically approches the machine and enters a password to release the print jobs. Copier companies have sold this as a cost-saving and productivity feature, as you can generally have fewer, more easily-managed, and faster print devices to serve the same number of people. They use the "secure print" feature to counter the objection that "someone could pick up my confidential document before I can get out of my office to the printer."

50-50
50-50

No, it doesn't slow it down because hard drive I/O is so much faster than the printing and paper-handling operations. Assume that ALL images are written to the hard drive, at least temporarily, whether or not the vendor says they are saved. Be sure to control the end-of-life destiny of the hard drive, whether or not the vendor says it contains saved information. Also be sure your network allows your MFP devices to send emails only to local addresses. Otherwise, the spies might get an emailed copy of everything you print, scan, fax, or photocopy. It is somewhat reassuring to find that NIST lists no known exploits for this or that enterprise-class MFP. However that is no excuse for not controlling the traffic to and from your device(s). Finally, at least in a large organization, assume that the internal auditors and/or information security folks can see all those MFP images should they so desire.

Ocie3
Ocie3

IIRC, which requires a copier manufacturer to "watermark" every page when their machine is able to produce copies that meet a set of criteria, and/or a copier is evaluated by the US Secret Service as capable of producing "convincing" counterfeit copies of US currency, and/or of corporate or government bonds and other securities. As far as I know, there is no federal law which requires copier manufacturers to install HDDs into their machines, and use them to retain copies of anything for the benefit of the government. Copiers with "high end" features have been equipped with HDDs for a long time. You may be familiar with what are known as "readers", which are usually collections of copies of professional or scientific "journal" articles. "Readers" are ordinarily compiled by instructors and professors at colleges and universities, and their content is required reading in addition to the textbook(s) that are typically required for each course. The students who enroll in a course are told which copy service shop has the "reader" for that course, so they can buy it there. One day in August 1990 (plus or minus a year or two), I had to visit the University of California campus in Berkeley, on business. Afterward, I stopped at a local copy-shop to copy some documents that I had with me. There was a very large, prominently-displayed poster on which was the announcement: "Readers for the following courses will not be available until next Friday:" followed by a list of the courses, the title of the "reader" for each one, and a brief apology at the end of the list. So, I asked one of the technicians on duty what had happened. He said that "the hard disk drive failed". I was a bit surprised that a copier would have one, and I asked how big it was. He turned and called to another fellow, who emerged from a backroom office, and repeated my question. His co-worker said, "Oh, it's a monster, 500 megabytes!" .... So now you know.

delphi9_1971
delphi9_1971

I'm not suggesting that the Government is reviewing every document, but rather requesting that every document is stored for the very same reason that they are watermarking.

seanferd
seanferd

If the government were getting a copy of every copied document, we'd know about it. That is way too huge to keep a secret, as way too many people would have to know for it to happen. Yeah, the watermarking is annoying but that isn't what SgtPappy was talking about.

Editor's Picks