Printers

68 percent don't wipe data from copy machines

The internal hard drive on most modern copy machines can be a serious security and privacy risk, but few actually wipe data from these drives.

Most modern multifunction copiers have a hard drive, which often stores a copy of every document the machine scans, prints, copies, or faxes. If not properly wiped, the data on these drives can pose a significant security and privacy risk.

I wrote about the risk in 2007, and CBS News did a great investigative report in April. In my article about the CBS News investigation, I asked TechRepublic members the following questions:

  1. Does your organization have a policy that requires copier hard drives to be wiped before the machine is decommissioned?
  2. How does your organization wipe data from copier hard drives?

Before posting these polls, I assumed that the majority of respondents wouldn't be wiping data from their organization's copy machines. Still, the number of respondents who reported that their organization didn't have a policy on wiping data, or didn't know if such a policy existed surprised me.

About

Bill Detwiler is Managing Editor of TechRepublic and Tech Pro Research and the host of Cracking Open, CNET and TechRepublic's popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop supp...

29 comments
ElijahKam
ElijahKam

Why must copy machines have hard drives? Instead give them enough memory so that they print from memory from which the data disappears automatically. Memory is even faster than a hard drive, so speed should be no problem. Obviously you would need a hard drive to print a book, but then you would want a permanent electronic copy anyway. But if it is just information that is supposed to be restricted, why put it on a drive?

BruceWheyn
BruceWheyn

only when its only Jesus can save a hard drive do i ever get rid of a pc

BruceWheyn
BruceWheyn

well ususally dont get rid of a pc with a hard drive unless the hard drive beyond bring back to life, only Jesus could save it...then i throw it away

LxV
LxV

You should when you own a printing device --- get to know it's specifications. Most likely if the printer has a hard drive, you can schedule a complete wipe of the data at say 24 hour intervals or less, even tel it to delete the file after it was printed

john barker
john barker

they should but people are lazy and dont care any more that like all paperwork should be shearded and not put in the trash john barker

sfeatherston
sfeatherston

Thanks to articles like this I have had an influx of customers calling about wiping their memory and hard drives even though they are not getting rid of them. They want the info gone after every use. lol Some of this stuff is over stated as a crises.

GSG
GSG

We have to adhere to HIPAA standards, so we have a contract that states our copiers will not have hard drives, and that no data will be stored on them.

mousejn
mousejn

Most of these devices are hooked to the network and leave SNMP wide open. A Black Hat's easy access point.

lawspark
lawspark

In addition to knowing they SHOULD do this, they need to be shown HOW to do this.

Dave Pusey
Dave Pusey

Our copiers don't have hard drives. Simple!

stark realist
stark realist

Since anyone with physical access to the device could potentially steal data off of the hard drive of the copier, simply erasing the data before sending it back to the leasing company does not solve the problem. Copiers are usually owned for 36-60 months. How many opportunities exist for unauthorized personnel to access the data? The answer has been available from most of the major manufacturers since the first hard drives were installed in copiers. A data security kit is an option that overwrites the data many times upon power up. Install a DSK and shut the copier off at night and the chance of someone walking out with your data is greatly reduced. Having presented this option to literally hundreds of clients, outside of government and Fortune 500 businesses, the risk of losing data via copier is perceived to be pretty low. That perception only seems to change when it is your company being profiled on 60 Minutes.

steveschiffer
steveschiffer

I used to work for a major printer manufacturer and I remember while running some tests on a "captured" all in one that this medical clinic didn't wipe the fax logs. This fax machine had the ability to reprint something like the last 20 inbound faxes. People don't think of reseting faxes or copiers when they donate, sell at garage sales, or even send to repair.

sschiffgens
sschiffgens

Within 24 hours of this CBS report, I and others involved with our copiers got blasted with well intentioned users wanting to make sure we were aware of this and that we're doing something about it. While not to write off the issue, it's humorous how anytime something like this on the IT front bubbles up to the surface, the sky starts falling. But, if it's good old fashioned paper, no one could care less. Everyone overlooked the part of the CBS report where some of the data was actually in hard copy form, left on the glass in the copiers before they were sent to the copier graveyard. Everyone's interested in pen tests and vulnerability assessments, but have you ever heard of anyone (aside from maybe those subject to PCI or HIPAA) having their hard copy records security audited? How often are Information Security shops contracted to dumpster dive or use social engineering techniques, as opposed to normal technological methods? Information security is an organizational responsibility, not just IT, but everyone likes to throw it over the fence and turn a blind eye to the aspects of it that can't be handled by firewalls, IDS's and other technological solutions.

NexS
NexS

This is an interesting thought attractor. I haven't in the past, and it makes me wonder if I should. It would, however, involve some investigation.

jhall4363
jhall4363

I work for a copier company as a tech. Be aware that if you want this done, plan ahead for charges. We had a customer ask for this at the last minute when switching out machines from an old vendor to our company. We offered this at a rate of $500 per machine. If you are switching vendors, the new company will probably charge for this. If it's the same company, probably not a charge or a reduced one. Just be prepared and don't ask for this at the last minute like I am starting to see. Makes it more difficult for you. One last thing, if they are your machines and you are mechanically inclined to do so, you should be able to get to these hard drives easy enough to remove and destroy, before you send these machines off to be disposed of.

Smullster
Smullster

So, how does your office function? Don't you see a slow down in productivity without having a copier with a hard drive? My office makes over 15,000 copies a month (I know... we should go paperless.) If we opted for something without a hard drive, we'd be dead in the water. What's your secret?

Smullster
Smullster

I've sat through close to a half-dozen presentations from office supply companies who were pushing copiers from Savin and Kyocera. Not once was there mention of a data shredding option or encryption. Unfortunately I was too ignorant to ask being under the mistaken impression that photocopiers erase the images from their hard drives after the copy job is completed. Now to find out that those options are available (and expensive to boot) leads me to wonder what these sales reps were thinking (or not thinking). There're two things wrong with this situation. 1) It seems negligent of the copier manufacturer to leave this defect in their products and; 2) To expect the customer to pay additional funds to fix this mistake. Let's face it... this isn't a feature. A user can't walk up to the machine and decide that they want to re-print an image that they copied a week ago. Congrats to Sharpe for being one of the first companies to make a data shredding option. But they're not heroes - just a company that realized they had a defect and decided to capitalize off of it instead of fix it for good.

brian
brian

but I think it should be standard. Considering the likely cost of implementation, I can't help but see its omission in the sale of any such device as deliberately causing a problem in an attempt to make profit off its solution. I mean really, after a job completes, "for i in size(file): write(random())" (as translated into whatever machine language.) "Yeah you need that feature but it'll cost you."

brian
brian

is a good place to enforce wiping? It would at least be a good second line of defense.

santeewelding
santeewelding

This is a huge, enterprise-wide, inconceivably vast, leadership-driven and all that shilt stuff -- ain't got nothing to do with my little business. Sure glad, though, to be apprised of it. Sure glad, too, it ain't my immediate problem.

dduffy
dduffy

If I was a snoop and wanted the data on the HDD, what do I use? I have been looking for a few weeks so I can validate the HDD was wiped by the copy company, but I cannot find what to use to extract the data.

Greybeard770
Greybeard770

Images are stored to provide a performance increase when making multiple copies of the same job. Once the job is complete, the machine should delete the cached file, maybe even writing binary 0s over it. Problem solved. No need to extort $500 from customers. Somebody needs to write responsible programs for these things.

GSG
GSG

We don't do a lot of production copying. We don't have a real need to. Plus, most of the areas have their own copiers, which are small, desktop ones for the occasional page here or there. I'm sure administration and the business office do quite a bit, but even there, not so much. Think about it. Most documents are created electronically, so why not store and distribute them that way? Oh, and there's no such thing as the paperless office. The goal should be less paper, not paperless.

JuliaX111
JuliaX111

40 computers contract removal and disposal from a local hospital, every one stuffed to the brim with patient information. Interesting reading. I was just going to dump the small drives but decided to use a couple on a server as boot drives. It seems nobody takes any responsibility for information security. While I don't think a lot of people would even guess a copier of fax contains data retention hardware you would assume they would know that a department computer will have all kinds of records in it.. A nice quiet call to the hospital data management department was met with "oh.. just wipe them in that case" No concern that I, just some shmoo who has a mate with a van had access to 40 drives full of confidential patient medical records. I am not in the data and hardware disposal business, we took them for free to save the hospital having to pay to recycle.. just like any other scrap collectors. The life insurance companies would give their back teeth for that kind of information. Just having a "policy" doesn't mean it gets done. Somebody has to check that the person entrusted to hit the "wipe" button has done so. That costs money and somebody else "wasting" time checking.. oops.. probably won't happen then.

brian
brian

I'm waiting for the other foot to drop on this one. Step 1, an office makes copies of employees' personal information for internal reasons, without their direct knowledge. Step 2, company fails to shred the drive when the copier leaves the building. Step 3, retained documents used for identity theft. Step 4, big ol' lawsuit that easily shows gross negligence. Anyone who runs a business is at risk of this. Maybe more likely in the U.S. but not unlikely elsewhere. It's only a matter of time.

NexS
NexS

It's the aliens that Tom Cruise is bargaining with that I'm worrying about!

rondadams
rondadams

I understand the need and use of a hard drive for performance reasons, but how difficult really would it have been to have a function that would automatically purge documents older than so many days like 7,10,14,30, etc. user specified, but default at 14? If I had to guess I would say most probably only start purging/cleaning the oldest documents when space gets low. I would be curious to know from some insiders what they do. Another idea would be an admin function to "Purge all stored documents", seems like a simple one to me.

brian
brian

but not to someone who really wants the data. Would definitely help, but could also be perceived as a "false sense of security" feature. IMO a copier should use RAM instead of permanent storage. I think they could easily get enough in there for the copier to be fully functional. If the jobs are just too big even for the 24 to 48 gigs of RAM that could be inserted cheaply, then at least new jobs should overwrite previous jobs so an attacker only gets the last few documents copied. Really, the fault lies with the marketing departments where these devices are conceived. According to a TV program on the issue, the companies made an executive decision to charge $500 extra to add a deletion / shredding feature to the copier. Ethically that rather simple software feature should be standard in all copiers. IMO it shows some degree of willful negligence that a company would sell devices with infinite, unchecked, hidden and undisclosed document memory to places like hospitals, police stations and government offices. (Or any office, or place of business, or really I can't think of any situation it would be appropriate or acceptable for that retention to exist.)

Editor's Picks