Photocopiers, Printers and Paper

Photocopiers and Printers

The media and even bloggers need some of of credible proof about that a whistleblower has some evidence to back up their claims. This usually involves copies of internal documents.

Think very carefully before sending original paper documents to a journalist or politician etc. In some cases, even copies of documents which have been produced within a secretive organisation may be identifiable, and could betray the identity of the whistleblower source to leak investigators.

1. Choose your Photocopier carefully. Some of the newer, high end photocopiers, especially colour ones, have built in anti-counterfeit US currency routines in the software.

   Some combined photocopiers and printers are capable of printing tiny yellow serial numbers (e.g. Canon) on each sheet or a special series of dots (e.g. Xerox DocuColor, which makes tracing which machine was used to help to "leak" a document, if the original printout or photocopy is seized, quite a bit easier.

   See the Electronic Frontier Foundation's List of Printers Which Do or Do Not Display Tracking Dots

2. Many typewriters, computer printers and photocopiers do leave characteristic wear and tear imperfections on the documents they produce, which a forensics laboratory may be able to match to a machine a work or your personal machine at home, if it is ever seized as evidence in a "leak inquiry".

3. It may even be possible to "fingerprint" blank sheets of paper, by means of their unique surface texture properties.

   See the academic paper Fingerprinting Blank Paper Using Commodity Scanners(.pdf) by William Clarkson, Tim Weyrich, Adam Finkelstein, Nadia Heninger, J. Alex Halderman and Edward W. Felten.

   Abstract

   This paper presents a novel technique for authenticating physical documents based on random, naturally occurring imperfections in paper texture. We introduce a new method
   for measuring the three-dimensional surface of a page using only a commodity scanner and without modifying the document in any way. From this physical feature, we generate a concise fingerprint that uniquely identifies the document. Our technique is secure against counterfeiting and robust to harsh handling; it can be used even before any content is printed on a page. It has a wide range of applications, including detecting forged currency and tickets authenticating passports, and halting counterfeit goods Document identification could also be applied maliciously to de-anonymize printed surveys and to compromise the secrecy of paper ballots.
   

   "Even unopened sheaves of blank printer paper might in principle have been fingerprinted at the factory."

   The is sort of technique might well be used on limited distribution copies of secret documents, which might betray the source of a whistleblower leak to investigators.

4. As noted in the comments below, many heavy duty shared network Printers and Photocopiers also have internal hard disks, especially if they are used in conjunction with Print Server devices (or effectively have these built in). These could store entire copies of documents, or logfiles of time, date and also, perhaps, the Personal Computer's IP address and/or its NetBIOS name (common in Microsoft Windows File and Printer sharing) could be logged, which might betray a whistleblower.

5. Even when these temporary buffer storage file copies of printed or scanned or faxed documents are apparently deleted or overwritten, they may not have entirely disappeared, and might well be recoverable through standard computer forensic techniques. Yet another reason for whistleblowers to be extremely careful when using shared network printers, scanners, photocopiers, fax machines, fax gateways etc.

6. Sometimes, the ability to print copies of documents to network printers or print server devices can work in favour of a whistleblower:
   • The fact that an important whistleblower leak document is being printed or copied or sent to a networked printer/scanner/copier/fax device, might mean that they can grab an electronic copy for themselves, or print out another physical copy when the coast is clear, without having to sneak into a colleague's or superior's office. Many of these devices have a simple worldwide web remote management interface and often still have default usernames passwords set e.g. "xerox".

   • It may be possible (depending on the IT security policy, and the number of available IT support staff) to "accidentally" print or fax a copy of the whistleblower leak document to another shared printer or device on the corporate network, very often in other office or building, perhaps even internationally in foreign countries. Try the "Add a new Network printer" wizard on your Microsoft Windows PC, the print queue names very often give physical location details of exactly where the printer is located, and which may be somewhere more easily or more securely accessible by the whistleblower(s) or their friend(s).

   • If you do temporarily attach to a non-default networked printer or fax etc., then remember not to leave this visible in the list of printers or faxes which are available on your PC i.e. delete this printer or fax connection icon in the Printer Control Panel settings, after you have finished with it.

   • Modern photocopier / scanner units can have quite sophisticated "security" and networking features, but unless these have been properly configured, integrated and tested by an organisation's IT security team, then these extra features may actually be a source of "whistleblower leaks" or espionage targets. e.g. the "security" features like digital watermarking, encryption, Single Sign On (almost certainly with an audit trail log file) etc. offered by, for example, Canon's mid range Office products, hint at what an unsecured photocopier / scanner / printer connected to a network is capable of:

     Canon iR6880Ci photocopier brochure

     [...]

     Prioritise your work

     You can easily prioritise your workload with the new Print Job feature. Jobs can be viewed and repositioned within the print queue whenever your needs are pressing. Secure and encrypted jobs are hidden by an asterix and, by using Single Sign On (SSO), only your jobs are viewable when you access the device.

     Guarantee secure communication with the iR5880/6880C/Ci:

     Document security - hold confidential documents in password protected secure mailboxes, encrypt scanned documents before sending, or embed a secure watermark to prevent unrestricted copying of confidential documents

     Device security - Ensure only those authorised to use the iR5880/6880C/Ci can access using passwords, your company's network log-in, or even fingerprint authentication. For further peace of mind, hard disks can be erased or encrypted and job logs can be concealed.