-Caveat Lector- <http://www.vortex.com/privacy/priv.08.18> Date: Mon, 6 Dec 99 13:31 PST From: [EMAIL PROTECTED] (Lauren Weinstein; PRIVACY Forum Moderator) Subject: IDs in Color Copies--A PRIVACY Forum Special Report Greetings. We've recently seen a tirade of stories about "hidden" identification codes and what many would consider to be surreptitious centralized information flowing from various popular Internet products and packages. These have tended to highlight an important truth--whether or not users really would be concerned about the particular identifiers or data involved, they tend to get the most upset when they feel that an effort was made to perform such functions "behind their backs." While it can be argued how routine, intrusive, or even mundane and innocent a particular case may be, it's certainly true that people feel a lot better when they know what's going on. This issue isn't restricted only to the Internet world. A case in point-- the recurring rumors floating around regarding the presence or absence of identification codes in color copies (or color prints xerographically generated from computer output systems). A recent story involved a customer who was refused permission to make a color copy of his driver's license (to deal with an identification problem with his local telephone company). A Kinko's (copying center) worker reportedly told him that such a copy was "illegal," and could be traced back to the store through a "hidden ID." Regardless of whether or not the Kinko's employee was being overzealous in his interpretation of the rules, what's really going on here regarding a so-called hidden ID code? In fact, rumors about this, often chalked up as an "urban legend," have been circulating for a long time. This is a bit ironic, given that in the copier/printer industry it's been well known for years--no secret--that "invisible" IDs *are* imprinted on virtually all color xerographic output, from (apparently) all of the manufacturers. But for persons outside of "the trade," this hasn't been as widely known (even though the issue goes back to the early 90's, and the topic has appeared in publications such as the Wall Street Journal). However, it does not appear that the privacy-related aspects of this technology have ever been subject to significant public discussion. In an effort to pin down the current state of the art in this area, I had a long and pleasant chat with one of Xerox's anti-counterfeiting experts, who is the technical product manager for several of their color-copying products. The conversation was quite illuminating. Please note that the details apply only to Xerox products, though we can safely assume similar systems from competing manufacturers, although their specific policies may differ. Years ago, when the potential for counterfeiting of valuable documents on color copiers/xerographic printers became apparent in Japan (where such machines first appeared) manufacturers were concerned about negative governmental reaction to such technology. In an effort to stave off legislative efforts to restrict such devices, various ID systems began being implemented at that point. At one stage for at least one U.S. manufacturer, this was as crude as a serial number etched on the underside of the imaging area glass! Modern systems, which are now reportedly implemented universally, use much more sophisticated methods, encoding the ID effectively as "noise" repeatedly throughout the image, making it impossible to circumvent the system through copying or printing over a small portion of the image area, or by cutting off portions of printed documents. Effectively, I'd term this as sort of the printing equivalent of "spread spectrum" in radio technology. To read these IDs, the document in question is scanned and the "noise" decoded via a secret and proprietary algorithm. In the case of Xerox-manufactured equipment, only Xerox has the means to do this, and they require a court order to do so (except for some specific government agencies, for whom they no longer require court authorizations). I'm told that the number of requests Xerox receives for this service is on the order of a couple a week from within the U.S. The ID is encoded in all color copies/prints from the Xerox color copier/printer line. It does not appear in black and white copies. The technology has continued to evolve, and it is possible that it might be implemented within other printing technologies as well (e.g. inkjet). At one time there were efforts made to also include date/time stamps within the encoded data, but these were dropped by Xerox (at least for now) due to inconsistencies such as the printer clocks not being set properly by their operators, rendering their value questionable. It's interesting to note that these machines also include other anti-counterfeiting measures, such as dumping extra cyan toner onto images when the unit believes it has detected an attempt to specifically copy currency. These techniques have all apparently been fairly successful--the Secret Service has reported something on the order of a 30% drop in color copying counterfeiting attempts since word of such measures has been circulating in the industry. The average person might wonder who the blazes would ever accept a xerographic copy of money in any case... but apparently many persons are not very discerning. I'm told that the Secret Service has examples in their files of counterfeit currency successfully passed that was printed on *dot matrix* printers. So counterfeiting is certainly a genuine problem. OK, so now you know--the IDs are there. The next question is, what does this really mean? Obviously the vast majority of uses for color copies are completely innocuous or even directly beneficial to the public good (e.g. whistleblowers attempting to expose a fraud against the public). Is it acceptable for an ID to be embedded in all color copies just to catch those cases? The answer seems to be, it depends. In some cases, even having an ID number doesn't necessarily tell you who currently owns the machine. While some countries (e.g. China) do keep tight reign on the ownership and transfer of such equipment, there is no "registration" requirement for such devices in the U.S. (though the routine servicing realities of large units might well create something of a de-facto registration in many situations). Xerox points out that non-color copies (at least on their machines) have no IDs, and that most copying applications don't need color. It is however also true that as the prices of color copiers and printers continue to fall, it seems only a matter of time before they become the "standard" even for home copying, at which time the presence of IDs could cover a much vaster range of documents and become increasingly significant from a routine privacy standpoint. It's also the case that we need to be watchful for the "spread" of this technology, intended for one purpose, into other areas or broader applications (what I call "technology creep"). We've seen this effect repeatedly with other technologies over the years, from automated toll collection to cell phone location tracking. While there is currently no U.S. legislative requirement that manufacturers of copier technology include IDs on color copies, it is also the case that these manufacturers have the clear impression that if they do not include such IDs, legislation to require them would be immediately forthcoming. It is important to be vigilant to avoid such perceived or real pressures from causing possibly intrusive technology creep in this area. In the copier case, that ID technology being used for color copies *could* be adapted to black and white copies and prints as well. The addition of cheap GPS units to copiers could provide not only valid date/time stamps, but also the physical *locations* of the units, all of which could be invisibly encoded within the printed images. Pressures to extend the surveillance of commercial copyright enforcement take such concepts out of the realm of science-fiction, and into the range of actual future possibilities. What many would consider to be currently acceptable anti-counterfeiting technology could be easily extended into the realm of serious privacy invasions. It would only require, as Dr. Strangelove once said, "The will to do so." Perhaps the most important point is that unless we as a society actively stay aware of these technologies, however laudable their initial applications may often be, we will be unable to participate in the debate that is crucial to determining their future evolution. And it's in the vacuum of technology evolving without meaningful input from society that the most serious abuses, be they related to the Internet or that copy machine over on your desk, are the most likely to occur. --Lauren-- [EMAIL PROTECTED] Lauren Weinstein Moderator, PRIVACY Forum - http://www.vortex.com Co-Founder, PFIR: People for Internet Responsibility - http://www.pfir.org Member, ACM Committee on Computers and Public Policy DECLARATION & DISCLAIMER ========== CTRL is a discussion and informational exchange list. Proselyzting propagandic screeds are not allowed. Substance�not soapboxing! These are sordid matters and 'conspiracy theory', with its many half-truths, misdirections and outright frauds is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRL gives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credeence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. ======================================================================== Archives Available at: http://home.ease.lsoft.com/archives/CTRL.html http:[EMAIL PROTECTED]/ ======================================================================== To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om
